[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (Bug in file size, it's saved BEFORE the compression mayeaux/nodetube#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (Duration for audio/video files mayeaux/nodetube#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (Autoplay doesn't always work  mayeaux/nodetube#140)
• dbae68d Update dependent package count in the readme (Rss feeds mayeaux/nodetube#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (Frontend optimization mayeaux/nodetube#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (Plyr somewhat buggy, doesn't show the sound button at times mayeaux/nodetube#129)
• 835ca3d You've just reached 10,000 dependent modules. (The popular page scrolls horizontally on mobile mayeaux/nodetube#122)
• 74c087d minor doc improvements (Add copy buttons for the links on about mayeaux/nodetube#120)

See the full diff

Package name: forever

The new version differs by 19 commits.

• 4705421 Prepare 4.0.0 for release
• 35a4062 Remove y18n due to CVE 2020 7774 part 5 (#1112)
• 1f6108e Move getopts to devDependencies (#1113)
• aa22041 Replace yargs with getopts (CVE-2020-777) (#1110)
• ae6d88e Update in-range dependencies (#1108)
• 4a404f7 Drop `deep-equal` (#1101)
• b2120f9 Remove utile (#1099)
• 071cc04 Update changelog
• c1bcbff Remove dependency on broadway (#1098)
• 3586afe Prepare 3.0.1 for release
• 67cc950 Prepare 3.0.1 for release
• 877d93a Replaced optimist with yargs (#1093)
• a36330a Update forever-monitor (#1081)
• 0c5d32a Update dependencies and test Node 14 (#1080)
• 9e85c59 Fix argument type of fs.writeFileSync (#1075)
• 58eb131 Add CLI test for starting/stopping from a directory with space (#1068)
• 437ca4a Remove unnecessary path-is-absolute dependency (#1062)
• 8f739b0 Execute Mocha tests (#1054)
• ceb235c Update changelog

See the full diff

Package name: node-sass

The new version differs by 17 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3

See the full diff

Package name: node-sass-middleware

The new version differs by 59 commits.

• ccb8d99 Bump node-sass version to v7.0.1 (Fixed permissions for Docker mayeaux/nodetube#149)
• 6edba5f Replace `var` keywords with `const` (Touchup uploading mayeaux/nodetube#150)
• b6a78e0 Merge pull request Fixing vulnerabilities mayeaux/nodetube#147 from nschonni/remove-lock
• 85de4cf chore: Ad NPM publish Action
• d35f1db chore: Replace Travis-CI with GitHub Actions
• 8253c24 feat: v1.0.0 release
• 67d90fa feat: Set minimum support Node at 12
• 9bc529f typo: supportend -> supported
• 6b9f668 chore: Drop EOL Node versions from CI
• f5ab63b feat: Use node-sass v6
• f956e4b chore: Upgrade supertest to latest
• ec2b4f4 feat: Drop mkdirp for native fs.mkdir
• 4c49ee0 chore: Upgrade Mocha to latest
• e9f06f3 chore: update ESLint to latest
• 7d9cebb chore: Remove package-lock.json
• 6f12a45 Node v14 compatibility (Add estimated time to completion for uploading and converting mayeaux/nodetube#136)
• 0d29f1c Merge pull request Use websocket to alert users of converting progress mayeaux/nodetube#135 from sass/dependabot/npm_and_yarn/lodash-4.17.19
• 08e09ff Bump lodash from 4.17.15 to 4.17.19
• cfabcff Merge pull request req: watermark videos mayeaux/nodetube#133 from sass/dependabot/npm_and_yarn/acorn-7.1.1
• 33694df Update packages to latest stable
• a827804 Bump acorn from 7.1.0 to 7.1.1
• 6f313a2 Merge pull request Show somehow if a video has no audio mayeaux/nodetube#128 from larvit/master
• 0dc82b7 Improved README for custom logging function
• 0da3eaa Update all dependencies to latest stable

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.