[Snyk] Fix for 24 vulnerabilities

[GTVolk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @vue/cli-plugin-typescript

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-plugin-unit-jest

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-service

The new version differs by 250 commits.

• 92d80a8 v5.0.1
• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)

See the full diff

Package name: nock

The new version differs by 72 commits.

• e4b0331 fix(dep): migrate from lodash.set to lodash. (trunk: turn off pdo_mysql's emulate prepared statements matomo-org/matomo#2306)
• 8a82b50 chore(deps-dev): bump got from 11.8.3 to 12.1.0
• 342e8dc chore(deps-dev): bump eslint-plugin-mocha from 10.0.4 to 10.0.5
• 0a9fc3e chore(deps-dev): bump eslint from 8.14.0 to 8.16.0
• 82e8028 chore(deps-dev): bump typescript from 4.6.4 to 4.7.2
• 3d534f8 chore(deps-dev): bump eslint from 8.12.0 to 8.14.0
• 5f9ebaa chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.111 to 0.0.112
• 502182a chore(deps-dev): bump typescript from 4.6.3 to 4.6.4
• 0d30bee chore(deps-dev): bump @ sinonjs/fake-timers from 9.1.1 to 9.1.2
• 7452368 chore(deps-dev): bump sinon from 13.0.1 to 13.0.2
• a7056ef chore(deps-dev): bump eslint-plugin-mocha from 10.0.3 to 10.0.4
• bcb0dc7 chore(deps-dev): bump prettier from 2.6.1 to 2.6.2
• c4ba7d1 chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 (Add getCustomVariable in PHP Client matomo-org/matomo#2326)
• 8e56fbd chore(deps-dev): bump @ sinonjs/fake-timers from 9.1.0 to 9.1.1
• 8789084 chore(deps-dev): bump prettier from 2.5.1 to 2.6.1
• be07d83 chore(deps-dev): bump mocha from 9.2.1 to 9.2.2
• b4e839d chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.110 to 0.0.111
• 14e7e87 chore(deps-dev): bump mocha from 9.2.0 to 9.2.1
• 0814d6e chore(deps-dev): bump typescript from 4.5.5 to 4.6.2
• 96ae061 chore(deps): bump actions/setup-node from 2 to 3 (Safari Resource debugging causes double logging in piwik matomo-org/matomo#2308)
• 7c949be chore(deps): bump actions/checkout from 2 to 3 (Add the segment 'visitorId' to allow querying reports for a given visitor matomo-org/matomo#2309)
• d424370 chore(deps-dev): bump semantic-release from 18.0.1 to 19.0.2
• 87a73d3 chore(deps-dev): bump eslint from 8.8.0 to 8.10.0
• 3384728 chore(deps-dev): bump @ definitelytyped/dtslint from 0.0.103 to 0.0.110

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[github-actions]

If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.

[github-actions]

This PR was last updated more than one month ago, maybe it's time to close it. Please check if there is anything we still can do or close this PR. ping @matomo-org/core-reviewers