SWI-3723 [Snyk] Security upgrade @bandwidth/numbers from 1.7.0 to 1.9.2

[bwappsec]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00084, Social Trends: No, Days since published: 371, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.64, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	No	Proof of Concept
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00437, Social Trends: No, Days since published: 394, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	67/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00046, Social Trends: No, Days since published: 271, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.81, Score Version: V5	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2289, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @bandwidth/numbers

The new version differs by 50 commits.

• 6e899bc Bump xml2js from 0.4.23 to 0.5.0 (SWI-3723 [Snyk] Security upgrade @bandwidth/messaging from 2.0.2 to 3.0.0 #62)
• 31dd082 fix: package.json & package-lock.json to reduce vulnerabilities (SWI-3723 [Snyk] Security upgrade @bandwidth/numbers from 1.5.0 to 1.9.2 #65)
• 92b6fe6 Bump cookiejar from 2.1.2 to 2.1.4 (SWI-3723 [Snyk] Security upgrade ngrok from 3.2.7 to 4.0.0 #60)
• f36c3b6 Bump qs from 6.9.1 to 6.11.0 (Bump ansi-regex #58)
• 8ee834e Merge pull request Bump simple-get from 3.1.0 to 3.1.1 #59 from Bandwidth/DX-3099
• 07fe098 Update test.yml
• 6dab06e Naming Consistency
• 5cbce8e Update .github/workflows/Test.yml
• 872d0fb Remove windows tests for now
• 5039ec4 Add `NODE_ENV`
• a1bc1b6 DX-3099 Update `actions/checkout` and `actions/setup-*`
• ecada4c DX-2518 Remove Draft Release (Bump json-schema and jsprim #57)
• 93e9798 DX-2478 CODEOWNERS (Bump qs from 6.5.2 to 6.5.3 #56)
• 8587a60 Merge pull request Bump moment from 2.27.0 to 2.29.2 #45 from Bandwidth/dependabot/npm_and_yarn/pathval-1.1.1
• 55445df Merge pull request Bump semver from 5.7.1 to 5.7.2 #54 from dsolowitz/patch-2
• ea3ca5f Bump pathval from 1.1.0 to 1.1.1
• e09e532 Merge pull request Bump cookiejar from 2.1.2 to 2.1.4 #55 from Bandwidth/DX-2448
• 7d01e8b Update README.md
• c5d2e08 Add args logic to handle global config
• 1427924 DX-2448 Add moveTns endpoints
• 5c65668 Update package-lock.json
• 06aff01 Update README.md
• 452815d DX-2441 Add Issue Template (Bump tough-cookie and ngrok in /assets/server/node #53)
• 6740167 Merge pull request Bump semver and keytar #52 from dsolowitz/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Poisoning