[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sharp

The new version differs by 250 commits.

• db654de Release v0.30.5
• a6aeef6 Install: pass `PKG_CONFIG_PATH` via env rather than substitution
• 7bf6cbd Docs: correct links to libvips documentation
• 04c31b3 Install: warn about filesystem owner running npm v8+ as root
• ee9cdb6 Bump deps
• 8960eb8 Docs: changelog entry for #3218
• 54d9dc4 Fix rotate-then-extract for EXIF orientation 2 (#3218)
• 51b4a7c Add support for --libc flag to improve cross-platform install (#3160)
• 5b03579 Docs: more details about concurrency, parallelism, threads
• 58c2af3 Docs: improve output format info for toBuffer
• ee948ac Docs: changelog and credit for #3196
• 66a3ce5 Allow installation of prebuilt libvips binary from filesystem (#3196)
• 75e5afc Docs: fix typo in gif example (#3201)
• d396a4e Release v0.30.4
• ae1dbcd Bump deps
• 4c29368 Docs: EXIF metadata unsupported for TIFF output #3074
• 36e5596 Docs: mention npm's foreground-scripts option to aid debugging
• 985e881 Bump deps
• 0b11671 Docs: changelog for #3178
• 9deac83 Add missing file name to 'Input file is missing' error message (#3178)
• 5d36f5f Improve error message for SVG render above limit #3167
• 926572b Control sensitivity to invalid images via failOn
• d0c8e95 Docs: expand info about use with worker threads
• b0ca23c Docs: changelog and credit for #3146

See the full diff

Package name: twilio

The new version differs by 105 commits.

• 97f60c8 Release 3.54.2
• 8c0898c [Librarian] Regenerated @ 15a74dddee9e2bba5fb0d673b5288e65d4ab3201
• 9a7da3e chore: update template files
• c226431 fix: url encoding for validateExpressRequest (#642)
• 10fa1ec fix: axios update to v0.21.1 (#640)
• bf4a89a Update .travis.yml
• c270737 Update .travis.yml
• ae96ebe Release 3.54.1
• 58e69a6 [Librarian] Regenerated @ 15a74dddee9e2bba5fb0d673b5288e65d4ab3201
• 1cb33f1 Release 3.54.0
• aab9558 [Librarian] Regenerated @ 28cbb7d771677c50c64003cc2c5afc660ccc6fa3
• a39b111 Release 3.53.0
• 221fba8 [Librarian] Regenerated @ 0604d0d9a213f39954083b366c3fc667d22d702e
• afec144 Release 3.52.0
• 42ee8d3 [Librarian] Regenerated @ 146e53875c8c04da5a6c73f65aa5011ad65b2dfd
• 4f2b4f9 chore: Move @ types dependencies to peerDependencies (#630)
• 5289971 Release 3.51.0
• 021203d [Librarian] Regenerated @ 551da0c03315c2791ce53816c329fd1fb37f471f
• 528fc25 fix: X-Twilio-Signature validation when URL query parameters contain @ or : (#621)
• 90f4c46 chore: update badge
• a128488 feat: add regional twr header in the access token (#623)
• 5a10bfd fix: remove request auth headers from debug logging (#622)
• d1157f2 chore: pin jasmine for compatibility with older node versions (#625)
• 0d5ff50 chore: update template files

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn