[Snyk] Fix for 58 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-KARMA-2396325	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-PROPERTYEXPR-598800	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YUP-2420835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: coveralls

The new version differs by 10 commits.

• 5ebe57f bump version
• 428780c Expand allowed dependency versions to all API compatible versions (feature request: allow nodeLists to be passed into i18n i18next/i18next#172)
• eb1b723 Update Mocha link (Translation for <th> and <input> i18next/i18next#169)
• b9032a1 better Jenkins detection
• 2821200 version bump
• ef7e811 Parse commit from packed refs if not available in refs dir. (Uncaught TypeError: Cannot call method 'init' of undefined  i18next/i18next#163)
• e476964 Merge pull request Languages are loaded multiple times i18next/i18next#162 from evanjbowling/patch-1
• 63a7f92 Update README.md
• d571dac merge, version bump
• 1575050 branching WIP

See the full diff

Package name: cpy-cli

The new version differs by 13 commits.

• 8329dc9 4.0.0
• 693722f Update `cpy` to v9 (Configure Renovate - autoclosed MarcelRaschke/i18next#34)
• b271612 Meta tweaks
• 7ee777f Require Node.js 12 and move to ESM (Bump ua-parser-js from 0.7.31 to 0.7.33 MarcelRaschke/i18next#31)
• d6bdd28 Move to GitHub Actions (Bump qs from 6.5.2 to 6.5.3 MarcelRaschke/i18next#28)
• 1c9bd16 3.1.1
• 65637f7 Update dependencies (Bump decode-uri-component from 0.2.0 to 0.2.2 47-studio-org/i18next#25)
• c6e1f26 3.1.0
• 122f4de Allow patterns to match entries that begin with a period (.) ([Snyk] Upgrade eslint-config-prettier from 3.6.0 to 8.5.0 47-studio-org/i18next#20)
• af00c3b 3.0.0
• 4f843b3 Update dependencies
• a31ef18 Require Node.js 8
• 31303d9 Create funding.yml

See the full diff

Package name: dtslint

The new version differs by 81 commits.

• 9c56a82 Update npm naming (Multilevel language resources loose theirs values on update i18next/i18next#269)
• c859e21 2.0.6 - remove request dependency
• 3a94f6f Remove unused 'request' dependency (npm publish i18next/i18next#268)
• f4a536a 2.0.5 - fix Typescript version parsing regex
• 3b022b7 Fix regex typo (initialized should also be set in addResourceBundle call i18next/i18next#266)
• eb86e5b 2.0.4 - support "Minimum" in TS version line
• 5f7605c Support “Minimum” in TS version line (Its not possible to add resource before init is called i18next/i18next#265)
• 05257e7 2.0.3 - update dtslint and definitelytyped-header-parser
• 4e2deaa Update dts-critic to 2.2.3
• 77041af Update dts-critic to 2.2.2
• 39e38eb 2.0: stop testing on Typescript 2.0 - 2.7
• 411f043 Drop support for 2.0 2.7 (detectLngFromPath ignored i18next/i18next#264)
• 2db27af Support TS 3.8
• f772221 unused-dependencies (ES6 transpiler support i18next/i18next#261)
• 3bda597 even more documentation
• 3322677 Add npm-naming documentation
• 8eba4ac really revert to 3.7
• b7a2014 Revert to 3.7 definitelytyped-header-parser
• 059c23e Add support for 3.8 via definitelytyped-header-parser
• face461 0.9.9 - Update dts-critic dependency
• 21cee82 Fix typo in readme (Fix Issue #250. Reset options.isFallbackLookup i18next/i18next#251) (Example Usage i18next/i18next#252)
• f31e391 0.9.8 - update dts-critic dependency
• a994395 0.9.7 - ExpectType supports multiples, sep by ||
• a83452a Merge pull request options.isFallbackLookup needs to be reset? i18next/i18next#250 from microsoft/multipleExpectTypes

See the full diff

Package name: eslint

The new version differs by 250 commits.

• c4fffbc 8.0.0
• d51f4cf Build: changelog update for 8.0.0
• 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
• 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
• f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
• 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
• 68a49a9 Docs: Update Rollup Integrations (#15142)
• d867f81 Docs: Remove a dot from curly link (#15128)
• 9f8b919 Sponsors: Sync README with website
• 4b08f29 Sponsors: Sync README with website
• ebc1ba1 Sponsors: Sync README with website
• 2d654f1 Docs: add example .eslintrc.json (#15087)
• 16034f0 Docs: fix fixable example (#15107)
• 07175b8 8.0.0-rc.0
• 71faa38 Build: changelog update for 8.0.0-rc.0
• 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
• cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
• 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
• 7f2346b Docs: Update release blog post template (#15094)
• fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
• e3cd141 Sponsors: Sync README with website
• 05d7140 Chore: document target global in Makefile.js (#15084)
• 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: karma

The new version differs by 250 commits.

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
• 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
• db53785 chore(release): 6.3.13 [skip ci]
• 5bf2df3 fix(deps): bump log4js to resolve security issue
• 36ad678 chore(release): 6.3.12 [skip ci]
• 41bed33 fix: remove depreciation warning from log4js
• c985155 docs: create security.md
• c96f0c5 chore(release): 6.3.11 [skip ci]
• a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
• de0df2f test: fix version regex in the CLI test case
• eddb2e8 chore(release): 6.3.10 [skip ci]
• 0d24bd9 fix(logger): create parent folders if they are missing
• b8eafe9 chore(release): 6.3.9 [skip ci]
• cf318e5 test: add test case for restarting test run on file change
• 92ffe60 fix: restartOnFileChange option not restarting the test run
• b153355 style: fix grammar error in browser capture log message
• 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: karma-browserify

The new version differs by 14 commits.

• 1f03ab2 5.3.0
• 3d1ae96 chore(package): bump dev dependencies
• 1796716 chore(project): bump lodash dependency
• adce20f 5.2.0
• 2a60185 chore(project): support browserify @ 16
• cba9ba9 chore(lint): ignore example/node_modules
• 72af250 chore(example): bump browserify + watchify versions
• 573db5b 5.1.3
• ff944e7 chore(package): allow browserify@15
• 6e0fcce 5.1.2
• 88673c4 chore(npmignore): ignore dev configuration(s)
• 0fed147 chore(project): remove grunt + jshint
• 08141de chore(ci): test against node {4,6,8}
• 21bd468 chore(project): bump dev dependencies

See the full diff

Package name: karma-coveralls

The new version differs by 16 commits.

• 1fa1574 Bump package.json to v1.2.0
• 39ad4ec Merge pull request How embed json i18next/i18next#40 from jgravois/chore/bump-coveralls
• 590e7f8 bump node version used by travis
• 22bdf86 bump dependency to address security vulnerability
• 5995449 Merge pull request Uncaught ReferenceError: undefinded is not defined i18next/i18next#38 from genofire/patch-1
• 1225556 [DOC] fix headline in README
• 7e53a7b Merge pull request Deep nested options i18next/i18next#37 from scottbedard/patch-1
• e5cbe9f Typo
• 2a78e93 Merge pull request Configure Renovate - autoclosed MarcelRaschke/i18next#35 from julmot/patch-1
• 078d3f0 docs(readme): indentation is not necessary
• 8b8b9d7 docs(readme): Add information about karma-coverage
• 9c1cbd4 Merge pull request Configure Renovate - autoclosed MarcelRaschke/i18next#34 from CurtisHumphrey/patch-1
• e638641 Update README.md
• 6d4fdd0 Merge pull request Bump json5 from 2.2.0 to 2.2.3 MarcelRaschke/i18next#30 from taion/master
• f73e03f test(reporter): fix and expand tests
• cae0b67 feat(reporter): merge coverage results

See the full diff

Package name: karma-mocha

The new version differs by 18 commits.

• 5828416 chore(release): 2.0.0 [skip ci]
• 4e35a55 chore(ci): semantic-release on success (error on npm install i18next/i18next#221)
• 00b24b6 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (shortcutFunction: 'sprintf' broken i18next/i18next#220)
• f7ec4e7 Merge pull request Simple way to browse keys in a namespace ? i18next/i18next#218 from karma-runner/semanitic-release
• 5a5b6d5 feat(ci): enable semanitic-release
• 36404cf Merge pull request Added string trim support to translate.js for IE8. i18next/i18next#217 from franktopel/minimist-update
• bab0416 updated minimum version of minimist dependency to ^1.2.3 instead of 1.2.0
• 3f9e4b7 Revert "updated minimum version of minimist dependency to ^1.2.3 instead of 1.2.0"
• a9bfdf9 updated minimum version of minimist dependency to ^1.2.3 instead of 1.2.0
• 3dd7a56 Merge pull request example on webpage i18next/i18next#215 from mbaumgartl/update-node-versions
• 844939c Merge pull request Relative referencing of namespaces and keys i18next/i18next#213 from mbaumgartl/fix-travis-build
• fd64f5b Update Node.js versions
• 6eb28de Fix Travis builds
• c8feade Merge pull request Always returning the fallbacklng i18next/i18next#210 from elpddev/chore/align-node-support-same-as-karma
• ea076c0 test(mock-fs): update mock-fs version
• 2fb6c93 ci(node versions): change running node verison the same as karma package
• 6c63662 Merge pull request Passing functions into as a data set into $.t() causes Firefox to crash i18next/i18next#122 from maksimr/karma-mocha-109
• e847121 feat: Expose 'pending' status

See the full diff

Package name: lint-staged

The new version differs by 44 commits.

• e24aaf2 fix: parse titles for function linters
• e862e7e docs: correct config file name
• 309ff1c docs: restore filtering section to README
• 4bef26e feat: add deprecation error for advanced configuration
• e829646 refactor: remove dependency on path-is-inside
• 767edbd refactor: remove dependency on lodash
• c59cd9a chore: upgrade dependencies
• 19536e3 refactor: pass unparsed commands to execa with --shell
• 275d996 refactor: rename --silent to --quiet
• 18acd59 docs: update README
• 2ba6d61 test: ignore testSetup from coverage report
• ecf9227 feat: add --shell and --quiet flags
• 04190c8 refactor: remove advanced configuration options
• bed9127 refactor: use execa's shell option to run commands
• d3f6475 docs: update contributors
• b71b9c8 refactor: warn about long arguments string only once
• bcd52ac docs: update README
• efe8f06 docs: print a warning when arguments length is too long based on platform
• 2753640 docs: update README
• 28f3c40 refactor: remove unused configuration options
• 4db2353 test: add test for linter command exiting with code 1
• 6d4beec test: update tests for function linters
• 36e54a2 feat: support function linter returning array of commands
• 9e4346f refactor: support function linters in getConfig

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (#4026)
• 3f7b987 uncaughtException: report more than one exception per test (#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes #4035 (#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (#4025)
• 9650d3f add OpenJS Foundation logo to website (#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (#3971)
• aca8895 Add link checking to docs build step (#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (#3986)
• 18ad1c1 treat '--require esm' as Node option (#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (#3984)
• ad4860e Remove extraGlobals() (#3970)
• b269ad0 Clarify effect of .skip() (#3947)
• 1e6cf3b Add Matomo to website (#3765)
• 91b3a54 fix style on mochajs.org (#3886)

See the full diff

Package name: watchify

The new version differs by 30 commits.

• 7b27a3c 4.0.0
• 5d4842a bump deps (Add isInitialized method. i18next/i18next#380)
• b840f29 disable package-lock.json
• bae5e02 update chokidar and anymatch (Browser caching by version i18next/i18next#378)
• 3445775 ci: use github actions (Allow to fallback to key when trans string is empty i18next/i18next#379)
• f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (Fix CommonJS with jQuery export i18next/i18next#369)
• bd2f677 ci: run on more node versions
• 563a90d Merge pull request We need a changelog i18next/i18next#367 from Trott/update-readme-badge
• bb2b429 chore: Fix Travis-CI badge in readme.markdown
• c3fe218 3.11.1
• e90101b Merge pull request Complex / formatted plurals i18next/i18next#362 from digipost/upgrade-deps
• d163b4f upgrade dependencies: fix errors from npm audit
• 1917270 Merge pull request support for multiple browser accept languages i18next/i18next#351 from menzow/feature/update-docs
• d232754 Merge pull request public visibility of applyReplacement function i18next/i18next#357 from Kamil93/patch-1
• d924e9b Update readme.markdown
• 9ea8a65 Support for working with transforms
• 11989b2 3.11.0
• 82669ad Merge pull request doc: i18next.couchbase i18next/i18next#355 from browserify/browserify-16
• 495b6f2 Update to browserify@16
• 2bc76db Merge pull request useLocalStorage fails in Chrome with "Block third-party cookies and site data"  i18next/i18next#353 from BridgeAR/master
• b2a2ab1 test: add callbacks
• 5f7f27b 3.10.0
• 6de686b browserify@15
• 8147bc5 Add troubleshooting information for silenced errors

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"5a0c7369-77ca-4a25-a666-236e6aa5dc1c","prPublicId":"5a0c7369-77ca-4a25-a666-236e6aa5dc1c","dependencies":[{"name":"coveralls","from":"2.11.16","to":"2.13.2"},{"name":"cpy-cli","from":"2.0.0","to":"4.0.0"},{"name":"dtslint","from":"0.4.9","to":"3.0.0"},{"name":"eslint","from":"3.15.0","to":"8.0.0"},{"name":"karma","from":"2.0.0","to":"6.3.16"},{"name":"karma-browserify","from":"5.1.1","to":"5.3.0"},{"name":"karma-coveralls","from":"1.1.2","to":"1.2.0"},{"name":"karma-mocha","from":"1.3.0","to":"2.0.0"},{"name":"lint-staged","from":"8.1.7","to":"9.0.0"},{"name":"mocha","from":"3.2.0","to":"6.2.3"},{"name":"rollup-pl...