[Snyk-dev] Fix for 29 vulnerabilities

[lili2311]

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • goof-yarn/package.json
  • goof-yarn/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	No	No Known Exploit
	541/1000 Why? Recently disclosed, Has a fix available, CVSS 5.1	Cross-site Scripting SNYK-JS-EXPRESS-7926867	No	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	391/1000 Why? Recently disclosed, Has a fix available, CVSS 2.1	Cross-site Scripting SNYK-JS-SEND-7926862	No	No Known Exploit
	391/1000 Why? Recently disclosed, Has a fix available, CVSS 2.1	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Cross-site Scripting
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn