[Snyk] Fix for 14 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: highlighter

The new version differs by 2 commits.

• f995056 v0.1.0
• af40d86 Update dependencies

See the full diff

Package name: metalsmith-copy

The new version differs by 20 commits.

• 9feaecf bump version to 0.4.1
• 79ac787 Merge pull request Fix small typo in managing addresses & document API email #20 from mcarneiro/master
• e51f5dd updating packages (audit fixes);
• 01825a4 bump version to 0.4.0
• 5215daa Merge branch 'ignore'
• e1874a8 add `ignore` option
• b35a48d document overwrite behavior
• 9a668c0 fix tests for force option
• 1e079d1 update minimatch and mocha, add package-lock.json
• e329ec9 fix check for required options with falsy values
• 8c3bce1 clean up README, update LICENSE year
• 0dbfc44 Merge pull request PerchAPI_Factory #13 from philippbosch/patch-1
• 54499da Add missing closing parenthesis
• cbbb905 minor: bump version to 0.3.0
• 2d23082 Merge branch 'skip-unchanged' of https://github.com/timdp/metalsmith-copy
• 7c78f7c Merge pull request PerchAPI_Base #12 from slajax/slajax/force-overwrite
• 2fd9bdb allow force overwrite
• b3ff523 Merge pull request PerchAPI_Factory #11 from ndossougbete/master
• 28a68fe Fix imports that broke when running in strict mode
• 32e0748 Skipping unchanged files

See the full diff

Package name: metalsmith-markdown

The new version differs by 33 commits.

• 2a4eede 1.2.0
• a1a360e Updated packages
• 766d1b6 Merge pull request perch_template(): parameters and examples #36 from firmgently/docs-patch-custom-renderer-info
• 22a1015 example corrected
• 95cea93 docs clarify how to use custom renderer
• 5afbbea 1.1.0
• c0255ae Updated packages
• 64dce32 1.0.1
• 9303875 Scripts: Added post version push and publish
• 902f1f8 Package - Debug: upgraded
• 6189068 relocated badges
• fdb9b16 Updated badge
• 4f90b65 Added Prettier and ESLint
• 77d81e7 1.0.0
• 8136dea History file: updated
• 2a0c309 Packages Updated
• c232a98 Merge pull request The file-type attribute  #10 from haohui/haohui-precise-match-extname
• 2685861 Merge branch 'stefanhenze-master'
• e960bfd Merge branch 'master' of https://github.com/stefanhenze/metalsmith-markdown into stefanhenze-master
• 7bd82f9 Merge pull request Namespace reminders #24 from datesss/master
• 7c40a6a Merge pull request Shop app: perch_shop_products() pagination options #16 from martinvehmas/master
• a67fed1 Merge pull request perch_shop_delete_address() #30 from Zearin/fix/Buffer
• 245dbb3 Merge pull request PerchSmartbar #6 from blakeembrey/patch-1
• baacb43 Merge pull request Shop: pagination options for runtime functions #32 from ilyaigpetrov/master

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic