[Snyk] Fix for 1 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	50/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.08, Score Version: V5	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	Yes	No Known Exploit	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: ejs

• 3.1.10 - 2024-04-12
  

  Version 3.1.10

• 3.1.9 - 2023-03-12
  

  Version 3.1.9

• 3.1.8 - 2022-05-11
  

  Version 3.1.8

• 3.1.7 - 2022-04-20
  

  Version 3.1.7

• 3.1.6 - 2021-02-06
  

  Version 3.1.6

• 3.1.5 - 2020-08-17
  

  Version 3.1.5

• 3.1.4 - 2020-08-17
• 3.1.3 - 2020-05-17
  

  Version 3.1.3

• 3.1.2 - 2020-04-24
  

  Version 3.1.2

• 3.0.2 - 2020-03-29
  No content.
• 3.0.1 - 2019-11-24
  

  Version 3.0.1

• 2.7.4 - 2019-11-19
• 2.7.3 - 2019-11-19
• 2.7.2 - 2019-11-13
• 2.7.1 - 2019-09-02
• 2.6.2 - 2019-06-15
• 2.6.1 - 2018-05-05
• 2.5.9 - 2018-04-19

from ejs GitHub release notes

Package name: mem-fs-editor

• 7.0.0 - 2020-06-01
  

  7.0.0

• 6.0.0 - 2019-05-28
  

  6.0.0

• 5.1.0 - 2018-07-03
  
  • Add ignoreNoMatch option to read functions
• 5.0.0 - 2018-06-30
  

  Breaking: Updated from globby v7 to v8. This version of globby replaced node-glob with fast-glob. fast-glob has slightly different options (example: the ignore option only accept an array of strings, not a single string.) This could usage of advanced glob features within mem-fs-editor.

• 4.0.3 - 2018-06-30
  

  Risky change: The bump of globby from 7 to 8 broke backward compatibility for some users relying on the previous globby API. This release revert to globby v7 to make sure we maintains backward compat (#111)

  This revert could on the other hand cause issue to people who started using mem-fs-editor recently. If that's your case, please upgrade to mem-fs-editor v5.

  In advance, sorry for the trouble cause by this upgrade.

• 4.0.2 - 2018-05-06
  
  • Fix copying binary files
• 4.0.1 - 2018-04-30
  

  Dependency bump

from mem-fs-editor GitHub release notes

Package name: yeoman-generator

• 4.11.0 - 2020-06-26
  
  • Add Storage caching.
  • Add support to generators with no tasks.
  • Add Storage proxy, it can be used as a plain js object instead of using get/set.
  • Pass the generator as context to ejs (when using built-in shortcuts).
  • Bug fixes.
• 4.10.1 - 2020-05-11
  
  • Add skipLocalCache option.
    Cache prompt suggestions only to global yo-rc.
• 4.10.0 - 2020-05-03
  
  • Add shortcuts to mem-fs-editor methods
  • Make properties/functions starting with # reserved for composing.
  • Fixes and improvements.
• 4.9.0 - 2020-04-24
  
  • Add support to prompts with storage. this.prompt(prompts, this.config); will use the storage to read/write answers.
    • Prompt is ignored if the value is !== undefined (pass --ask-answered to force the prompt to be shown, stored value is the default value)
• 4.8.3 - 2020-04-22
  
  • Remove run-queue pause.
    It doesn’t work due to multiple scheduled runs.
• 4.8.2 - 2020-04-13
  
  • Improve error handler with newer environments.
• 4.8.1 - 2020-04-12
  
  • Revert error handler behavior: Make sure it's not handled.
  • Make sure to don't continue runLoop when a error is emitted.
• 4.8.0 - 2020-04-08
  
  • Fix security warning.
  • Any emitted error rejects #run promise.
  • Implement cancellable tasks. (#1204)
  • Add option to forward errors to the environment.
  • Make yeoman-environment and mem-fs-editor dependency optional.
  • Implement conflicter predefined status (#1210)
  • Allow decoupling generator's and composed generator's cwd from env cwd.
  • Implement checkEnvironmentVersion
  • Fixes.
• 4.7.2 - 2020-03-14
  
  • Add missing parameter to catch.
  • Update dependencies.
• 4.7.1 - 2020-03-11
  
  • Fixes dependency error.
• 4.7.0 - 2020-03-09
• 4.6.0 - 2020-02-26
• 4.5.0 - 2020-01-27
• 4.4.0 - 2019-12-24
• 4.3.0 - 2019-12-15
• 4.2.0 - 2019-10-27
• 4.1.0 - 2019-09-26
• 4.0.2 - 2019-09-01
• 4.0.1 - 2019-05-28
• 4.0.0 - 2019-05-08
• 3.2.0 - 2018-12-22
• 3.1.1 - 2018-07-28
• 3.1.0 - 2018-07-24
• 3.0.0 - 2018-07-01
• 2.0.5 - 2018-04-30

from yeoman-generator GitHub release notes

Commit messages

Package name: mem-fs-editor

The new version differs by 38 commits.

• 19d0f5f 7.0.0
• cb32e91 Misc improvements and fixes. ([Snyk] Fix for 11 vulnerabilities #147)
• a37c36c Update ejs to the latest version 🚀 ([Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #140)
• 6fabce9 Update rimraf to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #138)
• 40c1ce8 Update mkdirp to the latest version 🚀 ([Snyk] Fix for 12 vulnerabilities #142)
• e26d7da Update sinon to the latest version 🚀 ([Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #141)
• f81b9cb Update eslint to the latest version 🚀 ([Snyk] Fix for 27 vulnerabilities #135)
• 10a27ad Update globby to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #136)
• 9e35f77 6.0.0
• 201bca6 Bump dependencies
• c35e6a2 Update dev dependencies
• 07b6233 Fix fs.copy twice with glob path fails second time because it tries to do copySingle with the glob path as the glob path is currently in store. ([Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #132) ([Snyk] Fix for 34 vulnerabilities #133)
• 107d400 Update globby to the latest version 🚀 ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #129)
• ce60ee5 Update sinon to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #128)
• 59ea696 Update multimatch to the latest version 🚀 ([Snyk] Fix for 60 vulnerabilities #126)
• b3e3758 Update through2 to the latest version 🚀 ([Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #124)
• 22b1414 5.1.0
• cc0cafc Update documentation to fast-glob
• 4d87efc Update README.md
• 33be839 add options ignoreNoMatch to ignore zero check ([Snyk] Security upgrade @babel/traverse from 7.0.0 to 7.23.2 #121)
• ecae0c4 5.0.0
• 4c6d268 Bump all dependencies to latest; fix npm audit issues
• 1bab273 4.0.3
• 5aab432 Revert back to globby 7 to fix backward compatibility; Fix [Snyk] Fix for 1 vulnerabilities #111

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Control of Dynamically-Managed Code Resources