[Snyk] Fix for 15 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	714/1000 Why? Has a fix available, CVSS 10	Sandbox Bypass npm:constantinople:20180421	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 218 commits.

• 783944f 1.0.1
• 024bab7 1.0.0
• aac41dc Reword introduction
• 84d8fff Bump dependencies & update documentation
• c1364a1 Update the tagline and readme intro (#1983)
• eed2e7a Clarify that not all configuration options can be overridden by CLI flags
• 93e91c9 Fix 'sources' option in configuration docs
• 3bc80b0 Remove moot ESLint disable comment
• 311c197 Fix snapshot skip interface
• 0e82b04 1.0.0-rc.2
• f97e277 Bump dependencies
• 6f54db8 Type additional arguments used by macros
• a82fee5 Documentation updates
• afe028a CI updates
• 1ba31d8 Reorganize documentation
• 5db3573 Use ts-ignore comment (#1969)
• aa35f15 Pass an undefined title argument to macro-title functions
• 37390e6 Handle esm's error "improvements"
• a130a9e Use source-mapped file to build snapshots
• cc3e0ea Link to French translation of puppeteer recipe (#1966)
• bf00d79 Insert a trailing newline when appending new snapshot entries
• 6ab6d35 Add recipe for AVA & Puppeteer (#1913)
• 1cc1bd5 Minor tweaks to the Flow and TS recipe
• a9758ee 1.0.0-rc.1

See the full diff

Package name: chokidar

The new version differs by 191 commits.

• 7b8e02a Release 3.0.0.
• e7bfe2f Move stuff.
• df7f22e Remove changelog from npm, move to hidden dir.
• 3df7692 Improve naming.
• 6e94ca2 Clean-up.
• 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (#833)
• 9e0965a Fix Windows tests in Travis CI (#832)
• c95a98f Update stuff.
• 187ff2b test: Trying to fix blinked tests for Travis CI. (#825)
• db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (#824)
• 41f8782 fix(FsEvents): Remove situation with NaN depth. (#823)
• 7cf3f7e Update readdirp to stable.
• 0927a62 Bump packages.
• 11cd857 Update nyc.
• 99c14d7 Uncomment fsevents.
• cf330a5 Update fsevents.
• 0e4fca5 Fix deps.
• 9c575d4 Fix Windows version (#821)
• 3323d59 fix(Linux): Make event loop hack for keep testing valid. (#820)
• 06214c5 Update to latest readdirp.
• 793639f Rename osxfswatch.
• 078bc2d Refactor and fix freaking tests.
• 2b9bb41 Try node 11.
• 3fe3d4e Test travis.

See the full diff

Package name: css-loader

The new version differs by 82 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
• 5103ee7 Docs: Add Brackets integration (#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
• 2824d43 Docs: fix comment placement in a code example (#10799)
• 10690b7 Upgrade: devdeps and deps to latest (#10622)
• 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (#10764)
• a857cd9 5.4.0
• 8dee250 Build: changelog update for 5.4.0
• a70909f Docs: Add jscs-dev.github.io links (#10771)
• 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
• 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
• 985567d Chore: rm unused dep string.prototype.matchall (#10756)
• f3d8454 Update: Improve no-extra-parens error message (#10748)
• 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
• 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
• 137140f Chore: use eslintrc overrides (#10677)
• 2af6f4f 5.3.0
• 11e70c7 Build: changelog update for 5.3.0
• dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
• 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: nodemon

The new version differs by 83 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of [email protected]

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 5ff7daf Prepare 9.8.0
• d2fb462 Update CHANGELOG.md
• 66855d6 Fix false positives for final newlines in max-empty-lines (#3785)
• cbd0246 Fixed typo "psuedo" to "pseudo" (#3790)
• f20d9e4 Update prettier to the latest version 🚀 (#3782)
• 8490b5d Remove unused dependencies (#3787)
• 547888b * Add jest-watch-typeahead (#3781)
• 29e0fde Update CHANGELOG.md
• 48dc855 Add autofix to value-keyword-case (#3775)
• 3dd2884 Update CHANGELOG.md
• 2ba9900 Fix error for single-line Sass comments (#3772)
• 0c801e7 Update ignore to version 5.0.4 (#3773)
• a9a68dd Update micromatch (#3769)
• 691ce27 Update CHANGELOG.md
• 67596f0 Add ignore: ["pseudo-classes"] to max-nesting-depth (#3724)
• f1c50d0 Update CHANGELOG.md
• 97d351e Add ignoreFunctions: [] to unit-no-unkown (#3736)
• fdeb82f Update CHANGELOG.md
• e9e73d5 Fix false positives for Less variables and mixins in at-rule-* (#3767)
• 5fd5905 Update CHANGELOG.md
• 3f6b31b Add ignoreTypes option to selector-type-case (#3758)
• b257c5f Update plugins.md (#3762)
• 259ed20 Update appveyor badge id
• 19e1790 Prepare 9.7.1

See the full diff

Package name: stylelint-config-recess-order

The new version differs by 81 commits.

• 7477c77 🔖 Publish release (Update eslint-plugin-node to the latest version 🚀 typicode/hotel#273)
• 13e997e 📦 Upgrade `stylelint-order` to v5 (.localhost domains isn't working in chrome browser typicode/hotel#272)
• b281419 🔖 Publish release (Improve console output typicode/hotel#269)
• c6cc8a8 📦 Bump prettier-plugin-packagejson from 2.2.11 to 2.2.13 (Fix react-icons import typicode/hotel#263)
• 524a4a2 📦 Bump prettier from 2.3.2 to 2.4.1 (Fix react-icons imports typicode/hotel#262)
• 4fbc8e7 🎁 Add `@ font-face`–specific properties (Update style-loader to the latest version 🚀 typicode/hotel#271)
• 045e5d3 📦 Bump @ changesets/changelog-github from 0.4.0 to 0.4.1 (Add a polyfill.io script typicode/hotel#258)
• de0bd4f 📦 Bump @ changesets/cli from 2.16.0 to 2.17.0 (Make header left position fixed too typicode/hotel#260)
• 73eb83f 🎁 Add `aspect-ratio` and logical properties (Update license range typicode/hotel#257)
• d3567be ⚙️ Bump actions/setup-node from 2.4.0 to 2.4.1 (Use server port when proxying websockets typicode/hotel#261)
• 2cc81a3 ✏️ Remove david-dm badge
• 9fdc39f ✏️ Update link to twbs config
• a214b12 🔖 Publish release (Update license year typicode/hotel#255)
• a8da2ff 🎁 Add `inset*` properties (Change the frontend to React typicode/hotel#242)
• 1f4649a 📦 Bump stylelint from 13.12.0 to 13.13.1 (Improve interface, use Switch component typicode/hotel#236)
• 30c316d 📦 Bump lint-staged from 10.5.4 to 11.1.2 (Should I use in Production? typicode/hotel#254)
• a0d3559 📦 Bump prettier-plugin-packagejson from 2.2.10 to 2.2.11 (How does $PORT work with Django typicode/hotel#239)
• 40bb724 🎁 Add `place-content` and `place-self` properties (Resolving http requests to hotel from within a docker container typicode/hotel#249)
• 76f851e 📦 Bump prettier from 2.2.1 to 2.3.2 (Update bulma-switch to the latest version 🚀 typicode/hotel#243)
• f069277 📦 Bump eslint from 7.24.0 to 7.32.0 (HTTPS is not working on Chrome 63 typicode/hotel#250)
• 81daaa2 ⚙️ Bump actions/setup-node from 2.1.5 to 2.4.0 (Change .dev domains to .test by default typicode/hotel#252)
• e77ae0c 🔖 Publish release (add clear output and clear output on restart functions to front typicode/hotel#227)
• b53d5fb 📦 Bump ava from 3.9.0 to 3.15.0 (How to create local proxy to the same server typicode/hotel#231)
• b5f240c 📦 Bump lint-staged from 10.2.11 to 10.5.4 (Adding Docker example. typicode/hotel#230)

See the full diff

Package name: ts-loader

The new version differs by 192 commits.

• 218718a drop support for < node 8 and republish 5.4.6 as 6.0.0 (#930)
• 9946fbc v5.4.6
• e13bee2 Update dependencies (#928)
• a6572ce internal: remove usage of hand crafted webpack typings (#927)
• 48626a9 add common appendTsTsxSuffixesIfRequired function to instance (#924)
• 0fd623f add node12 to travis build (#925)
• 77b8471 prepare 5.4.3 release
• 381a6a9 more .npmignore
• 3f8316a don't publish anything but ts-loader (#923)
• ea2fcf9 resolveTypeReferenceDirective support for yarn PnP (#921)
• 4692a22 ts 3.4 tests (#916)
• dc1dda8 edited broken link in README.md (#915)
• c1f3c4e update example (#912)
• 4a8df76 Feature/3.3 tests (#903)
• 58505c4 drop fast-incremental-builds example (#901)
• 4354cf8 fixed name of fork-ts-checker-webpack-plugin (#900)
• 4551893 there's way too many examples (#899)
• c9b1f31 add probot-stale https://github.com/probot/stale
• 92a2de9 Merge pull request #898 from TypeStrong/example-for-mcolyer
• ff9bc37 example of filter issue for @ mcolyer
• ba6f5c4 Merge pull request #884 from zerdos/master
• 92f0d70 migrate large comparison test to be execution test (#896)
• df04a56 release event not available so use push event and filter (#893)
• 177a985 add first github action! (#891)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5280ee7 docs: fix typo
• d834582 chore(release): 4.7.3
• 7b8c85b chore(deps): update `selfsigned` (#4170)
• d598325 chore: fix lint
• c1907f1 refactor: remove redundant `if` statements (#4158)
• e535f25 ci: debug (#4144)
• 75999bb chore(release): 4.7.2
• 90a96f7 ci: fix (#4143)
• f6bc644 fix: compatible with `onAfterSetupMiddleware`
• 317e4b9 docs: fix testing instructions (#4133)
• ff4550e test: remove redundant test cases related to 3rd party code (#4131)
• 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
• afe4975 chore(release): 4.1.7
• 4e5d8ea fix: droped `url` package (#4132)
• b0c98f0 chore(release): 4.7.0
• 3138213 chore(deps): update (#4127)
• 8f02c3f feat: added types
• f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
• 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
• f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
• c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
• 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
• f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
• c13aa56 feat: added the `setupMiddlewares` option (#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn