[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: concurrently

The new version differs by 19 commits.

• f9fd69f 5.0.1
• 8c56d32 docs: remove duplicate entry (Bump tar from 4.4.8 to 4.4.19 GetScatter/scatter-js#192)
• 6e017c5 npm: update supports-color to v6
• 28bbac4 npm: run an audit fix
• 0b1dd26 npm: bump yargs to 13.3.0 (#205)
• ebb7607 npm: don't include tests or demo gifs in the bundle
• 2c4e1b7 5.0.0
• 40e7647 npm: upgrade date-fns to v2.0.1 (Bump ajv from 6.10.0 to 6.12.6 GetScatter/scatter-js#196)
• b140ef1 Kill commands on SIGHUP (Bump pathval from 1.1.0 to 1.1.1 GetScatter/scatter-js#195)
• 8365dc0 ci: run on Node.js v12
• 13dfb61 4.1.2
• 35a5dc9 npm: upgrade lodash to avoid security issues
• 8a287ca Don't remove quotes if they are impared
• 127a00f bin: ..pass an actual env on tests
• d5aea20 vscode: use a ruler on the 100th col
• 6ba3484 npm: upgrade to jest 24
• 98122fc npm: update deps
• 9181965 4.1.1
• 9529c5e Use prefixLength (Whitelisting GetScatter/scatter-js#189)

See the full diff

Package name: lerna

The new version differs by 141 commits.

• 0ea8fb1 chore(release): v3.18.0
• 31eff33 chore: reset lockfile
• ccf32e1 feat(package-graph): Deprecate method `pruneCycleNodes()`
• d4912c9 refactor(package-graph): Split classes into separate files
• 31ad11e chore: Upgrade eslint + plugins
• ec95403 feat: Remove unused @ lerna/run-parallel-batches
• d136fb5 feat: Remove unused @ lerna/batch-packages
• f2c3a92 feat(filter-options): Rename `--include-filtered-*` options
• 73badee feat(filter-options): Use figgy-pudding in getFilteredPackages()
• ff50e29 feat(filter-options): Add `--exclude-dependents` option
• 54dca56 fix(bootstrap): Move all filter logging into get-filtered-packages method
• a706023 feat(filter-options): Allow command to continue if no packages are matched (#2280)
• 5e60213 feat: Upgrade to yargs@14
• ac8385d fix(options): Explicit `--use-workspaces`
• 6948a11 fix(options): Explicit `--force-local`
• 1d9552c fix(options): Explicit `--pre-dist-tag`
• 343a751 fix(options): Explicit `--force-publish`
• f3581ae fix(options): Explicit `--conventional-prerelease`
• f73e6ed fix(options): Explicit `--conventional-graduate`
• efcb3bd fix(options): Explicit `--ignore-scripts`
• fa21723 fix(options): Explicit `--ignore-prepublish`
• f2c8ab3 test: Add prepublish to lifecycle leaf
• 276682b chore: Add options argument to run-lifecycle mock
• b822060 docs: Add `command.publish.registry` example (#2300)

See the full diff

Package name: webpack-cli

The new version differs by 16 commits.

• 30b1b8d chore: v3.3.5
• 76b75ac chore: remove donation section
• 8913928 chore: update pkg lock
• a37477d cli: remove donation prompt
• 002a6ac Merge pull request #970 from dhruvdutt/postinstall
• cd54ba5 chore(scripts): clean opencollective
• 0c1f6b6 chore(scripts): clean postinstall
• 313e83e chore(deps): update major versions (#969)
• 6105ef1 fix(deps): move prettier from dependencies to devDependencies (#968)
• dad54f4 chore(ts): enables source map in the ts (#961)
• d7cdab9 Merge pull request #960 from DanielRuf/fix/use-strict
• 6015bad chore: added await in order to resolve the pending promise (#948)
• 670efc7 fix: change "usr strict" to "use strict"
• dc25beb Merge pull request #959 from webpack/fix/deps
• 69f364e fix: update deps
• f0f12c9 chore(packages): lock dependencies versions (#958)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.