[Snyk] Fix for 30 vulnerabilities

[Jeremip11]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPC-598671	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @google-cloud/datastore

The new version differs by 202 commits.

• d86f611 chore: release 4.0.0 (fix: strip module scripts #406 GoogleChrome/rendertron#407)
• d41ecef refactor: use repo-metadata to generate readme (Publish new npm version? GoogleChrome/rendertron#405)
• 5e74023 chore(deps): update dependency jsdoc to v3.6.2 (Desktop Rendering a blank page using rendertron GoogleChrome/rendertron#404)
• 547f1a1 fix(deps): update dependency google-gax to v1 (Adds test for base href, fixes subfolder href GoogleChrome/rendertron#402)
• 2a7c3ab fix: DEADLINE_EXCEEDED retry code is idempotent (Add max entries in memory cache to config GoogleChrome/rendertron#403)
• dfe1def fix: correct Long types import (Base routes are always empty GoogleChrome/rendertron#358)
• 19bc787 fix(deps): update dependency google-auth-library to v4 (Cache config GoogleChrome/rendertron#400)
• 47eedf0 fix: DEADLINE_EXCEEDED is no longer retried
• ebc8951 build: only pipe to codecov if tests run on Node 10 (Fixes the link to CONTRIBUTING.md in the docs GoogleChrome/rendertron#394)
• 3620229 build: allow Node 10 on presubmit to push to codecov (Question: Why googlebot is not on a list of user agents? GoogleChrome/rendertron#397)
• a32af11 chore(deps): update dependency google-proto-files to v1 (Create best practices documentation GoogleChrome/rendertron#393)
• a54f15b build: allow Node 10 to push to codecov (Fixed error with host and port in config.js GoogleChrome/rendertron#396)
• face659 build: patch Windows container, fixing Node 10 ([WiP] Server docs rewrite GoogleChrome/rendertron#395)
• 8bc549f chore(deps): update dependency gts to v1 (Harmonize memory cache and datastore cache GoogleChrome/rendertron#383)
• e7c7ccb chore: do not run CI on grpc-js (Fix intermittent refreshCache refreshes cache test GoogleChrome/rendertron#389)
• d50433a chore(deps): update dependency eslint-plugin-node to v9 (Expand configuration docs GoogleChrome/rendertron#390)
• 761896b fix(deps): update dependency @ google-cloud/projectify to v1 (Split deployment doc into separate docs GoogleChrome/rendertron#391)
• 94a45bd fix(deps): update dependency @ google-cloud/promisify to v1 (Edit (maybe split) the server-setup doc GoogleChrome/rendertron#392)
• a8cf59f build!: upgrade engines field to >=8.10.0 (Fix 387: TravisCI is failing GoogleChrome/rendertron#388)
• c77b616 chore: removing node6 CI (TravisCI is failing GoogleChrome/rendertron#387)
• 29b81e3 fix(deps): update dependency google-gax to ^0.26.0 (add code block of server-setup.md GoogleChrome/rendertron#386)
• 04861c0 update to .nycrc with --all enabled (Host and Port defined in config.json are ignored GoogleChrome/rendertron#385)
• 9a4d746 fix: lint (Implemented loading bar GoogleChrome/rendertron#384)
• e7a6a29 chore(deps): update dependency nyc to v14 (How do I see where rendertron is spending it's time GoogleChrome/rendertron#382)

See the full diff

Package name: puppeteer

The new version differs by 250 commits.

• 377cd83 chore: release main (#11081)
• 11f7c69 test: update Firefox BiDi expectations (#11082)
• 0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
• 163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
• 67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
• 54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
• c5083bb docs: update link to `third_party/README.md` (#11068)
• a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
• 28c1c26 test: crash mocha if unhandled errors occur (#11055)
• c5f2d28 test: move queryObjects to a CDP only tests (#11050)
• 88681a8 test: Remove invalid drag and drop test (#11054)
• eedbb13 chore: release main (#11051)
• b0d7375 fix: remove the flag disabling bfcache (#11047)
• 30bd030 chore: use yargs for mocha runner (#11045)
• 03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
• 897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
• f59537e ci: add sharding for chrome (#11038)
• bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
• e853e63 refactor: use common debugError (#11039)
• 48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
• aa16ab1 chore: use RxJS for wait for Navigation (#11024)
• c502ca8 chore: release main (#11025)
• e0e7e3a test: move cdp only tests to a subfolder (#11033)
• 8993def ci: disable failing doctest (#11035)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn