[Snyk] Fix for 33 vulnerabilities

[rossdakin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-FIREBASEUTIL-1038324	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPCGRPCJS-1038818	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	449/1000 Why? Has a fix available, CVSS 4.7	Open Redirect SNYK-JS-NEXT-1540422	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	Yes	Proof of Concept
	590/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: firebase-tools

The new version differs by 250 commits.

• 9012f8c 11.4.1
• 35d4832 Restores behavior where Hosting will not fail to deploy if a function… (#4799)
• 22bdf7b Add integration test for function deploys. (#4776)
• 4356213 hosting:clone help update (#4798)
• 1389641 pin a specific version of cli-color (#4796)
• e13c413 fixed ENAMETOLONG storage emulator issue (#4771)
• ee4cdc1 sets groundwork for removing login with token (#4759)
• c60d441 [firebase-release] Removed change log and reset repo after 11.4.0 release
• 83b487f 11.4.0
• d63347c Update CHANGELOG.md (#4785)
• e239ebf fix storage and realtime database targets (#4782)
• ba686fd use user-project quota to test IAM permissions (#4781)
• ae788e7 Add storage emulator readme with useful commands (#4777)
• f9e09a8 Actually copy params from the v1alpha1 wire format into Builds (#4774)
• c274636 Find the function region for a functions rewrite automatically. (#4623)
• ac0a9e8 Remove duplicate call to track (#4766)
• 14a74a9 Fix "bug" where function timeout option did not apply to Functions Emulator. (#4745)
• 266e1d7 Rewrite functions emulator integration test to avoid using serialized trigger hack (#4750)
• ab3e771 Add function to programmatically write to .env files (#4721)
• d335545 [firebase-release] Removed change log and reset repo after 11.3.0 release
• 5df847d 11.3.0
• 4202b66 Cleanup unnecessary use of frb. (#4704)
• d84680c Update UI snapshot binaryPath. (#4751)
• 390f096 Add optional fields into build and copy to backend (#4746)

See the full diff

Package name: husky

The new version differs by 37 commits.

• b9a0917 4.3.7
• 839d84a update pkg-dir dependency and some devDependencies
• 6a1b3da Upgrade find-versions to 4.0.0 (#837)
• cbb0af7 4.3.6
• eb1eeb8 fix prepare-commit-msg on windows (#737)
• 65bc6e5 Update README.md
• cbd0e06 add prepare-commit-msg test
• 992c1e0 4.3.5
• 642af0c rollback do not exit with 1 if install fails
• ccb71b2 Update README.md
• 3c43bd5 4.3.4
• 1e1b289 update error message
• b29ee2b 4.3.3
• fd0233e ignore tsconfig.tsbuildinfo
• a5f1259 4.3.2
• 41472b7 provide workaround for npm7
• 6dc9a51 4.3.1
• 033a2ae exit with 1 if husky fails to install/uninstall
• 38a7163 update gitignore
• eff9aa3 Update README.md
• b616d84 Changed create-react-app repo url (#759)
• bb0c414 Update README.md
• b05e72f Update node.js.yml
• 44e02bd Update node.js.yml

See the full diff

Package name: next

The new version differs by 250 commits.

• 99abb8b v12.0.2
• 9828790 v12.0.2-canary.14
• 39283f1 Update swc (#30685)
• 02e0dbc v12.0.2-canary.13
• 8a6307f Remove isCommonJS check as it has been moved to next-swc (#30677)
• 622a1a5 Provide default fallback _document and _app for for concurrent mode (#30642)
• c12ae5e correct Next.js 11 upgrade instructions (#30665)
• 90fad00 v12.0.2-canary.12
• 4ada314 Add auto-commonjs and update swc (#30661)
• d8cb8c5 Fixed "Expected jsx identifier" error on TypeScript generics & angle bracket type assertions in .ts files (#30619)
• d7d1a05 Ensure native binary is available for release stats (#30649)
• 77e1565 remove Object.fromEntries polyfill for node 10 in test utils (#30657)
• 48874f1 Fix missing dev option for the middleware SSR loader (#30639)
• c730f73 v12.0.2-canary.11
• 18a3991 Fix check compiled step (#30645)
• 097fb3c Revert incremental config to fix missing types (#30644)
• aa70f46 v12.0.2-canary.10
• 599081a Update output tracing to do separate passes (#30637)
• f363cc8 update webpack (#30634)
• b5a8916 Chore/rust workflow (#30577)
• c03e284 make sure "webpack" exists in the repo for typings (#30371)
• c53eaac v12.0.2-canary.9
• 142af81 Relax warning for `next/image` loader width even more (#30624)
• 842a130 Update to latest shell-quote (#30621)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn