[Snyk] Fix for 18 vulnerabilities

[lirantal]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: yeoman-generator

The new version differs by 131 commits.

• 9e4ccf5 2.0.0
• a29e5d9 Bump dependencies
• 96da393 Bump package-lock.json
• 4b1b841 Replace gulp with raw Mocha
• 6effbfe Use raw nsp
• 183b3a8 Get rid of before/after (toward jest migration)
• 68d59c1 Add package-lock.json
• f8e46b0 Don't die on diffing file deletions (again) (#1028)
• edc2bf2 [comments] Change wrong param name in description (#1018)
• 364606e Switch to `make-dir`
• eaf1ade New: option shorthand on installDependencies method (#1015)
• e296e52 Bump XO and minor style tweaks
• 9da7391 Bump dependencies
• b010701 More ES2015ifing
• cfd2a8e Refactor install methods to handle promises - ref #1006
• 1be88e6 Remove callback API from Genrator#github.username() in favor of Promise one - ref #1006
• 00912ce Remove class-extend (isn't necessary with ES6), clean jsdoc
• 2cab46e Get rid of some dependencies
• 6553965 More ES2015ification
• d535bac Initial ES2015ification
• 80863b0 1.1.1
• af3048f Fix issue with API documentation deploy script
• 74cb46f Document legacy Generator.extend method properly - rel #996
• 6d267f0 Use XO

See the full diff

Package name: yo

The new version differs by 143 commits.

• f03ca42 4.3.1
• 1163e5d Remove `insight` module for now (#771)
• 1fe6ad1 Bump configstore from 3.1.5 to 5.0.1 (#727)
• a93924a Bump read-pkg-up from 4.0.0 to 7.0.1 (#724)
• 4cf042a Bump async from 2.6.3 to 3.2.2
• 06f5caf Bump titleize from 1.0.1 to 2.1.0
• 2305638 Bump string-length from 2.0.0 to 4.0.2
• b42325d Bump sinon from 6.3.5 to 12.0.1
• 86c39df Bump inquirer from 6.5.2 to 8.2.0
• 7605ed2 Bump mocha from 8.4.0 to 9.1.3
• dddfef3 Bump humanize-string from 1.0.2 to 2.1.0
• 33c16ab Bump package-json from 5.0.0 to 7.0.0
• 9d01baf Revert meow to 5.0.0.
• a89ec17 Bump open from 6.4.0 to 8.4.0
• 1ca65ce Bump chalk from 2.4.2 to 4.1.2
• 328cb8b Bump cross-spawn from 6.0.5 to 7.0.3
• abb68d4 Bump figures from 2.0.0 to 3.2.0
• b92cf9b Bump registry-url from 4.0.0 to 5.1.0
• c4ad70e Bump update-notifier from 2.5.0 to 5.1.0
• 8854a29 Bump global-agent from 2.2.0 to 3.0.0
• 22a2f53 Bump sort-on from 3.0.0 to 4.1.1
• 8184897 Bump nock from 9.6.1 to 13.2.1
• 206b3f5 Bump npm-keyword from 5.0.0 to 6.1.0
• f7c0be1 Add dependabot config. (#684)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn