[Snyk] Fix for 33 vulnerabilities

[rossdakin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-FIREBASEUTIL-1038324	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPCGRPCJS-1038818	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	449/1000 Why? Has a fix available, CVSS 4.7	Open Redirect SNYK-JS-NEXT-1540422	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	Yes	Proof of Concept
	590/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: firebase-tools

The new version differs by 250 commits.

• 4482156 11.14.0
• 5504f7c Version bump emulator UI to 1.10.0. (#5065)
• 210a40e Fix Hosting validation (#5060)
• 7d9ece6 Single project mode (#4890)
• cd737c9 Adds emulator support for v2 rtdb triggers (#5045)
• 443d13b Wire up pinTag (#5047)
• 3a92daf Depend on API library
• 6e3eff7 Consolidate config utilities and add better typing (#5017)
• 2358663 upgrade superstatic (#4935)
• 9e524c1 [firebase-release] Removed change log and reset repo after 11.13.0 release
• 001a6bd 11.13.0
• 3b48be0 Adds test lab triggers to firebase deploy (#5011)
• 3b4d850 Allow emulators to work offline (MOTD fail) (#4998)
• 4184ad7 moves esbuild to an optional dependency; requires node 16 for frameworks (#5052)
• a7d1133 fix(webframeworks) Rename frameworkawareness -> webframeworks (#5043)
• b38d0c7 Set default values properly for selector params (#5042)
• 02c4e41 [Function-NoOp] Integration test to verify skipping deploy is WAI (#4993)
• cadc9ef [Function-NoOp] Enable Skipping NoOp Deploys by Default (#5032)
• c3ec450 Implement Experiments feature (#4994)
• 20d3d7c [firebase-release] Removed change log and reset repo after 11.12.0 release
• 8cfedbd 11.12.0
• 3719991 Fix changelog for websocket port (#5039)
• 2ec0a60 fetch hosting site instead of default instance for opening a hosting site (#5030)
• a376bcf upgrade some deps to address audit issues (#5036)

See the full diff

Package name: husky

The new version differs by 37 commits.

• b9a0917 4.3.7
• 839d84a update pkg-dir dependency and some devDependencies
• 6a1b3da Upgrade find-versions to 4.0.0 (#837)
• cbb0af7 4.3.6
• eb1eeb8 fix prepare-commit-msg on windows (#737)
• 65bc6e5 Update README.md
• cbd0e06 add prepare-commit-msg test
• 992c1e0 4.3.5
• 642af0c rollback do not exit with 1 if install fails
• ccb71b2 Update README.md
• 3c43bd5 4.3.4
• 1e1b289 update error message
• b29ee2b 4.3.3
• fd0233e ignore tsconfig.tsbuildinfo
• a5f1259 4.3.2
• 41472b7 provide workaround for npm7
• 6dc9a51 4.3.1
• 033a2ae exit with 1 if husky fails to install/uninstall
• 38a7163 update gitignore
• eff9aa3 Update README.md
• b616d84 Changed create-react-app repo url (#759)
• bb0c414 Update README.md
• b05e72f Update node.js.yml
• 44e02bd Update node.js.yml

See the full diff

Package name: next

The new version differs by 250 commits.

• 99abb8b v12.0.2
• 9828790 v12.0.2-canary.14
• 39283f1 Update swc (#30685)
• 02e0dbc v12.0.2-canary.13
• 8a6307f Remove isCommonJS check as it has been moved to next-swc (#30677)
• 622a1a5 Provide default fallback _document and _app for for concurrent mode (#30642)
• c12ae5e correct Next.js 11 upgrade instructions (#30665)
• 90fad00 v12.0.2-canary.12
• 4ada314 Add auto-commonjs and update swc (#30661)
• d8cb8c5 Fixed "Expected jsx identifier" error on TypeScript generics & angle bracket type assertions in .ts files (#30619)
• d7d1a05 Ensure native binary is available for release stats (#30649)
• 77e1565 remove Object.fromEntries polyfill for node 10 in test utils (#30657)
• 48874f1 Fix missing dev option for the middleware SSR loader (#30639)
• c730f73 v12.0.2-canary.11
• 18a3991 Fix check compiled step (#30645)
• 097fb3c Revert incremental config to fix missing types (#30644)
• aa70f46 v12.0.2-canary.10
• 599081a Update output tracing to do separate passes (#30637)
• f363cc8 update webpack (#30634)
• b5a8916 Chore/rust workflow (#30577)
• c03e284 make sure "webpack" exists in the repo for typings (#30371)
• c53eaac v12.0.2-canary.9
• 142af81 Relax warning for `next/image` loader width even more (#30624)
• 842a130 Update to latest shell-quote (#30621)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn