[Snyk] Fix for 24 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/celotool/package.json
  • packages/celotool/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-DATEANDTIME-1054430	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Timing Attack SNYK-JS-ELLIPTIC-511941	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GRPCGRPCJS-1038818	No	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: prompts

The new version differs by 101 commits.

• 66ccf0b 2.4.2
• 8ee1061 Update dependencies
• bf39500 [Security] Fix ReDoS ([Snyk] Security upgrade react-native-webview from 5.12.1 to 11.0.0 #333)
• 22fe104 2.4.1
• 771ff1d fix(text-input): make cursor reflect current position ([Snyk] Security upgrade firebase from 6.2.4 to 8.0.1 #300)
• 6e11c76 Added gh size action ([Snyk] Fix for 1 vulnerabilities #286)
• 972fbb2 2.4.0
• f437308 Update sisteransi
• 53ab834 handle escape as exit + clearFirst featue for autocomplete ([Snyk] Fix for 1 vulnerabilities #280)
• 9628ebe Fixes [Snyk] Fix for 1 vulnerabilities #274: remove internal use of process.stdout ([Snyk] Fix for 1 vulnerabilities #275)
• a90d118 fix(inject): treat undefined in inject as initial value ([Snyk] Fix for 1 vulnerabilities #266)
• abe3c01 Loop cursor on all select-style prompts ([Snyk] Fix for 1 vulnerabilities #270)
• 6c51699 Fixed HTML ([Snyk] Security upgrade firebase from 6.2.4 to 7.22.0 #272)
• be513e2 Bump lodash from 4.17.15 to 4.17.19 ([Snyk] Fix for 1 vulnerabilities #268)
• 2d776bb Fixes [Snyk] Fix for 1 vulnerabilities #257: Add stdin and stdout to the docs ([Snyk] Fix for 1 vulnerabilities #258)
• b1dd6b1 Update sisteransi
• 603e823 2.3.2
• 4230144 Update dependencies
• a3ea77d autocomplete: fix bold symbols ([Snyk] Fix for 1 vulnerabilities #255)
• 71e1512 Update funding.yml
• ed765bc Create funding.yml
• 2047fcd 2.3.1
• 860b71e Update dependencies
• a5b4789 Fix "Multiselect repeated in terminal" ([Snyk] Fix for 1 vulnerabilities #253)

See the full diff

Package name: yargs

The new version differs by 65 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (Fix broken Discord link celo-org/celo-monorepo#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (Users SBAT historic gold prices in gold tab celo-org/celo-monorepo#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (Fix the e2e test script to make sure all previous servers are killed before starting a new one.  celo-org/celo-monorepo#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs ([wallet] If an action is in the blacklist, now only logs the name (but not the payload) celo-org/celo-monorepo#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 ([Android] [Localization] “.” (Dot) is shown instead of “,” (Comma) for payment request decimal amount on “Payment Request” section from “Wallet” tab when app language is “Espanol (America Latina)”.  celo-org/celo-monorepo#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. ([Android] Onboarding Verification fails celo-org/celo-monorepo#1330)
• c294d1b test: accept differently formatted output (Add selectIssuers Transaction celo-org/celo-monorepo#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking ([Android] Password masking dot (.) is cut from the upper side on “Enter PIN” field while entering the password after proceeding for the send or request payment.  celo-org/celo-monorepo#1320)
• 0295132 fix: address issues with dutch translation (SDK users sbat request a variable number of attestations at once, with a default of 3 celo-org/celo-monorepo#1316)
• 9f2468e doc: clarify parserConfiguration object structure ( [Android] [Device Specific] User is unable to enter a decimal value in the “Amount” field on “Send or Request” screen while proceeding for “ Send or request “ payment.  celo-org/celo-monorepo#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 ( User blocked to send the invitation via Facebook Messenger/Hangout app.  celo-org/celo-monorepo#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (Reserve contract should use Fixidity celo-org/celo-monorepo#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Arbitrary Code Injection