chore(deps): run npm audit fix

[caugner]

Description

Result of running npm audit fix in each directory with package-lock.json.

Motivation

Resolve vulnerabilities that may potentially affect us.

Additional details

See: https://docs.npmjs.com/cli/commands/npm-audit

/

Before:

# npm audit report

body-parser  2.2.0
Severity: moderate
body-parser is vulnerable to denial of service when url encoding is used - https://github.com/advisories/GHSA-wqch-xfxh-vrr4
fix available via `npm audit fix`
node_modules/body-parser

brace-expansion  <1.1.13
Severity: moderate
brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
fix available via `npm audit fix`
node_modules/brace-expansion

follow-redirects  <=1.15.11
Severity: moderate
follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets - https://github.com/advisories/GHSA-r4q5-vmmm-2653
fix available via `npm audit fix`
node_modules/follow-redirects

lodash  <=4.17.23
Severity: high
Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
lodash vulnerable to Code Injection via `_.template` imports key names - https://github.com/advisories/GHSA-r5fr-rjxr-66jc
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - https://github.com/advisories/GHSA-f23m-r3pf-42rh
fix available via `npm audit fix`
node_modules/lodash

minimatch  <=3.1.3
Severity: high
minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
fix available via `npm audit fix`
node_modules/minimatch

on-headers  <1.1.0
on-headers is vulnerable to http response header manipulation - https://github.com/advisories/GHSA-76c9-3jph-rj3q
fix available via `npm audit fix`
node_modules/on-headers
  compression  1.0.3 - 1.8.0
  Depends on vulnerable versions of on-headers
  node_modules/compression
  morgan  1.6.0 - 1.10.0
  Depends on vulnerable versions of on-headers
  node_modules/morgan

path-to-regexp  8.0.0 - 8.3.0
Severity: high
path-to-regexp vulnerable to Denial of Service via sequential optional groups - https://github.com/advisories/GHSA-j3q9-mxjg-w52f
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards - https://github.com/advisories/GHSA-27v5-c462-wpq7
fix available via `npm audit fix`
node_modules/path-to-regexp

picomatch  <=2.3.1
Severity: high
Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - https://github.com/advisories/GHSA-3v7f-55p6-f55p
Picomatch has a ReDoS vulnerability via extglob quantifiers - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
fix available via `npm audit fix`
node_modules/picomatch

qs  <=6.15.1
Severity: moderate
qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set - https://github.com/advisories/GHSA-q8mj-m7cp-5q26
fix available via `npm audit fix`
node_modules/qs

yauzl  3.2.0
Severity: moderate
yauzl contains an off-by-one error - https://github.com/advisories/GHSA-gmq8-994r-jv83
fix available via `npm audit fix`
node_modules/yauzl

12 vulnerabilities (3 low, 5 moderate, 4 high)

To address all issues, run:
  npm audit fix

After:

found 0 vulnerabilities

Diff:

--- before
+++ after
@@ -1,79 +1 @@
-# npm audit report
-
-body-parser  2.2.0
-Severity: moderate
-body-parser is vulnerable to denial of service when url encoding is used - https://github.com/advisories/GHSA-wqch-xfxh-vrr4
-fix available via `npm audit fix`
-node_modules/body-parser
-
-brace-expansion  <1.1.13
-Severity: moderate
-brace-expansion: Zero-step sequence causes process hang and memory exhaustion - https://github.com/advisories/GHSA-f886-m6hf-6m8v
-fix available via `npm audit fix`
-node_modules/brace-expansion
-
-follow-redirects  <=1.15.11
-Severity: moderate
-follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets - https://github.com/advisories/GHSA-r4q5-vmmm-2653
-fix available via `npm audit fix`
-node_modules/follow-redirects
-
-lodash  <=4.17.23
-Severity: high
-Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions - https://github.com/advisories/GHSA-xxjr-mmjv-4gpg
-lodash vulnerable to Code Injection via `_.template` imports key names - https://github.com/advisories/GHSA-r5fr-rjxr-66jc
-lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - https://github.com/advisories/GHSA-f23m-r3pf-42rh
-fix available via `npm audit fix`
-node_modules/lodash
-
-minimatch  <=3.1.3
-Severity: high
-minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern - https://github.com/advisories/GHSA-3ppc-4f35-3m26
-minimatch has ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments - https://github.com/advisories/GHSA-7r86-cg39-jmmj
-minimatch ReDoS: nested *() extglobs generate catastrophically backtracking regular expressions - https://github.com/advisories/GHSA-23c5-xmqv-rm74
-fix available via `npm audit fix`
-node_modules/minimatch
-
-on-headers  <1.1.0
-on-headers is vulnerable to http response header manipulation - https://github.com/advisories/GHSA-76c9-3jph-rj3q
-fix available via `npm audit fix`
-node_modules/on-headers
-  compression  1.0.3 - 1.8.0
-  Depends on vulnerable versions of on-headers
-  node_modules/compression
-  morgan  1.6.0 - 1.10.0
-  Depends on vulnerable versions of on-headers
-  node_modules/morgan
-
-path-to-regexp  8.0.0 - 8.3.0
-Severity: high
-path-to-regexp vulnerable to Denial of Service via sequential optional groups - https://github.com/advisories/GHSA-j3q9-mxjg-w52f
-path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards - https://github.com/advisories/GHSA-27v5-c462-wpq7
-fix available via `npm audit fix`
-node_modules/path-to-regexp
-
-picomatch  <=2.3.1
-Severity: high
-Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching - https://github.com/advisories/GHSA-3v7f-55p6-f55p
-Picomatch has a ReDoS vulnerability via extglob quantifiers - https://github.com/advisories/GHSA-c2c7-rcm5-vvqj
-fix available via `npm audit fix`
-node_modules/picomatch
-
-qs  <=6.15.1
-Severity: moderate
-qs's arrayLimit bypass in comma parsing allows denial of service - https://github.com/advisories/GHSA-w7fw-mjwx-w883
-qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion - https://github.com/advisories/GHSA-6rw7-vpxm-498p
-qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set - https://github.com/advisories/GHSA-q8mj-m7cp-5q26
-fix available via `npm audit fix`
-node_modules/qs
-
-yauzl  3.2.0
-Severity: moderate
-yauzl contains an off-by-one error - https://github.com/advisories/GHSA-gmq8-994r-jv83
-fix available via `npm audit fix`
-node_modules/yauzl
-
-12 vulnerabilities (3 low, 5 moderate, 4 high)
-
-To address all issues, run:
-  npm audit fix
+found 0 vulnerabilities

Related issues and pull requests

[Ryuno-Ki]

As I have inspected Audit reports in other projects myself:

Having the output in JSON (npm audit --json) would allow to run npm ls on the different keys of vulnerabilities (eq using jq) to understand the chain to that vulnerable dependency.