[Snyk] Fix for 22 vulnerabilities

[nathang21]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:content-type-parser:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 31 commits.

• a0fbd50 8.0.2
• 2004b91 require correct deps
• fa56d21 Always use unpad (#535)
• 295091d Allow ^ version for babel dependencies (#534)
• d3b8519 fix(package): update babylon to version 7.0.0-beta.31 (#533)
• 54ab4ac 8.0.1
• c1a7882 Update README.md support (#531) [skip ci]
• 51100c9 chore(package): update mocha to version 4.0.0 (#524)
• 5742b71 Adding optionalCatchBinding to plugins. (#521)
• 905887c 8.0.0
• 49493e4 update to beta.0
• 42d0c5b Remove already fixed workaround (#508)
• 25bd208 8.0.0-alpha.17
• 1468905 alpha.17
• 57c133e 8.0.0-alpha.15
• 1e41162 update (#504)
• c31b577 Readme update usage section (#501) [skip ci]
• c2626f9 Update eslint to the latest version 🚀 (#500)
• 3c6b2de chore(package): update husky to version 0.14.0 (#498)
• e052d5a Update install instructions to use latest stable release (#497) [skip ci]
• 8e3e088 8.0.0-alpha.13
• f757e22 Merge pull request #493 from danez/regression-test
• 5736be6 Update babylon
• 37f9242 Add Prettier (#491)

See the full diff

Package name: css-loader

The new version differs by 98 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• a7985a6 6.0.0
• be74dd9 Build: changelog update for 6.0.0
• 81aa06b Upgrade: [email protected] (#11869)
• 5f022bc Fix: no-else-return autofix produces name collisions (fixes #11069) (#11867)
• ded9548 Fix: multiline-comment-style incorrect message (#11864)
• cad074d Docs: Add JSHint W047 compat to no-floating-decimal (#11861)
• 41f6304 Upgrade: sinon (#11855)
• 167ce87 Chore: remove unuseable profile command (#11854)
• c844c6f Fix: max-len properly ignore trailing comments (fixes #11838) (#11841)
• 1b5661a Fix: no-var should not fix variables named 'let' (fixes #11830) (#11832)
• 4d75956 Build: CI with Azure Pipelines (#11845)
• 1db3462 Chore: rm superfluous argument & fix perf-multifiles-targets (#11834)
• c57a4a4 Upgrade: @ babel/polyfill => core-js v3 (#11833)
• 65faa04 Docs: Clarify prefer-destructuring array/object difference (fixes #9970) (#11851)
• 81c3823 Fix: require-atomic-updates reports parameters (fixes #11723) (#11774)
• aef8ea1 Sponsors: Sync README with website
• 4f48f5a 6.0.0-rc.0
• 6bad650 Build: changelog update for 6.0.0-rc.0
• f403b07 Update: introduce minKeys option to sort-keys rule (fixes #11624) (#11625)
• 87451f4 Fix: no-octal should report NonOctalDecimalIntegerLiteral (fixes #11794) (#11805)
• e4ab053 Update: support "bigint" in valid-typeof rule (#11802)
• e0fafc8 Chore: removes unnecessary assignment in loop (#11780)
• 20908a3 Docs: removed '>' prefix from from docs/working-with-rules (#11818)
• 1c43eef Sponsors: Sync README with website

See the full diff

Package name: eslint-loader

The new version differs by 45 commits.

• 4895987 chore(release): 3.0.0
• 78626bb ci: fix (#291)
• fc8b4e4 chore(release): 3.0.0
• dcbac5f chore: bump lodash from 4.17.5 to 4.17.15 (#288)
• 4204560 fix: emit warning/error if no config was found/given (#286)
• 997cce5 fix: try load official formatter (#285)
• 8cb02a6 docs: update `gotchas` (#284)
• 2a72daa chore(release): 2.2.1
• 8601da9 fix: eslint package path for cache (#283)
• bc2216e chore(release): 2.2.0
• f611fdb docs: github stuff (#280)
• db82922 Update LICENSE (#278)
• 310b8f4 docs: formatting (#250)
• b6c3938 feat: add eslint 6 support (#275)
• 02c1e76 2.1.2
• d763726 Fix autofix for eslint < 5 (#262)
• f9d48ea 2.1.1
• 7040248 Stop fixing loop (#244)
• 7108379 Allow `formatter` to receive string (path) to file exporting formatter function (#247)
• 3d63b44 2.1.0
• 2ddc184 use eslint-config-i-am-meticulous + --fix
• c8e6ad5 format with prettier
• eba1199 Update npmpub and add prettier
• ce31d52 Update lock file

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: node-sass

The new version differs by 227 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5aad1e7 chore(release): 4.8.0
• 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (#4368)
• 7920364 feat: export initialized socket client (#4304)
• 4e7800e chore: update webpack (#4367)
• fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (#4366)
• 67c080b chore(deps-dev): bump puppeteer from 13.5.1 to 13.5.2 (#4361)
• 56ec411 chore(deps): bump html-entities from 2.3.2 to 2.3.3 (#4358)
• ca8a53a chore: update deps and fix audit (#4356)
• 501f6aa chore(deps-dev): bump @ babel/runtime
• 7d2b4f0 chore(deps-dev): bump @ babel/core
• 95e26fe test: add cases for `webSocketURL` with `server` option (#4346)
• 84b4774 chore: migrate script for examples on `setupMiddlewares` option (#4347)
• a7ccab1 chore: replace deprecated String.prototype.substr() (#4343)
• 1bf2614 chore(deps-dev): bump lint-staged from 12.3.6 to 12.3.7 (#4344)
• 188497a chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 (#4339)
• 7560a37 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.6 (#4341)
• dc2d6f7 chore(deps): bump http-proxy-middleware from 2.0.3 to 2.0.4 (#4333)
• 552e4ab chore(deps-dev): bump @ babel/runtime
• af3de07 chore(deps-dev): bump @ babel/core
• a80fa1f chore(deps): bump @ types/ws
• 457e1e5 chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 (#4334)
• b48ff7f chore(deps-dev): bump puppeteer from 13.5.0 to 13.5.1 (#4330)
• 3ce15d4 chore(deps-dev): bump puppeteer from 13.4.1 to 13.5.0 (#4329)
• a892235 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (#4328)

See the full diff

Package name: webpack-manifest-plugin

The new version differs by 41 commits.

• bcca890 2.0.4
• a6e8a2e doc: fix anchor link
• 5e1462b improve functions documentations
• d35b413 upgrade dependencies
• 3aefada chore(package): upgrade to [email protected] (#163)
• cad06c8 2.0.3
• 5dca486 Fix scope hoisting (#152)
• 95d94ef 2.0.2
• 2d705ec fix: output all manifests in multi compilation (#148)
• cbab79e 2.0.1
• f5cc167 fix: always run hooks last for `webpack@4` (#142)
• 24acf95 2.0.0
• 10217a6 fix(seed): reset seed on each emit (#140)
• 80c01c5 feat: allow publicPath to be overriten (#139)
• 3cda5b3 test: from jasmine to jest (#135)
• 5f5413d finalize webpack@4 implementation (#134)
• 052970e 2.0.0-rc.2
• a1c7f4e fix: use multiple instances at the same time
• 51fb5a4 test: failing test when using multiple instances
• 661af13 add serialize option (#123)
• bf8b772 add support for webpack4 (#118)
• 409b0fb Fix small typo (#98)
• 779f5c0 fix: default sort option (#95)
• ed72f68 2.0.0-rc.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn