[Snyk] Fix for 29 vulnerabilities

[Matthelonianxl]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: html-webpack-plugin

The new version differs by 139 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: http-proxy-middleware

The new version differs by 12 commits.

• 3b97308 fix(ws): internal server upgrade (Logger support for multiple compilations dojo/cli-build-app#357)
• 616f60f Dependencies update (Update webpack-contrib dojo/cli-build-app#352)
• c70200e fix(ws): fix concurrent ws requests (Upgrade dojo to v7 alphas dojo/cli-build-app#344)
• 021b03f chore(dependencies): update micromatch@4 and dev dependencies (Adding glob for spec files as unit tests dojo/cli-build-app#342)
• 0347c43 ci(travis): use xenial (Discover spec files as well as tests in the test folder dojo/cli-build-app#341)
• b13302c refactor: remove options `proxyHost` and `proxyTable` (BREAKING CHANGE) (ts-node usage should not do type checking dojo/cli-build-app#332)
• a30a74b Merge pull request Consider supporting image optimisation out of the box dojo/cli-build-app#328 from chimurai/ts
• 5dd8971 ci(travis-ci): build stages
• caa2017 refactor: migrate to typescript
• 721dc63 ci(coverage): replace istanbul with nyc (CSS modules are not correctly hashed dojo/cli-build-app#325)
• 80fc9e8 ci(node): drop node v4 and v5
• 9f8a292 chore: housekeeping

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 11 commits.

• 09d29b3 5.0.5
• d0a7da7 feat(deps): update dependencies (Use the same css module ident for all builds dojo/cli-build-app#154)
• 41d1e23 Redirect to css-minimizer-webpack-plugin for webpack 5 or above
• e9b84f1 5.0.4
• b3a3ada Update dependencies (Fix: use UMD externals dojo/cli-build-app#133)
• 0a410a9 5.0.3
• 71d09f3 Force npm version
• eb7de19 5.0.2
• 110cc11 Upgrade dependency versions
• 5cdda05 small formatting improvements to README.md (Add Better PWA support dojo/cli-build-app#96)
• 64f8309 Handle query string in assetName ([Snyk] Security upgrade express from 4.16.2 to 4.20.0 #82)

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 04af9e4 13.0.0
• 704f6a2 Prepare 13.0.0
• 50ba8a9 Reorder changelog
• 1666bba Update devDependencies (#4542)
• 062d298 Reindent nodejs.yml (#4541)
• a24e44a Fix atypical rule README structure (#4537)
• 616ad71 Bump husky from 4.0.3 to 4.0.6 (#4536)
• 5e58ee7 Bump globby from 10.0.2 to 11.0.0 (#4528)
• eaee6a4 Refactor CLI options definition (#4530)
• 6a2ffbd Fix plugin path
• 644b713 Fix Windows path problem
• 1005cbd Add info about invalid syntax in FAQ (#4535)
• 18b1f99 Fix help text indentation (#4531)
• d3c4a9f Update CHANGELOG.md
• 32f67e7 Update CHANGELOG.md
• 04ec577 Bump globby from 10.0.1 to 11.0.0
• d9dbce2 Process multiple spaces in media-feature-parentheses-space-inside (#4513)
• 1dc203e Regenerate package-lock.json (#4517)
• 36bf292 Bump husky from 3.1.0 to 4.0.3 (#4527)
• f5529d5 Bump @ types/micromatch from 3.1.1 to 4.0.0 (#4526)
• a254fd2 Bump got from 10.2.0 to 10.2.1 (#4525)
• f2e9f02 Bump remark-validate-links from 9.0.1 to 9.1.0 (#4524)
• 74d5233 Remove unneeded `@ types/meow` package (#4523)
• cef0b95 Update CHANGELOG.md

See the full diff

Package name: stylelint-webpack-plugin

The new version differs by 4 commits.

• 9dc0a9c chore(release): 1.0.0
• 74838fb v1.0.0 (Small typo in readme dojo/cli-build-app#180)
• 94de976 ci: azure pipelines (Update logger.ts to point to package.json for cli-build-app dojo/cli-build-app#182)
• 5ae9467 chore: update peerDependency stylelint to ^9.0.0 (Only run linting on CI and release; fail CI if any step fails dojo/cli-build-app#160)

See the full diff

Package name: ts-loader

The new version differs by 40 commits.

• 218718a drop support for < node 8 and republish 5.4.6 as 6.0.0 (#930)
• 9946fbc v5.4.6
• e13bee2 Update dependencies (#928)
• a6572ce internal: remove usage of hand crafted webpack typings (#927)
• 48626a9 add common appendTsTsxSuffixesIfRequired function to instance (#924)
• 0fd623f add node12 to travis build (#925)
• 77b8471 prepare 5.4.3 release
• 381a6a9 more .npmignore
• 3f8316a don't publish anything but ts-loader (#923)
• ea2fcf9 resolveTypeReferenceDirective support for yarn PnP (#921)
• 4692a22 ts 3.4 tests (#916)
• dc1dda8 edited broken link in README.md (#915)
• c1f3c4e update example (#912)
• 4a8df76 Feature/3.3 tests (#903)
• 58505c4 drop fast-incremental-builds example (#901)
• 4354cf8 fixed name of fork-ts-checker-webpack-plugin (#900)
• 4551893 there's way too many examples (#899)
• c9b1f31 add probot-stale https://github.com/probot/stale
• 92a2de9 Merge pull request #898 from TypeStrong/example-for-mcolyer
• ff9bc37 example of filter issue for @ mcolyer
• ba6f5c4 Merge pull request #884 from zerdos/master
• 92f0d70 migrate large comparison test to be execution test (#896)
• df04a56 release event not available so use push event and filter (#893)
• 177a985 add first github action! (#891)

See the full diff

Package name: typed-css-modules

The new version differs by 85 commits.

• d445226 0.6.4
• 8d7734c Merge pull request pin @types/node version to ~9.6.5 dojo/cli-build-app#91 from dacevedo12/master
• 9095bd6 update vulnerable deps
• 7b200ab 0.6.3
• 7070137 Merge pull request [Snyk] Security upgrade typed-css-modules from 0.3.1 to 0.6.4 #83 from reflector-six/allow-file-postprocessors
• 193f693 Document new postprocessor option for writeFile
• 2241e3d allow file postprocessors
• 9bb5cbe 0.6.2
• 95640f1 Merge pull request [Snyk] Security upgrade express from 4.16.2 to 4.20.0 #82 from Quramy/fix-yargs-version-usage
• 20d8dae fix: don't give function to yargs.version
• 9abf9c2 0.6.1
• 712241b Merge pull request [Snyk] Security upgrade express from 4.16.2 to 4.20.0 #79 from akshayas/asrivatsa_yargs_upgrade
• 0f54e9a Upgrades yargs to 12.0.5 to address mem memory leak issue
• 0f77167 modify scripts
• 8b38c19 0.6.0
• f427f19 modify
• 39453a7 Merge pull request [Snyk] Fix for 2 vulnerabilities #75 from gdelmas/provide-run-api
• 42945b3 Merge branch 'master' of https://github.com/Quramy/typed-css-modules
• 8f6c8eb Merge pull request [Snyk] Fix for 2 vulnerabilities #74 from gdelmas/promisify-glob
• 425f977 Merge pull request [Snyk] Security upgrade webpack-pwa-manifest from 3.7.1 to 4.1.1 #72 from Quramy/using-ts-jest
• 62e001b update
• 4dd0e4f Merge branch 'master' of https://github.com/Quramy/typed-css-modules into using-ts-jest
• a9602f3 Merge pull request [Snyk] Security upgrade html-webpack-plugin from 3.2.0 to 4.0.0 #73 from gdelmas/build-and-pack
• 46a3126 export cli functionality via API

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Validation Bypass
🦉 More lessons are available in Snyk Learn