[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: merkle-patricia-tree

The new version differs by 20 commits.

• 5b227a1 Merge pull request Migrations and tests maticnetwork/contracts#65 from ethereumjs/new-release-v300
• dd3ddaf Bumped version to v3.0.0, added CHANGELOG entry
• f86961e Merge pull request Contracts refactoring maticnetwork/contracts#61 from ethereumjs/refactor-checkpoint-interface
• 96a6325 Fix JSDoc comments. Rebuild docs
• c2da4c3 Fix syntax for tests
• 1011e1a Add scratchReadStream.js to .gitignore
• abfc449 Rewrite baseTrie as an ES6 class. Extract scratchReadStream to its own file from checkpoint-interface
• 07c0649 Merge pull request Refactor RootChain and depositManager maticnetwork/contracts#62 from whymarrh/ignore-package-lock
• 8abc418 Merge pull request Minor design fixes maticnetwork/contracts#63 from ethereumjs/fix-docs
• c78acf7 Fix building documentation
• 6a59204 Add package-lock.json to .gitignore
• e6c8107 Merge pull request Make deposits pause-able  maticnetwork/contracts#60 from alanshaw/chore/update-async-readable-stream
• a53c0bd chore: update async and readable-stream dependencies
• 3b96e3a Merge pull request correct ordering of event params name maticnetwork/contracts#57 from ethereumjs/i44-es6
• 1b421fd Update test paths
• d0089c1 Add files to .gitignore
• b7266a6 Add support for ES6 classes
• 192a06a Merge pull request minor refactoring and potential gas savings! maticnetwork/contracts#56 from ethereumjs/level-upgrade
• df69683 Removed outdated Node versions 4,5,7, added version 10 in travis build config
• 0334d65 Replace levelup+memdown with level-mem 3.0.1 and upgrade level-ws to 1.0.0

See the full diff

Package name: nunjucks

The new version differs by 27 commits.

• fd50090 Release v3.2.3
• d34fdbf Temporarily comment out codecov action
• cefad41 Replace README.md travis badge with github actions
• 7601ff4 Fixup github actions workflow file
• de9dc67 Add GitHub Workflow for tests. fixes #1333
• aa9e5b9 Fix prototype pollution security issue. fixes #1331
• f51afa3 Move chokidar to peerDependencies and make it optional via peerDependenciesMeta (#1329)
• f91f1c3 Fix `groupby` example formatting
• 7ef121c Add base and default args to int filter
• 0c02062 Use attribute getter for `sort` filter
• c7337e7 Release v3.2.2
• bea3a43 CHANGELOG: Fix issue link
• 8186d4f Don't append extra newline when using |indent filter
• 73a4eb3 Document `with context` behavior for `import` directive (fr)
• eea081c Document `with context` behavior for `import` directive
• bbcbaf3 Fix issue where sync render would not raise errors in included templates
• 63c4baf Remove development files from NPM package. Fixes #984
• 85918ef Document `if` statement with multiple conditions (fr). refs #1284
• 7ddd747 Document `if` statement with multiple conditions
• 1e29863 Add support for nested attributes in `groupBy` filter. Fixes #1198
• 7087fa9 Fix precompile bin TypeError: name.replace is not a function
• 1736334 Modify CHANGELOG message for select/reject filters
• 62565a1 Add `reject` filter
• 647fc11 Change version query

See the full diff

Package name: truffle-plugin-verify

The new version differs by 30 commits.

• 67dbac2 Bump version to 0.5.5
• 100ca70 Update dependencies
• be0717b Bump version to 0.5.4
• 1f4b159 Fix bug with library linking for Solidity >=0.7.5
• e627d26 Bump version to 0.5.3
• 63c1a0c Add section about BscScan verification to README
• 0c23e6f Add separate field for bscscan API keys (using etherscan API key as fallback)
• 9f38c1e Update BscScan explorer links
• 32ab0f6 feat: support bsc (Erc721 receiver maticnetwork/contracts#51)
• 9f571e8 Update contract source paths for Windows so Windows can find the files (npm install fails maticnetwork/contracts#54)
• 53f1a39 Bump version to 0.5.2
• a045040 Extract compiler settings from metadata instead of artifact
• ec45d5f Bump version to 0.5.1
• ba6fa0c Add debug logging of all caught errors
• 9471050 Bump version to 0.5.0
• 665a33c Update tutorial code
• e3dcf65 Update README
• 4db917d Fix artifact path on windows and bump version to 0.4.1
• 402b76c Add test folder for OpenZeppelin SimpleToken
• 12c338d Enable node_modules contracts to be used
• 0ec45a8 Add ECMA style imports to the metacoin folder
• fbcfe70 Update README.md
• 495b125 Add test folder with a project for manual testing
• 9c14d2c Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-Side Request Forgery (SSRF)
🦉 Prototype Pollution