[Snyk] Fix for 7 vulnerabilities

[PurpleBabar]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2421199	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2434306	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (#140)
• dbae68d Update dependent package count in the readme (#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (#129)
• 835ca3d You've just reached 10,000 dependent modules. (#122)
• 74c087d minor doc improvements (#120)

See the full diff

Package name: inquirer

The new version differs by 67 commits.

• 68fcbcb 3.2.0
• e16575c Bump dependencies
• 3f2c74b fix(package): update chalk to version 2.0.0
• 2e9eb3e Allow non-string values as a list default option (#558)
• 5dbd186 [fix] #293 Exit script when SIGINT signal received (#564)
• 625965e Fixed typo (#563)
• babdfb2 Add Plugins Section to README.md (#559)
• 810c138 fix(package): update strip-ansi to version 4.0.0
• 13d3100 3.1.1
• 60b27f0 Setup coverage in codacy
• 62fde13 Bump dev dependencies
• 3f465b4 Move eslint configs to own file (easier to integrate in third party)
• 948f8dc Keep password prompt silenced after error - Fix #553 #546
• 11f5854 chore(package): update sinon to version 2.3.4 (#550)
• e612cc5 3.1.0
• 148cb71 Update eslint-config-xo-space to the latest version 🚀 (#516)
• 3b93dd5 call chalk.reset() after message prompt (#544)
• 3ff39a6 chore(package): update chai to version 4.0.1 (#541)
• 76f1bfe upgrade external-editor to 2.0.4 (#535)
• da4eceb pass current answers hash to filter (#533)
• f99b398 Use rx-lite-aggregates instead of full rx (#532)
• 20119a2 fix(package): update ansi-escapes to version 2.0.0 (#527)
• e294e16 Update validate fn param docs (#526)
• 5b3a4a2 Add masked password example

See the full diff

Package name: simple-git

The new version differs by 250 commits.

• 66c903c Merge pull request #776 from steveukx/changeset-release/main
• 4fc3747 Version Packages
• 9665dee Merge pull request #775 from steveukx/snyk/clone
• 2040de6 Prevent use of `--upload-pack` as a command in `git.clone` to avoid potential accidental command execution.
• 9bf9baa Merge pull request #772 from steveukx/changeset-release/main
• 64c41db Version Packages
• 357b4de Merge pull request #771 from steveukx/feat/status-with-nulls
• ed412ef Status Summary should use null terminators to allow files with spaces in their names
• 94c2462 Merge pull request #768 from steveukx/changeset-release/main
• 9113366 Version Packages
• 372efa0 Merge pull request #767 from steveukx/feat/fix-fetch-snyk
• d119ec4 Prevent use of `--upload-pack` as a command in `git.fetch` to avoid potential accidental command execution.
• e4ff627 Merge pull request #761 from steveukx/changeset-release/main
• fcc7618 Version Packages
• 7c24bb0 Merge pull request #760 from steveukx/fix/project-readme
• 80651d5 Remove pre-publish step of copying `readme.md`, no longer required
• 0d0c198 Merge pull request #759 from steveukx/changeset-release/main
• 6838e24 Version Packages
• d53875f Merge pull request #758 from steveukx/fix/project-readme
• ac4f38f Move workspace readme into the `simple-git` package, symlink to it from the workspace
• e9f0461 Move workspace readme into the `simple-git` package, symlink to it from the workspace
• bcfa6f8 Merge pull request #756 from steveukx/changeset-release/main
• 7a29566 Version Packages
• 50a8a6b Merge pull request #755 from steveukx/release-attempt

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)