[Snyk] Fix for 6 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/v8/tools/clusterfuzz/js_fuzzer/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) SNYK-JS-JUSTEXTEND-72674	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: pkg

The new version differs by 142 commits.

• ee8808a 5.0.0
• 08b26a4 Bump to vercel/pkg-fetch@v3.0.3 (deps: upgrade npm to 2.7.1 nodejs/node#1142)
• 211da6e Bump to vercel/pkg-fetch@v3.0.2
• 779adf8 Fix isPublic check for licenses array (Revert stream base nodejs/node#1140)
• 63f4ce0 test: add "node14" to fetch-all
• 6ecd52a Drop references to Node < 8
• 247d1d5 Fix "pkg-fetch" types
• bba8148 Don't mix objects of different types
• 5a97ee2 Cleanup dependencies
• 14fb420 Bump to vercel/pkg-fetch@v3.0.1
• 8756fc1 Support mkdir at mountpoints (tools/update-authors.sh doesn't work on OSX nodejs/node#1120)
• 94cdb69 test: add unit test for IO.js as a mentoring organization for Google Summer of Code nodejs/node#775 (doc: add Malte-Thorben Bruns to .mailmap nodejs/node#1118)
• 3507e2c Skip pnpm tests when nodeversion is < 12 ( test: fix variables quoated when path has spaces on Windows nodejs/node#1122)
• 6deb812 TypeScript Rewrite ( Failed to load c++ bson extension nodejs/node#1099)
• b7426da Remove coverage badge from README. (Already buffered data when creating a TLSSocket doesn't trigger/throw 'error' nodejs/node#1114)
• d3b9585 Extend ESLint to test files. (doc: move checkServerIdentity option to tls.connect() nodejs/node#1107)
• bbb20b2 Update License Zeit -> Vercel. (doc: Better links for all WGs + sp edits nodejs/node#1113)
• eb8921a Add support for symlink and pnpm. (Release proposal: v1.5.0 nodejs/node#1060)
• 79cca54 feat(parser): handle template literal without expressions (Feature-detect "use regular streams as an underlying socket for tls.connect()" nodejs/node#981)
• 2c1fa89 typo fix in readme (tls_wrap: proxy handle methods in prototype nodejs/node#1108)
• d9dc558 Add section about bytecode flag to README.md (https: certificate validation fails when using servername option nodejs/node#1106)
• c9ad6ff Add Windows builds on CI. (io.js for Raspberry Pi 2? nodejs/node#1105)
• 11b93bf Update all dependencies to latest. (http: send Content-Length when possible nodejs/node#1062)
• cceb78a Update release script. (fs: fix .write() not coercing non-string values nodejs/node#1102)

See the full diff

Package name: sinon

The new version differs by 250 commits.

• 6547aa1 16.1.2
• 9ea3d5b Fix hooks-install
• 6c28d07 16.1.1
• ff0e993 Showcase #replace.usingAccessor for DI in the typescript case study (Adding an extra check for cert.subject before assuming it is there. nodejs/node#2556)
• c47a4be Bump @ babel/traverse from 7.22.5 to 7.23.2 (Investigate flaky test test-http-client-timeout-event nodejs/node#2555)
• f0d250b Add TOC feature to articles (Investigate flaky test test-tls-no-sslv3 nodejs/node#2554)
• 737736f 16.1.0
• cac5184 Enable use of assignment in the presence of accessors (added before-flushing-head event to _http_server.ServerResponse.writeHead nodejs/node#2538)
• f8c20e5 New article: making Sinon work with complex setups (use unsorted array in Timers._unrefActive() nodejs/node#2540)
• cb5b962 Add NPM script 'dev-docs' and document its usage
• dd7c609 Add a little update to contributing
• 79acdf3 Move tool versions into single file at root
• 03b1db5 Expose Changelog page (src: add missing Exception::Error in node_http_parser nodejs/node#2550)
• e1c3dad Add section on tooling and recommend using ASDF for tool versioning (src: use ZCtxt as a source for v8::Isolates nodejs/node#2547)
• 062e318 16.0.0
• c339605 fix(2525): ensure non empty message when error of type string is passed, but no message (src: only memcmp if length > 0 in Buffer::Compare nodejs/node#2544)
• 8d1f85b Modernize build script syntax slightly (Inspecting Node.js with Chrome DevTools nodejs/node#2546)
• 67a8cea docs(sandbox): fix example that defines a non-function property (Feature: requestIdleCallback(cb) nodejs/node#2543)
• baa1aee .define method (src: replace naive search with naive + BMH in Buffer::IndexOf nodejs/node#2539)
• 2ddf7ff Bump actions/checkout from 3 to 4 (test: speed up test-child-process-spawnsync.js nodejs/node#2542)
• 5fc17c7 Remove dead code
• fe799e7 Fix issue 2534: spies are not restored (test: make spawnSync() test robust nodejs/node#2535)
• 305fb6c fix: actaully reset 'injectedKeys' (changelog missing for v3.1.0 release nodejs/node#2456)
• 8186280 Bump word-wrap from 1.2.3 to 1.2.4 (http: add strictMode option and checkIsHttpToken check nodejs/node#2526)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution
🦉 Insecure Randomness