[Snyk] Fix for 2 vulnerabilities

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 16 commits.

• 52ab250 v2.28.0
• 019f8ea fix: remove document.write (Release 21.40.2 segmentio/segment-docs#2019)
• 3b0581e browser-sync-2017 use chalk everywhere (repo sync segmentio/segment-docs#2018)
• c1db647 v2.27.12
• 6a8133d build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (Inmoment Destination updates segmentio/segment-docs#2011)
• 61bfdd9 build(deps): bump cookiejar in /packages/browser-sync (Fix GA (Classic) connection modes segmentio/segment-docs#2006)
• 9d71626 build(deps): bump cookiejar in /packages/browser-sync-ui (Add detail that Destination Functions can be added to the Integrations object [DOC-337] segmentio/segment-docs#2005)
• f5fd00f build(deps): bump parse-url and lerna (repo sync segmentio/segment-docs#2000)
• 54d16e4 build(deps): bump minimist in /packages/browser-sync-ui (repo sync segmentio/segment-docs#1998)
• 98ae491 build(deps): bump minimist from 1.2.5 to 1.2.7 (FB conversions API docs updates segmentio/segment-docs#1997)
• 423d137 build(deps): bump socket.io-parser in /packages/browser-sync-ui (Update FB Pixel and Conversions API docs segmentio/segment-docs#1996)
• 9b46af3 build(deps): bump moment in /packages/browser-sync-ui (repo sync segmentio/segment-docs#1973)
• 769c4df build(deps): bump ua-parser-js in /packages/browser-sync ([Bug]: Clicking search results sometimes does not open the page segmentio/segment-docs#2007)
• 01caeb3 v2.27.11
• 74873cc updated deps (repo sync segmentio/segment-docs#1995)
• 88527a8 Add CodeSee architecture diagram workflow to repository (Update fix-display.yml segmentio/segment-docs#1972)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Request Forgery (CSRF)

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Vulnerable Libraries (2)

Severity	Details
High	pkg:npm/[email protected] upgrade to: > 9.0.0
High	pkg:npm/[email protected] upgrade to: > 2.28.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
semver	7.3.5...7.5.4	None	+0/-0	93.4 kB	npm-cli-ops
typewriter	7.4.1...9.0.0	None	+127/-65	16.2 MB	sethsegment
browser-sync	2.27.10...2.28.0	None	+12/-20	6.01 MB	shakyshane

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Chronological version anomaly	socket.io-parser	4.2.4	Previous Chronological: [email protected] (5/22/2023, 8:01:18 AM) Previous Semver: [email protected] (5/22/2023, 6:24:48 AM)	[email protected] via package.json
Chronological version anomaly	minimatch	5.1.6	Previous Chronological: [email protected] (1/17/2023, 5:46:31 PM) Previous Semver: [email protected] (1/17/2023, 3:04:11 PM)	[email protected] via package.json
Chronological version anomaly	normalize-url	6.1.0	Previous Chronological: [email protected] (5/24/2021, 1:13:42 PM) Previous Semver: [email protected] (5/24/2021, 1:06:44 PM)	[email protected] via package.json
Chronological version anomaly	readable-stream	2.3.8	Previous Chronological: [email protected] (1/1/2023, 10:50:08 PM) Previous Semver: [email protected] (1/5/2020, 5:13:39 PM)	[email protected] via package.json
Environment variable access	readable-stream	2.3.8	Env Vars: READABLE_STREAM Location: readable.js +1 more instances...	[email protected] via package.json
Chronological version anomaly	rxjs	7.8.1	Previous Chronological: [email protected] (4/4/2023, 11:53:24 PM) Previous Semver: [email protected] (12/15/2022, 11:25:47 PM)	[email protected] via package.json
Chronological version anomaly	pako	0.2.9	Previous Chronological: [email protected] (7/21/2016, 8:31:28 PM) Previous Semver: [email protected] (9/14/2015, 12:21:28 PM)	[email protected] via package.json
Dynamic require	pako	0.2.9	Location: dist/pako_deflate.js +11 more instances...	[email protected] via package.json
Minified code	pako	0.2.9	Confidence: 1.00 Location: dist/pako_deflate.min.js +2 more instances...	[email protected] via package.json
No v1	pako	0.2.9	Location: Package overview	[email protected] via package.json
Unmaintained	pako	0.2.9	Last Publish: 11/7/2022, 1:02:09 AM	[email protected] via package.json
Chronological version anomaly	inquirer	8.2.6	Previous Chronological: [email protected] (7/28/2023, 10:08:06 PM) Previous Semver: [email protected] (10/24/2022, 1:16:40 AM)	[email protected] via package.json
Chronological version anomaly	js-base64	2.6.4	Previous Chronological: [email protected] (8/2/2020, 8:14:36 PM) Previous Semver: [email protected] (7/8/2020, 6:20:53 PM)	[email protected] via package.json
Major refactor	js-base64	2.6.4	Change Percentage: 90.46 Current Line Count: 249 Previous Line Count: 4374 Lines Changed: 4182	[email protected] via package.json
Chronological version anomaly	acorn	7.4.1	Previous Chronological: [email protected] (10/5/2020, 6:18:32 AM) Previous Semver: [email protected] (8/3/2020, 10:01:23 AM)	[email protected] via package.json
Chronological version anomaly	got	11.8.6	Previous Chronological: [email protected] (11/16/2022, 9:21:18 AM) Previous Semver: [email protected] (5/25/2022, 6:37:52 PM)	[email protected] via package.json
Filesystem access	got	11.8.6	Module: fs Location: dist/source/core/index.js +1 more instances...	[email protected] via package.json
Network access	got	11.8.6	Module: http Location: dist/source/core/index.js +1 more instances...	[email protected] via package.json
Chronological version anomaly	@types/cacheable-request	6.0.3	Previous Chronological: @types/[email protected] (9/4/2022, 11:02:39 AM) Previous Semver: @types/[email protected] (7/6/2021, 6:23:09 PM)	[email protected] via package.json
Unmaintained	@types/cacheable-request	6.0.3	Last Publish: 11/23/2022, 6:19:37 PM	[email protected] via package.json
Chronological version anomaly	@oclif/core	1.26.2	Previous Chronological: @oclif/[email protected] (2/13/2023, 5:04:53 PM) Previous Semver: @oclif/[email protected] (1/23/2023, 6:46:20 PM)	[email protected] via package.json
Dynamic require	@oclif/core	1.26.2	Location: lib/config/plugin.js +6 more instances...	[email protected] via package.json
Environment variable access	@oclif/core	1.26.2	Env Vars: Location: lib/cli-ux/action/pride-spinner.js +49 more instances...	[email protected] via package.json
Filesystem access	@oclif/core	1.26.2	Module: fs Location: lib/config/ts-node.js +4 more instances...	[email protected] via package.json
Network access	@oclif/core	1.26.2	Module: globalThis["fetch"] Location: lib/cli-ux/config.js +1 more instances...	[email protected] via package.json
CVE	node-fetch	1.7.3	CVE: GHSA-r683-j2x4-v87g node-fetch forwards secure headers to untrusted sites (HIGH) Affected versions: < 2.6.7 Patched version: 2.6.7	[email protected] via package.json
Mild CVE	node-fetch	1.7.3	CVE: GHSA-w7rc-rwvf-8q5r The size option isn't honored after following a redirect in node-fetch (LOW) Affected versions: < 2.6.1 Patched version: 2.6.1	[email protected] via package.json
Network access	node-fetch	1.7.3	Module: globalThis["fetch"] Location: lib/index.js +120 more instances...	[email protected] via package.json
Network access	node-fetch	2.7.0	Module: globalThis["fetch"] Location: lib/index.es.js +29 more instances...	[email protected] via package.json
Debug access	brfs	1.6.1	Module: vm Location: test/ag.js +17 more instances...	[email protected] via package.json
Filesystem access	brfs	1.6.1	Module: fs Location: bin/cmd.js +40 more instances...	[email protected] via package.json
Shell access	brfs	1.6.1	Module: child_process Location: test/cmd.js +1 more instances...	[email protected] via package.json
Unmaintained	brfs	1.6.1	Last Publish: 2/19/2019, 3:57:43 PM	[email protected] via package.json
Dynamic require	cardinal	2.1.1	Location: settings.js +2 more instances...	[email protected] via package.json
Filesystem access	cardinal	2.1.1	Module: fs Location: examples/highlight-diff.js +7 more instances...	[email protected] via package.json
Unmaintained	cardinal	2.1.1	Last Publish: 5/22/2018, 5:44:37 PM	[email protected] via package.json
Dynamic require	ejs	3.1.9	Location: ejs-v3.1.9/ejs.js +3 more instances...	[email protected] via package.json
Environment variable access	ejs	3.1.9	Env Vars: Location: ejs-v3.1.9/ejs.js +1 more instances...	[email protected] via package.json
Filesystem access	ejs	3.1.9	Module: fs Location: ejs-v3.1.9/bin/cli.js +4 more instances...	[email protected] via package.json
Major refactor	ejs	3.1.9	Change Percentage: 101.40 Current Line Count: 3009 Previous Line Count: 2980 Lines Changed: 6073	[email protected] via package.json
Uses eval	ejs	3.1.9	Eval Type: Function Location: ejs-v3.1.9/ejs.js +5 more instances...	[email protected] via package.json
Dynamic require	escodegen	1.14.3	Location: bin/escodegen.js +1 more instances...	[email protected] via package.json
Filesystem access	escodegen	1.14.3	Module: fs Location: bin/escodegen.js +1 more instances...	[email protected] via package.json
Dynamic require	escodegen	1.9.1	Location: bin/escodegen.js +1 more instances...	[email protected] via package.json
Filesystem access	escodegen	1.9.1	Module: fs Location: bin/escodegen.js +1 more instances...	[email protected] via package.json
Dynamic require	jake	10.8.7	Location: jake-v10.8.7/bin/cli.js +12 more instances...	[email protected] via package.json
Environment variable access	jake	10.8.7	Env Vars: filter Location: jake-v10.8.7/jakefile.js +17 more instances...	[email protected] via package.json
Filesystem access	jake	10.8.7	Module: fs Location: jake-v10.8.7/lib/jake.js +15 more instances...	[email protected] via package.json
Major refactor	jake	10.8.7	Change Percentage: 100.79 Current Line Count: 5291 Previous Line Count: 5293 Lines Changed: 10668	[email protected] via package.json
Shell access	jake	10.8.7	Module: child_process Location: jake-v10.8.7/jakefile.js +14 more instances...	[email protected] via package.json
Environment variable access	external-editor	3.1.0	Env Vars: VISUAL Location: main/index.js +3 more instances...	[email protected] via package.json
Unmaintained	external-editor	3.1.0	Last Publish: 7/8/2019, 4:07:13 PM	[email protected] via package.json
Environment variable access	cli-width	3.0.0	Env Vars: CLI_WIDTH Location: index.js +1 more instances...	[email protected] via package.json
Environment variable access	password-prompt	1.1.3	Env Vars: Location: index.js +1 more instances...	[email protected] via package.json
Environment variable access	ws	8.11.0	Env Vars: Location: lib/buffer-util.js +3 more instances...	[email protected] via package.json
Environment variable access	yaml	1.10.2	Env Vars: Location: browser/dist/warnings-df54cb69.js +1 more instances...	[email protected] via package.json
Filesystem access	get-package-type	0.1.0	Module: fs Location: async.cjs +1 more instances...	[email protected] via package.json
No v1	get-package-type	0.1.0	Location: Package overview	[email protected] via package.json
Unmaintained	get-package-type	0.1.0	Last Publish: 5/19/2020, 9:28:37 AM	[email protected] via package.json
Filesystem access	redeyed	2.1.1	Module: fs Location: examples/replace-log.js

[openzeppelin-code]

[Snyk] Fix for 2 vulnerabilities

Generated at commit: dc3f01f019d713b95ecceba773aee09f4b606629

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector