[Snyk] Fix for 15 vulnerabilities

[marcusrc]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:content-type-parser:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 31 commits.

• a0fbd50 8.0.2
• 2004b91 require correct deps
• fa56d21 Always use unpad (#535)
• 295091d Allow ^ version for babel dependencies (#534)
• d3b8519 fix(package): update babylon to version 7.0.0-beta.31 (#533)
• 54ab4ac 8.0.1
• c1a7882 Update README.md support (#531) [skip ci]
• 51100c9 chore(package): update mocha to version 4.0.0 (#524)
• 5742b71 Adding optionalCatchBinding to plugins. (#521)
• 905887c 8.0.0
• 49493e4 update to beta.0
• 42d0c5b Remove already fixed workaround (#508)
• 25bd208 8.0.0-alpha.17
• 1468905 alpha.17
• 57c133e 8.0.0-alpha.15
• 1e41162 update (#504)
• c31b577 Readme update usage section (#501) [skip ci]
• c2626f9 Update eslint to the latest version 🚀 (#500)
• 3c6b2de chore(package): update husky to version 0.14.0 (#498)
• e052d5a Update install instructions to use latest stable release (#497) [skip ci]
• 8e3e088 8.0.0-alpha.13
• f757e22 Merge pull request #493 from danez/regression-test
• 5736be6 Update babylon
• 37f9242 Add Prettier (#491)

See the full diff

Package name: coveralls

The new version differs by 3 commits.

• 5ebe57f bump version
• 428780c Expand allowed dependency versions to all API compatible versions (determine disabled status of selected menu item when handleKeyNavigat… vkbansal/react-contextmenu#172)
• eb1b723 Update Mocha link (onMouseMove event handler is not properly registered when MenuItem's are abstracted into another component. vkbansal/react-contextmenu#169)

See the full diff

Package name: css-loader

The new version differs by 102 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
• 5103ee7 Docs: Add Brackets integration (#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
• 2824d43 Docs: fix comment placement in a code example (#10799)
• 10690b7 Upgrade: devdeps and deps to latest (#10622)
• 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (#10764)
• a857cd9 5.4.0
• 8dee250 Build: changelog update for 5.4.0
• a70909f Docs: Add jscs-dev.github.io links (#10771)
• 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
• 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
• 985567d Chore: rm unused dep string.prototype.matchall (#10756)
• f3d8454 Update: Improve no-extra-parens error message (#10748)
• 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
• 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
• 137140f Chore: use eslintrc overrides (#10677)
• 2af6f4f 5.3.0
• 11e70c7 Build: changelog update for 5.3.0
• dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
• 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: http-server

The new version differs by 141 commits.

• 46cfd10 0.12.2
• 5867a26 add testing on node 14
• a8f1a15 Merge pull request #581 from xxjinwei/master
• 0568097 Merge pull request #517 from http-party/man_page
• 021e9f5 update license year
• 6e9fc08 update dependencies
• 95119c6 update man page
• 943c609 Merge pull request #622 from adunkman/fix-security-vulnerability
• 817e11d Upgrade sub-dependency of minimist via mkdirp.
• 454851c Fix security issue by using Minimist directly.
• ed8ff1f clarify auth types
• f5854a6 Merge pull request #584 from zjhmale/basic-auth-options-compliance
• e758f03 Merge pull request #586 from http-party/logFn-skip-array
• 924567f Merge pull request #599 from http-party/new-screenshots
• 8de3658 Merge pull request #613 from http-party/dependabot/npm_and_yarn/acorn-5.7.4
• b2dbff5 Bump acorn from 5.7.3 to 5.7.4
• 85541e5 ignore macos files
• dfcc224 better start image
• bd36f7b Fix basic auth options type issue
• 7c09c23 remove broken badge
• e5673c5 update badges
• 1572613 Update installation methods
• 61668b3 update README image link
• 91ff74b update start image

See the full diff

Package name: jsdom

The new version differs by 250 commits.

• 74a8d1e Version 16.6.0
• f51f2ec Remove the dependency on request
• 2b6d5ae Update dependencies
• b72b33b Disable now-crashing canvas test
• 39b7972 Handle null and undefined thrown as exceptions
• 04f6c13 Add ParentNode.replaceChildren() (#3176)
• e4c4004 Version 16.5.3
• 2f41466 Fix MutationObserver infinite loop bugs (#3173)
• b232f2a Run partially-failing WPTs in the custom-elements directory
• 35e103e Run partially-failing WPTs in the cors directory
• 77b660a Run partially-failing WPTs in the FileAPI directory
• d8a245f Use `InnerHTML` mixin for `innerHTML` definition (#2981)
• bd50bbe Version 16.5.2
• d5cfd69 Fix event handler ObjectEnvironment instantiation
• 93e3d4a Remove vestigial concurrentNodeIterators option-passing
• c92f9c1 Check all associated elements for form validity
• 2202703 Fix failing WPTs calculation
• 21c7671 Upgrade dependencies
• c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
• a13d854 Use WeakRefs for NodeIterator tracking when supported
• fdf97d8 Fix radio/checkbox to not fire events when disconnected
• 761d8cc Refactor <output>
• b36d418 Make customElements.whenDefined() resolve with the constructor
• c5d13bb Remove a variety of redundant to-port tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn