[Snyk] Fix for 8 vulnerabilities

[UbuntuEvangelist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/gitbook/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cheerio

The new version differs by 18 commits.

• 35c4917 Release 0.21.0
• 1d2e8a7 Return undefined in .prop if given an invalid element or tag (Unicode conflicts when file system and SUMMARY.md have different encoding type(NFC, NFD) GitbookIO/gitbook#880)
• df55c93 Merge pull request Font Awesome is missing? GitbookIO/gitbook#884 from cheeriojs/readme-cleanup
• bbceb09 readme updates
• 010b718 Merge pull request Fix Plugins link. GitbookIO/gitbook#881 from piamancini/patch-1
• 4997e70 Added backers and sponsors from OpenCollective
• 4ccb41b Use jQuery from the jquery module in benchmarks (gitbook init in Mac GitbookIO/gitbook#871)
• 54359c9 Document, test, and extend static `$.text` method (service pemanas air hp 081218067443 GitbookIO/gitbook#855)
• c6612f3 Fix typo on calling _.extend (service solahart depok hp 081218067443 GitbookIO/gitbook#861)
• ed60b34 0.21.0
• 79d4e5e Update versions (How to mark an article as unread? GitbookIO/gitbook#870)
• e7d18af Use individual lodash functions (service solahart bintaro hp 081218067443 GitbookIO/gitbook#864)
• e65ad72 Added `.serialize()` support. Fixes [Snyk] Security upgrade nunjucks from 2.5.2 to 3.2.4 #69 (how does gitbook do to parsing SUMMARY.md? GitbookIO/gitbook#827)
• df39f33 Update Readme.md (service center solahart hp 081218067443 GitbookIO/gitbook#857)
• 7b59afb add extension for JSON require call
• d0551dc remove gittask badge
• f500197 Merge pull request ebook-convert crash GitbookIO/gitbook#672 from underdogio/dev/checkbox.radio.values.sqwished
• 046071a Added default value for checkboxes/radios

See the full diff

Package name: chokidar

The new version differs by 250 commits.

• 7b8e02a Release 3.0.0.
• e7bfe2f Move stuff.
• df7f22e Remove changelog from npm, move to hidden dir.
• 3df7692 Improve naming.
• 6e94ca2 Clean-up.
• 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (plugin needs path to its resources in body:start GitbookIO/gitbook#833)
• 9e0965a Fix Windows tests in Travis CI (GitBook.com support not active? GitbookIO/gitbook#832)
• c95a98f Update stuff.
• 187ff2b test: Trying to fix blinked tests for Travis CI. (Math rendering in preview GitbookIO/gitbook#825)
• db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (React style error when using inline styles GitbookIO/gitbook#824)
• 41f8782 fix(FsEvents): Remove situation with NaN depth. (Math rendering GitbookIO/gitbook#823)
• 7cf3f7e Update readdirp to stable.
• 0927a62 Bump packages.
• 11cd857 Update nyc.
• 99c14d7 Uncomment fsevents.
• cf330a5 Update fsevents.
• 0e4fca5 Fix deps.
• 9c575d4 Fix Windows version (Creative Commons HTML breaks editor GitbookIO/gitbook#821)
• 3323d59 fix(Linux): Make event loop hack for keep testing valid. (Keyboard re-mapped GitbookIO/gitbook#820)
• 06214c5 Update to latest readdirp.
• 793639f Rename osxfswatch.
• 078bc2d Refactor and fix freaking tests.
• 2b9bb41 Try node 11.
• 3fe3d4e Test travis.

See the full diff

Package name: juice

The new version differs by 191 commits.

• a628051 v7.0.0
• 5d89c6e Merge pull request Generating an azw3 file GitbookIO/gitbook#368 from TrySound/upgrade-web-resource-inliner
• ef3a266 Merge pull request chrome seems to load old content (even if I flush the cache, disable caching in the JS console) GitbookIO/gitbook#369 from TrySound/published-files
• 335ed19 Publish only necessary files in package
• 3ec34d3 Upgrade web-resource-inliner
• 56e8fbc Merge pull request Generating ePub and MOBI GitbookIO/gitbook#367 from TrySound/upgrade-commander
• 1dac1f4 Upgrade commander
• 1f82379 Merge pull request Ignore config files by default in fs.list GitbookIO/gitbook#366 from TrySound/upgrade-cheerio
• 4178da6 Upgrade typescript
• 0ea9842 Upgrade to cheerio v1
• ec41c65 Merge pull request Convert links with fragments from md to html GitbookIO/gitbook#352 from hansottowirtz/support-htmlparser2
• f55f820 Merge pull request how to remove have created book? GitbookIO/gitbook#364 from TrySound/drop-deep-extend
• 7116879 Replace deep-extend with nested Object.assign
• 879e34c Merge pull request Can't generate ebook in certain paths GitbookIO/gitbook#363 from TrySound/unused-inliner-options
• 8899cd7 Merge pull request Is there a feature of remembering the last view? GitbookIO/gitbook#365 from TrySound/object-assign
• 0765875 Merge pull request Closes #360: non-ascii heading id generation GitbookIO/gitbook#362 from TrySound/cross-spawn-dev
• d08b1ed Replace custom extend utility with native Object.assign
• fb22fc0 Drop unused cssmin and uglify options from cli
• f3307de Move cross-spawn to dev dependencies
• 49b5412 Merge pull request Is there a simple way to add 3rd party libraries? GitbookIO/gitbook#349 from ArsenyYankovsky/master
• 0ce3da7 Merge pull request Problems in heading id generation GitbookIO/gitbook#360 from nekocode/fix-empty-tag
• 990f0dd Merge pull request Highlight active page in summary GitbookIO/gitbook#353 from asztal/patch-1
• 35d9a9d fix add jsbin embedded plugin GitbookIO/gitbook#359
• 6963fe6 Add changelog entry for v6.0.0

See the full diff

Package name: npm

The new version differs by 250 commits.

• 3b4ba65 7.0.0
• bbfc75d chore: fix weird .gitignore thing that happened somehow
• 8a2d375 docs: changelog for v7.0.0
• 365f2e7 [email protected]
• fafb348 [email protected]
• 9306c68 [email protected]
• 569cd64 [email protected]
• ac9fde7 Integration code for @ npmcli/[email protected]
• 704b9cd @ npmcli/[email protected]
• 3955bb9 [email protected]
• da240ef fix: patch config.js to remove duplicate values
• 9ae45a8 [email protected]
• 41ab36d [email protected]
• c474a15 [email protected]
• efc6786 fix: make sure publishConfig is passed through
• 1e4e6e9 docs: v7 using npm config refresh
• 5c1c2da fix: init config aliases
• 5bc7eb2 docs: v7 npm-install refresh
• 1a35d87 7.0.0-rc.4
• 7a5a557 docs: changelog for v7.0.0-rc.4
• f0cf859 chore: dedupe deps
• 0273745 [email protected]
• 7bd47ca @ npmcli/[email protected]
• 9320b8e only escape arguments, not the command name

See the full diff

Package name: nunjucks

The new version differs by 250 commits.

• 53d1223 Release v3.2.1
• 93129bf Replace yargs with commander
• 17691da Chokidar bump
• 40dfdf0 Remove dead link
• cefb1cf Prevent optional dependency Chokidar from loading when not watching
• 1485a44 Add badges in README.md
• 2246457 Add Mozilla Code of Conduct file
• ff5571c Release v3.2.0
• f997a52 Add NodeResolveLoader
• 34b0a26 Fix syntax typos in CONTRIBUTING.md
• 55e0b7a Set dash as joiner element
• c99154e Update faq.md
• 1338712 Emit 'load' events on Loader and Environment instances
• 057e7b3 Add test for line/column info in user-function exception
• bcf38f3 Emit line and column info for functions
• fbddcd5 lexer more accurately tracks token line and column information
• 889ef80 Add nodejs versions 10 and 11 to CI, remove 6 and 9
• b828158 Fix documentation typo
• 1370361 v3.1.7
• 0a65e1f Fixes for replace example
• 2946fb4 Removed postinstall-build in favor of npm prepare script
• 9fd5bdb Add link to Plugin syntax highlighting for VSCode
• 68ba15c Fix bug where exceptions were silently swallowed with synchronous render
• 7c187ac tests: fix issue running tests on node 10.x

See the full diff

Package name: request

The new version differs by 150 commits.

• f422111 2.80.0
• bce66a5 Merge pull request chore: scalar bump GitbookIO/gitbook#2571 from JamesMGreene/fix_ipv6_host_header
• ff6d6c6 Correctly format the Host header for IPv6 addresses
• 667e923 Merge pull request Adds missing css variables GitbookIO/gitbook#2558 from request/FredKSchott-patch-1
• 6862553 Merge pull request Update README.md GitbookIO/gitbook#2221 from calamarico/change_readme
• 8d78bd0 Update README.md example snippet
• 60f6a00 Merge pull request RND-2311: enums for server url in openapi block GitbookIO/gitbook#2452 from nicjansma/master
• da077f7 Merge pull request Improve animation of section tabs GitbookIO/gitbook#2553 from request/issue-template
• 921ebee small change to template wording
• 256deea add ISSUE_TEMPLATE, move PR template
• fec1f2b reorder PULL_REQUEST_TEMPLATE sections
• 2046cf3 Merge pull request Upgrade to the new scalar client GitbookIO/gitbook#2539 from request/FredKSchott-patch-1
• 0ea3d47 Merge pull request Issue with Git Sync GitbookIO/gitbook#2524 from request/greenkeeper-caseless-0.12.0
• 3f57975 Use performance-now instead of custom solution
• a9ad38a Ensure only the properties we expect are there
• d9e8c3d Added deprecated notes
• a60be68 Create PULL_REQUEST_TEMPLATE.md
• 223f44b Merge pull request Receiving error code: 1016 on all Scalar API requests GitbookIO/gitbook#2460 from OwnageIsMagic/patch-1
• d40f9af Merge pull request add support for sites in multi id mode GitbookIO/gitbook#2514 from humphd/package.json-keywords
• dfd777a chore(package): update caseless to version 0.12.0
• 4901f96 Change tags to keywords in package.json
• f009af2 Merge pull request Experiment with lower DO billable duration by using direct RPC methods GitbookIO/gitbook#2492 from addaleax/lenient-gzip
• 71081b6 More lenient gzip decompression
• 21e315d Removed extra space

See the full diff

Package name: slate

The new version differs by 190 commits.

• f376911 0.21.0
• 8003117 update changelog
• 4bbf748 Replace cheerio with parse5 (Bad handling of block arguments GitbookIO/gitbook#934)
• cf85c6e 0.20.7
• 55dcd70 Rename History.md to Changelog.md
• 30f1a9e Allow HTMLSerializer to deserialize an empty doc (Set starting number on Summary GitbookIO/gitbook#915)
• a1d4de3 0.20.6
• c2ff412 Merge branch 'master' of github.com:ianstormtaylor/slate
• c0d82c0 improve mark handling performance for large selections (language code: suggest use zh-hans not zh-cn GitbookIO/gitbook#926)
• b5761a1 0.20.5
• 37ba8e9 Allow drop events on void nodes (Github authentication support in GitBook for Desktop GitbookIO/gitbook#921)
• 31c7559 Fix Edge Drag & Drop Issues (A bug about link markdown GitbookIO/gitbook#923)
• 17cfde6 Add `data` field to editor `State`. (Maybe it's possible to add binding for a new Chapter and an existing file in New Chapter Dialog? GitbookIO/gitbook#830)
• 74bf684 Add property "isEmpty" (service solahart pluit hp 082113812149 GitbookIO/gitbook#863)
• 4e01f80 Ignore Void nodes onClick in read-only (Fix blocks in asciidoc GitbookIO/gitbook#908)
• 0746582 Fix dragging text in the editor (Font Awesome is missing? GitbookIO/gitbook#884)
• e81f4e2 Fix image drop in example (Don't react when user wants to open a link in a new tab GitbookIO/gitbook#919)
• ccb7a23 enable source maps during development (The new desktop (offline) editor GitbookIO/gitbook#916)
• e66adf1 Issue with the Overriding Defaults example. (Creating mix-n-match manuals from a single repository GitbookIO/gitbook#914)
• 9161961 Fix "Auto-Markdown" Doc Link (Alternate position of page number on footer GitbookIO/gitbook#906)
• 17b1a45 Update README.md (Support to display line number in a code block GitbookIO/gitbook#905)
• 5d8a9b9 0.20.4
• a3a7949 Add example of using plugin.render to /examples/plugins (live restart after change doesn't work (v2.3.0) GitbookIO/gitbook#890)
• c7f14e1 Updated findDOMNode function (How to logon to gitbook desktop? GitbookIO/gitbook#892)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn