[Snyk] Fix for 23 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • static/node/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	Information Exposure SNYK-JS-SIMPLEGET-2361683	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	379/1000 Why? Has a fix available, CVSS 3.3	Insecure Credential Storage SNYK-JS-WEB3-174533	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:concat-stream:20160901	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @truffle/config

The new version differs by 250 commits.

• dddefba Publish
• f7b63fb Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4798 from trufflesuite/update-lodash-imports
• d0ca778 reduce lodash imports to those necessary
• 526248f Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4795 from trufflesuite/update-deps
• e890842 Update yarn.lock
• 0c06248 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4791 from trufflesuite/panic-at-the-contract
• 0bf2131 Update lodash and module dependencies to fix critical CVE
• 62b4650 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4796 from trufflesuite/remove-module-package
• 802d354 Remove unneeded module package
• 2ac45ef Merge pull request System Error when running Ganache 2.5.4 on darwin trufflesuite/ganache-ui#4794 from trufflesuite/chore/disable-ethpm-test
• 38f9337 truffle: disable EthPM zeppelin integration test
• 50007d3 Add test of panic codes in Truffle Contract
• 7590f72 Update Truffle Contract tests to Solidity 0.8.12
• 3efa551 Add support for panic decoding in Truffle Contract
• 08ce82d Merge pull request System Error when running Ganache 2.5.4 on darwin trufflesuite/ganache-ui#4787 from trufflesuite/dependabot/npm_and_yarn/url-parse-1.5.10
• 02bf787 Bump url-parse from 1.5.7 to 1.5.10
• 19aa614 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4781 from trufflesuite/init-0812
• a42a8e4 Update Solidity version in Truffle Init to 0.8.12
• 611e006 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4772 from trufflesuite/network-issue-4327
• dc4b327 Change variable name
• 449b5db Update packages/core/lib/commands/test/run.js
• 445ee7a Add comments in the code
• a11dfb2 Publish
• d66a795 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4745 from trufflesuite/open-the-gates

See the full diff

Package name: @truffle/decoder

The new version differs by 250 commits.

• fb27278 Publish
• b31b941 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4363 from trufflesuite/archaeology
• c1cb87d Add test of compiling on Solidity <0.4.20
• 9e51fe6 Merge pull request System Error when running Ganache 2.5.4 on win32 trufflesuite/ganache-ui#4346 from trufflesuite/extract-web3-eth
• 9500eea Update type for Eip1193Provider request method
• 5467f5b Remove unused import
• b29a361 Rename type
• 58ff2d6 Add block type and add typings
• cdbe05b Simplify check for eip1193-compliancy
• ebe5c41 Add type for 1193-compliant provider
• bd5ff12 Simplify variable name
• ff9d48a Add Log type and adjust a typing
• ccddc9d Rename Web3Adapter to ProviderAdapter
• d2b9dfc Refine some methods and tweak return values to keep parity with web3's returns
• 0fef3d8 Remove web3-eth and implement our own rpc calls
• 0a6e24e Write our own implementation for eth_getCode in decoder
• a422fe4 Adjust implementation for web3-eth to copy the style in the docs
• 537ad5a Remove type, refine a type, and get ts to compile
• ecf743a Add getStorageAt method and use it in decoders
• b34657e Update decoders to use web3Adapter instead of web3 directly
• 6a0aac8 Add one more method and loosen a type or two to continue hacking
• 7afff55 Add a few more methods to Web3Adapter class
• efac32b Refine types a bit and update call to getPastLogs
• c66e6dd WIP for implementing the Web3Adapter for the decoder

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cryptographic Issues
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn