[Snyk] Fix for 5 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • guacamole/src/main/frontend/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: copy-webpack-plugin

The new version differs by 83 commits.

• 46af20a chore(release): 7.0.0
• 5d5635f refactor: code (GUACAMOLE-1146: Take configured "totp-period" into account when generating tokens. apache/guacamole-client#567)
• c6f68a5 refactor: code
• 4cea28b refactor: next
• 6c11e21 chore(release): 6.4.0
• db53937 feat: added the `info` option
• 9bc5416 feat: added type `Function` for the `to` option (GUACAMOLE-793: validateTicket() returns the CASAuthenticatedUser instance apache/guacamole-client#563)
• 7167645 chore(release): 6.3.2
• 7b58fd9 fix: watching directories (GUACAMOLE-781: CS Translation updated apache/guacamole-client#558)
• 5215721 chore(release): 6.3.1
• c92b5ee style: default prettier options (GUACAMOLE-1147: Add support for additional LDAP properties in Docker container apache/guacamole-client#556)
• b996923 fix: watching (set authenticated username to anonymous apache/guacamole-client#555)
• fa5aa1b chore(release): 6.3.0
• bc2833e refactor: fix cache (GUACAMOLE-1123: Extract common base REST resources for representing ActivityRecordSets. apache/guacamole-client#549)
• 87a8486 chore(deps): update (GUACAMOLE-1126: Set a maximum of 4 auto-reconnect attempts apache/guacamole-client#547)
• b827c6e refactor: logger (GUACAMOLE-1125: Fix substituteKeysPressed handler on guacKeyup events apache/guacamole-client#545)
• f98be10 refactor: handle errors (GUACAMOLE-1120: Remove remaining JS, CSS, and HTML components from CAS module apache/guacamole-client#544)
• b971374 refactor: code (GUACAMOLE-944: Allow search bind usernames in non-DN format. apache/guacamole-client#543)
• db2e3bf feat: added the `sourceFilename` info (original source filename) to assets info (GUACAMOLE-728: Only set legacy flag when SSL is disabled. apache/guacamole-client#542)
• c892451 feat: persistent cache between compilations (webpack@5 only) (GUACAMOLE-728: Handle lack of support for Postgres prefer SSL mode. apache/guacamole-client#541)
• 93936a0 chore(deps): update (GUACAMOLE-728: Only set MySQL JDBC useSSL when sslmode is disabled. apache/guacamole-client#540)
• 36ff46a ci: updated webpack versions GUACAMOLE-103: Adjust checks for entity ID and ACS URL properties. apache/guacamole-client#536
• bd09a24 ci: updated webpack versions
• fb60b9b chore(release): 6.2.1

See the full diff

Package name: css-minimizer-webpack-plugin

The new version differs by 11 commits.

• 3c49d70 docs: improve
• dd00e2e chore(release): 2.0.0
• 773fbd1 refactor: improve perf
• 4d2a8fd feat: update `cssnano` to `5.0.0` version
• 39404cd chore: update cssnano to 4.1.11 ([pull] master from apache:master #79)
• 5211eed feat: added defaults functions for `clean-css` and `csso`
• 8ebb052 refactor: dropped support `css` key from output `minify` function ([pull] master from apache:master #77)
• 91f9977 feat: added the ability to pass an array of functions to the minify
• 35b04ea test: use dart sass for tests ([pull] master from apache:master #74)
• b4edc5f refactor: code ([Snyk] Security upgrade org.apache.tomcat:tomcat-coyote from 7.0.37 to 7.0.73 #71)
• 8e5db60 refactor: drop webpack v4

See the full diff

Package name: html-webpack-plugin

The new version differs by 93 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request #11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request #11690 from webpack/bugfix/11673
• 234373e Merge pull request #11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request #11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request #11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request #11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request #11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request #11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)