[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • apps/block_scout_web/assets/package.json
  • apps/block_scout_web/assets/package-lock.json
  • apps/block_scout_web/assets/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	No	No Known Exploit
	Prototype Pollution SNYK-JS-JQUERY-174006	No	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	NULL Pointer Dereference SNYK-JS-NODESASS-535500	No	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-535501	No	No Known Exploit
	Resource Exhaustion SNYK-JS-NODESASS-535504	No	No Known Exploit
	NULL Pointer Dereference SNYK-JS-NODESASS-535505	No	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NODESASS-540982	No	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

Commit messages

Package name: bootstrap

The new version differs by 250 commits.

• 8fa0d30 Release v4.3.1. (#28252)
• dae20da Remove unneeded glob. (#28249)
• 10b97f6 Fix npm package contents
• 7bc4d2e Add sanitize template option for tooltip/popover plugins.
• bf2515a Update RFS to v8.0.1 (#28245)
• 45ced60 Update font size (#28232)
• 1ded0d6 Release v4.3.0 (#28228)
• 3aa0770 docs snippets: a few more minor tweaks (#28225)
• adf16da toasts.md: Remove useless `div`s.
• 2bfe581 Remove stray parameter from capture.
• bbf8b76 Cosmetic changes in snippets.
• 7a9a8db docs: remove `-ms-overflow-style: -ms-autohiding-scrollbar` (#28220)
• 24253b1 migration.md: use https. (#28221)
• 545f3fa Prevent text selection in placeholder images (#28218)
• 94acdee Revert "Silence mkdir. (#28184)" (#28209)
• 6c7dcc6 placeholder.svg: Partially revert the changes from c0e42cb. (#28216)
• 1145365 Reword footer text.
• bd328bf Use the `site.repo` variable.
• a920429 Change footer link to point to the docs team page
• c56b10c Offcanvas example: transition the transform (#28203)
• 52e6ce4 Update devDependencies. (#28175)
• 93dec4c Fix scrollable modal snippet
• 51375ab Responsive font size implementation (#23816)
• d250567 Remove `-ms-autohiding-scrollbar` to prevent overlapping the table content (#28153)

See the full diff

Package name: copy-webpack-plugin

The new version differs by 64 commits.

• 0675847 chore(release): 5.0.5
• 9146c2a docs: fix typo (Support for Address Balance History blockscout/blockscout#401)
• 3103940 refactor: minor code refactor (Token Pages Mock ups for Plataformatec blockscout/blockscout#399)
• c546871 perf: improvement for webpack@5 (Read smart contract Wei to Ether conversion button blockscout/blockscout#406)
• 5db376b chore(deps): update (Enhance API account balance endpoint blockscout/blockscout#409)
• 806eb41 docs: fix broken fragment links (Relevant API RPC endpoints accept tag param blockscout/blockscout#398)
• 6158483 chore(release): 5.0.4
• cd0e9f5 docs: clarify plugin description (Transaction list page redesign blockscout/blockscout#395)
• f848140 test: refactor (Failed transaction support on address details page blockscout/blockscout#394)
• ff0c736 refactor: tests (Fix support to 'string' at the 'ex_abi' lib blockscout/blockscout#393)
• 7f08be6 fix: use posix separator for emitting assets (Change reference to Hash.Address blockscout/blockscout#392)
• 89c73c8 chore(defaults): update (Provide constructor arguments for verified contract blockscout/blockscout#390)
• 0b61c86 docs: fix 'defined' typo in readme (Pluggable Transport and HTTP transport modules blockscout/blockscout#384)
• 2f4dfec docs: update wording in README (Contributor sees Tokens Transferred on the Transaction Details page blockscout/blockscout#386)
• 4b5a6bf chore(defaults): update (Fix pending transactions page error blockscout/blockscout#380)
• ec0e036 chore(release): 5.0.3
• de52b48 chore(defaults): update (Address pg redesign #231 blockscout/blockscout#376)
• 70917b7 fix: alone `[N]` interpolation in `to` option (As the USD exchange rate changes the transaction page overview should be updated blockscout/blockscout#375)
• 95cf57e chore(release): 5.0.2
• ae2258f perf: avoid extra call `stat` for file (Fix eslint in CircleCI which was not running on everything it should blockscout/blockscout#365)
• 94086af chore: remove unused deps (Block confirmations on transaction page #121 blockscout/blockscout#364)
• 52f8be6 fix: better determinate template in `to` option (Implement support to 'int' at the 'ex_abi' lib blockscout/blockscout#363)
• 3946473 fix: emit errors instead throw (Add contract creator on Account details page blockscout/blockscout#362)
• 05963eb fix: add fallback to transform cache directory (Set realtime interval to 5 seconds blockscout/blockscout#361)

See the full diff

Package name: css-loader

The new version differs by 9 commits.

• 43179a8 chore(release): 1.0.0
• 3d53968 Merge remote-tracking branch 'origin/master'
• 240db53 version 1.0 (Redesign top menu  blockscout/blockscout#742)
• 1b7acf7 Merge remote-tracking branch 'origin/master'
• 1703721 docs(README): add more context to `localIdentName` (Add contract#getsourcecode API endpoint blockscout/blockscout#711)
• 1c51265 docs(README): fix malformed emoji (inculde an example of the config blockscout/blockscout#701)
• 50f8ec0 Merge remote-tracking branch 'origin/master'
• 07444ad tests: css custom variables (Add ENS support blockscout/blockscout#709)
• 3de8aa7 tests: css custom variables (Add ENS support blockscout/blockscout#709)

See the full diff

Package name: node-sass

The new version differs by 59 commits.

• b54053a Update changelog
• 01db051 4.13.1
• 338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
• c6f2e5a doc: README example fix (async fetching of address counters blockscout/blockscout#2787)
• fbc9ff5 Merge pull request Removed unnecessary inline listener from mobile menu toggle button blockscout/blockscout#2754 from saper/no-map-if-not-requested
• 60fad5f 4.13.0
• 43db915 Merge pull request Remove nonconsensus blocks from cache after internal transactions importing blockscout/blockscout#2768 from sass/release-4-13
• 0c8d308 Update references for v4.13 release
• f1cc0d3 Use GCC 6 for Node 12 binaries (fix websocket subscriptions with token instances blockscout/blockscout#2767)
• 3838eae Use GCC 6 for Node 12 binaries
• e84c6a9 Merge pull request 422 error page created. blockscout/blockscout#2766 from saper/node-modules-79
• 64b6f32 Node 13 support
• 8498f70 Fix Dark theme blockscout/blockscout#2394: sourceMap option should have consistent behaviour
• 8d0acca Merge pull request fix nft token instance images blockscout/blockscout#2753 from schwigri/master
• b0d4d85 Fix broken link to NodeJS docs in README.md
• 887199a Merge pull request Fix issues in Staking Dapp related to pool filters blockscout/blockscout#2730 from kessenich/master
• b1f54d7 Fix Consider a pool to be a delegator for itself and fetch its delegator data blockscout/blockscout#2614 - Update lodash version
• 96aa279 Merge pull request Remove internal_transaction block_number setting from blocks runner blockscout/blockscout#2726 from XhmikosR/master-xmr-typos
• 8421979 Assorted typo fixes.
• 2513e6a chore: Remove PR template
• 7ab387c Merge pull request Dashboard banner fix blockscout/blockscout#2673 from abetomo/remove_sudo_setting_from_travis
• 15355dd Remove sudo settings from .travis.yml
• 0c1a49e chore: Add not in PR template about node-gyp 4.0
• e59f5ba chore: Change note about Node 12 support

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• 30b1b8d chore: v3.3.5
• 76b75ac chore: remove donation section
• 8913928 chore: update pkg lock
• a37477d cli: remove donation prompt
• 002a6ac Merge pull request Provide default 2nd arg for executing contract functions on Geth blockscout/blockscout#970 from dhruvdutt/postinstall
• cd54ba5 chore(scripts): clean opencollective
• 0c1f6b6 chore(scripts): clean postinstall
• 313e83e chore(deps): update major versions (944 integrate coingecko api blockscout/blockscout#969)
• 6105ef1 fix(deps): move prettier from dependencies to devDependencies (Geth Clique blocks always mined by 0x000 blockscout/blockscout#968)
• dad54f4 chore(ts): enables source map in the ts (Add backoff for Ethereum JSON RPC requests blockscout/blockscout#961)
• d7cdab9 Merge pull request Improve token balances fetcher blockscout/blockscout#960 from DanielRuf/fix/use-strict
• 6015bad chore: added await in order to resolve the pending promise (Investigate token count on the address page blockscout/blockscout#948)
• 670efc7 fix: change "usr strict" to "use strict"
• dc25beb Merge pull request Async task to check token supply and other metadata blockscout/blockscout#959 from webpack/fix/deps
• 69f364e fix: update deps
• f0f12c9 chore(packages): lock dependencies versions (Adds log rotation blockscout/blockscout#958)
• 08edf57 Merge pull request (Mix) Could not compile dependency :libsecp256k1 blockscout/blockscout#954 from webpack/v.3.3.4
• 186166f chore: v.3.3.4
• 8acf08f Merge pull request Mobile search bar and network ui bug blockscout/blockscout#952 from pranshuchittora/docs/readme
• 8b00884 chore: remove unused pkgs
• 478340d chore: fix prompt
• 0acd33e Merge pull request Make address pending transactions collapsable blockscout/blockscout#949 from rishabh3112/fix/not-found
• 23eddcb chore: improved err msg
• d025bf5 Merge branch 'master' of github.com:webpack/webpack-cli into docs/readme

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-450202	Proof of Concept
	Prototype Pollution npm:extend:20180424	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic