[Snyk] Fix for 57 vulnerabilities

[julitabarelkowska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • demos/TinyDice/front/package.json
  • demos/TinyDice/front/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	Yes	Proof of Concept
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6056521	No	No Known Exploit
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-VCONSOLE-1244101	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-VCONSOLE-1292147	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-VCONSOLE-5487991	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nuxtjs/axios

The new version differs by 132 commits.

• 450498e chore(release): 5.12.3
• 2364978 chore: update yarn.lock
• 7b32262 fix: `$loading().set(Infinity)` issue (> tronprotocol/sun-network#424)
• e58c136 docs: fix typo (KONG tronprotocol/sun-network#432)
• 2ffbb42 docs: change "module" to "logo" typo (KONG tronprotocol/sun-network#431)
• 76e9c87 chore(deps): update all non-major dependencies (Gbn tronprotocol/sun-network#410)
• 1fd2220 chore(deps): update actions/cache action to v2 (Snyk upgrade 5e5d6af47a708c52c953babefcea3db3 tronprotocol/sun-network#439)
• 4f8a53c docs: fix typo (TRON  tronprotocol/sun-network#435)
• 7e1605d docs: fix typos in setup.md (Create gradle.yml tronprotocol/sun-network#434)
• 7e093fa docs: improvements (Mehr tronprotocol/sun-network#429)
• a3f708d docs: fix pages order in next/prev menu (sun network tronprotocol/sun-network#414)
• c68bf17 chore: simplify package.json
• 3ed62f0 docs: rebuild on package.json change
• 44ef193 chore: update CHANGELOG
• d8bd168 chore(release): 5.12.2
• 6dd299e docs: fix syntax highlight
• 8fc02f7 chore: simplify readme
• 3a2e427 fix: fix netlify.toml
• 20c9dc3 chore: update badges
• f09f5e6 chore: fix netlify.toml
• d9dd5f2 chore: remove husky
• 465fc56 chore: update issue template
• 22c65a5 chore(ci): use github actions
• 85840c6 chore(deps): update all non-major dependencies (Developer Documents | SUN Network DAppChainmainchain { fullnode { ip.list = [ "" ] } solidity { ip.list = [ "" ] } } sidechain { fullnode { ip.list = [ "" ] } solidity { ip.list = [ "" ] } chain.id = } kafka { server = "" # group.id = authorization { user = passwd = } } gateway { mainchain.address = sidechain.address = } oracle { # private.key = keystore="" retryTimes = 3 } initTaskSwitch = true  tronprotocol/sun-network#400)

See the full diff

Package name: node-sass

The new version differs by 121 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: tronweb

The new version differs by 250 commits.

• 3a81bf1 Merge pull request #480 from tronprotocol/release/v5.3.2
• 9e59a03 feat: compat with ledger
• 50e77f8 fix: change unit tests for getBandwidthPrices & getEnergyPrices
• 14c3438 Merge branch 'release/v5.3.2' of github.com:tronprotocol/tronweb into release/v5.3.2
• 0223b8e fix: replace named import with default export module
• 5d5ba3b feat: using trongrid api parameter
• 4eae496 feat: update readme
• 43677b1 feat: ecRecover returns base58 format
• 7ce7971 fix: npm audit fix
• fb263c3 docs: add recent history
• eb04762 feat: add ecRecover
• fd886a3 feat: update code according to test result
• b2c610d chore: npm audit update
• 0bfd473 fix: issue 422
• 16a8760 fix: issue 429
• 972c03e feat: Support multi-dimension address array such as address[][]
• afe95a5 feat: support tip-586
• a2d483c feat: add function verifyTransactionIdSigner
• e8a0cdb feat: add function verifyTransactionSigner
• 8afa6ee feat: using Signature.from to replace custom signature
• adfd235 feat: support inject block header info when building transaction locally
• 4fffc59 feat: add v5.3.1 recent history
• cd30451 Merge pull request https://troncloud.io/r/57550 tronprotocol/sun-network#409 from tronprotocol/release/v5.3.1
• f87a482 chore: fix version number

See the full diff

Package name: vconsole

The new version differs by 250 commits.

• 968f3e2 Merge pull request #628 from Tencent/dev
• 84b4c22 chore: v3.15.1
• a5270c6 Fix(Log): Compatible with iOS (less than 13.4) that does not support `ResizeObserver`, but there may be a potential performance issue when printing a large number of logs. (issue #610)
• 547e0a3 chore: fix property
• 289dd76 chore: fix typings
• 5229e8e fix: add debug info to EmptyResizeObserver
• 0d5d149 fix(Core): Fix plugin event `ready` triggering before its HTML finishes rendering. (issue #591)
• 2e4feb3 fix(Log): Fix fatal error caused by iOS (less than 13.4) which is not support `ResizeObserver` interface. (issue #610)
• 21fb678 Merge branch 'dev' of https://github.com/Tencent/vConsole into dev
• 81c104e fix(Log): Reset group state when `console.clear()` is called. (issue #611)
• d5ed216 fix: Fix possible "Cannot read property" error by `sendBeacon`. (issue #615)
• eff80a2 Merge pull request #601 from xch1029/patch-1
• 56efb35 chore: rename hideUrlRegexp to ignoreUrlRegExp
• f7d9d77 Merge pull request #623 from novlan1/dev
• b915917 Fix(core): Fix prototype pollution in `vConsole.setOption()`. (issue #616 #621)
• be8a478 feat(network): add network hide option
• 5bf6391 fix: jquery not work in plugin demo
• 05d8039 Merge pull request #578 from Tencent/dev
• 3d53d44 chore: v3.15.0
• 5a100ee refactor: move icon component folder.
• 9966f63 fix: fix spelling
• 95864fa Merge pull request #577 from nilennoct/fix/trigger_select_click_events
• fc8a4a9 fix: trigger click event on `<select>` elements correctly
• ecc524b Fix(Storage): Fix an event bug that overflow content cannot scroll. (issue #542)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Cross-site Request Forgery (CSRF)
🦉 More lessons are available in Snyk Learn