Created by: abishekChouhan
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: mocha
The new version differs by 138 commits.- 18a1055 build(v9.1.2): release
- 011a5a4 fix: regex in 'update-authors.js'
- 06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
- a87461c chore(deps): remove 'wide-align' (#4754)
- c7f56d1 docs: how to use 'rootHooks' in the browser (#4755) [ci skip]
- 8421974 fix(browser): stop using all global vars in 'browser-entry' (#4746)
- 27bfc74 docs: add complete '--delay' example (#4744) [ci skip]
- 4860738 chore(devDeps): update 'eslint' and its plugins (#4737)
- abfddf8 docs: fix broken table width under 450 screen width (#4734)
- 97b8470 chore(esm): remove code for Node versions <10 (#4736)
- 654b5df build(v9.1.1): release
- a26cca9 build(v9.1.1): update CHANGELOG [ci skip]
- e975675 chore: update some devDependencies (#4733)
- 9e0369b fix(parallel): 'XUNIT' and 'JSON' reporter crash (#4623)
- 014e47a build(v9.1.0): release
- 3a14b28 build(v9.1.0): update CHANGELOG [ci skip]
- 171e211 feat(reporter): add output option to 'JSON' (#4607)
- bbf0c11 feat: add new option 'fail-zero' (#4716)
- 757b85d docs: improve 'grep()' and clarify docs (#4714)
- f19d3ca docs: remove unsupported 'no-timeout' option (#4719) [ci skip]
- 9f82ccb chore(gha): update 'stale.yml' (#4718) [ci skip]
- 09ffc30 Set CSP on karma to prevent 'evalError' regression (#4706)
- 02bf13d Update devDep '@ babel/preset-env' and pin 'regenerator-runtime' (#4707)
- 54a5788 Add new option "node-option" (#4691)
Package name: sharp
The new version differs by 179 commits.- 7555378 Release v0.28.0
- 80c95ee Docs: libvips tarballs are a bit smaller now
- 31563b2 Ensure GIF input will work with future libvips v8.11.0
- 861cd93 Pre-release v0.28.0-beta1
- abb344b Upgrade to libvips v8.10.6
- 6147491 Extend: default missing edge props to zero #2578
- f1f18fb Docs: clarify that flatten removes alpha channel #2601
- 9fc611f Docs: changelog entries for #2594 #2608
- 34a2e14 Fix erroneous top/left clipping in composite #2571
- 83fe65b Docs: include more relevant content in search index
- ec26c8a Docs: ensure toBuffer pixel example works #2624
- da43a30 Docs: correct typo in description of threshold operation
- a38126c Ensure composite replicates correct tiles with centre gravity #2626
- cb592ce Tests: add case for SVG with truncated embedded PNG
- d69c58a Docs: add section about Linux memory allocators
- bdb1986 Tests: run in parallel again
- 55356c7 Docs: refresh markdown
- a0f5525 Tests: a few more speed improvements
- 013f5cf Tests: refactor modulate suite, ~20x faster
- d5d008f Docs: reorder readme sections
- 3b02134 Tests: update latest benchmark test results
- a57d7b5 Tests: match concurrency with CPU count
- 1a3c38d Pre-release v0.28.0-alpha1
- 00aece0 Ensure id attr can be set for IIIF tile output #2612
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: