[Snyk] Fix for 31 vulnerabilities

[rajis7474]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	No	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-KARMA-2396325	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	No	No Known Exploit
	489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	Yes	No Known Exploit
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: conventional-changelog-cli

The new version differs by 59 commits.

• cc567b9 Publish
• f760aa4 deps: update meow (#695)
• 07ba18c docs: add missing detailed explanation link (#620)
• e01e027 feat(conventionalcommits): allow matching scope (#669)
• d15b90e chore(deps): update eslint rules (#694)
• 7ae618c fix(deps): update dependency through2 to v4 (#657)
• 9c00f32 feat: allows notes pattern to be customized (#586)
• cd4c726 fix: bug in unstableTagTest causing a mismatch on beta release higher then beta-9 (#679)
• 7b6ec0a fix(deps): update dependency normalize-package-data to v3 (#687)
• f8fcbc2 fix: ignore gpg lines (#685)
• be1246c Publish
• f10256c feat(templates): if hash is nullish, do not display in CHANGELOG (#664)
• 0c3db59 chore(deps): lock file maintenance (#646)
• 0679d7a feat: add support for '--skip-unstable' option (#656) (#656)
• 3dedddc Publish
• 5e3c4b4 chore(deps): update dependency safe-buffer to v5.2.1 (#645)
• de4f630 fix(deps): update dependency compare-func to v2 (#647)
• ea68904 chore(deps): update dependency mocha to v8 (#652)
• 73c7a1b fix: pass config to parserOpts and writerOpts
• 8f82b5a docs(conventional-changelog-angular): fix README link (#649)
• 3f00651 docs: update README for conventional-changelog-conventionalcommits with example (#632)
• 816407a chore(deps): update dependency eslint to v7 (#643)
• c5ae3ab Publish
• 6b0ffec build: keep optional appveyor for now (#640)

See the full diff

Package name: cp-file

The new version differs by 24 commits.

• 642f50d 10.0.0
• 176d12f Require Node.js 14 and move to ESM
• cf322af Add `onProgress` option (#52)
• 3fe6ab4 Add `cwd` option (#46)
• 5dbf6dc Fix tests on Node.js 14 and later (#48)
• 778ecdb Fix CI error on Windows (#50)
• 589c637 9.1.0
• bedd8ce Meta tweaks
• 4eb8f47 Add `directoryMode` option (#44)
• 694ddb2 Move to GitHub Actions (#43)
• 8c7ac33 9.0.0
• 5f5151d Meta tweaks
• 4e536d5 Stop preserving ownership, stop performing chmod after `copyFileSync` (#39)
• 1cda1f2 8.0.1
• d7fab4c Fix problems when on latest Node.js 12
• 11b236d 8.0.0
• 1b5e072 Rename some ProgressData properties
• 6d92d5c Wait for `open` event on the writable stream
• df050ac Require Node.js 10
• 4668c5a Always throw if unable to overwrite (#38)
• 4e1367f Test on Windows too
• edcc055 Meta tweaks
• d3ed7b9 Create funding.yml
• 82a5286 Add Node.js 12 to testing (#35)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: eslint-plugin-mocha

The new version differs by 141 commits.

• b2d8c9e 6.3.0
• b91a2f8 Update dependencies
• c470a3d Merge pull request #238 from lo1tuma/fix-nested
• a18680d Merge pull request #239 from lo1tuma/fix-top-level
• 2633908 Fix max-top-level-suites to ignore generated suites
• 46f716d no-hooks-for-single-case: fix false postive in nested suites
• 1c3a545 Merge pull request #237 from lo1tuma/template-strings
• 6255546 Check static template strings in valid-test-description and valid-suite-description
• 7eea93d Merge pull request #236 from lo1tuma/no-hooks-option
• 8778d96 no-hooks: add option to allow certain kind of hooks
• 36c9e67 Merge pull request #235 from brettz9/nondeprecated-rule-format
• 471e354 Switch to nondeprecated eslint rule format
• 8cf8640 Merge pull request #234 from brettz9/schemas-for-options
• c1f8049 Merge pull request #229 from brettz9/recommended-rules
• fdb3843 - Remove regex literal argument; simplify
• 68a3c07 - Add schemas for options (and remove for files which are using settings)
• 04cdbaa - Indicate whether rule is recommended (also put into table along with info on whether "fixable")
• 6ac703b Merge pull request #233 from brettz9/options-in-docs
• 347d544 Merge pull request #232 from brettz9/regexp-u-flags
• 57add13 Merge pull request #231 from brettz9/doc-highlighting
• 07948bd Merge pull request #230 from brettz9/package-lock
• a147956 Merge pull request #228 from brettz9/fixable
• f8141df Merge pull request #226 from cruzdanilo/master
• bdad369 Merge pull request #227 from brettz9/patch-1

See the full diff

Package name: gts

The new version differs by 140 commits.

• 978cda0 chore: release v3.1.1
• 83ef5f3 fix: drop update notifier (#706), make it compile
• cf38613 chore: release 3.1.0 (#612)
• 634bad9 fix(deps): upgrade to latest version of meow (#616)
• b18e766 chore(deps): lock file maintenance (#614)
• cb6d2ca feat: support comments in JSON (#571)
• a1992a8 chore(deps): lock file maintenance (#610)
• 9403c1c chore(deps): lock file maintenance (#608)
• a9d77ab chore(deps): lock file maintenance (#607)
• 6d0fc06 build(deps): bump ini from 1.3.5 to 1.3.7 (#605)
• f6c7718 chore(deps): lock file maintenance (#603)
• 6e26681 fix(deps): update dependency eslint-config-prettier to v7 (#601)
• 3a2dde6 chore(deps): lock file maintenance (#602)
• 34c34e6 chore: release 3.0.3 (#592)
• 4e5f1e5 fix(deps): update dependency execa to v5 (#600)
• e7c23f4 chore(deps): lock file maintenance (#598)
• dff3699 chore(deps): lock file maintenance (#597)
• 3fed38d chore(deps): lock file maintenance (#596)
• 62cc9bf chore(deps): lock file maintenance (#595)
• fe2b046 chore(deps): lock file maintenance (#594)
• c7e223e fix(deps): update dependency meow to v8 (#591)
• 0fb88f2 chore: release 3.0.2 (#590)
• 8f1d381 fix(deps): loosen ts peer dependency (#589)
• 9efa15c build: add node 15 to test matrix (#587)

See the full diff

Package name: karma

The new version differs by 214 commits.

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
• 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
• db53785 chore(release): 6.3.13 [skip ci]
• 5bf2df3 fix(deps): bump log4js to resolve security issue
• 36ad678 chore(release): 6.3.12 [skip ci]
• 41bed33 fix: remove depreciation warning from log4js
• c985155 docs: create security.md
• c96f0c5 chore(release): 6.3.11 [skip ci]
• a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
• de0df2f test: fix version regex in the CLI test case
• eddb2e8 chore(release): 6.3.10 [skip ci]
• 0d24bd9 fix(logger): create parent folders if they are missing
• b8eafe9 chore(release): 6.3.9 [skip ci]
• cf318e5 test: add test case for restarting test run on file change
• 92ffe60 fix: restartOnFileChange option not restarting the test run
• b153355 style: fix grammar error in browser capture log message
• 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: lerna

The new version differs by 250 commits.

• 02c534e chore: remove unnecessary write-json-file dep (#3534)
• fa1f490 feat(publish): add --include-private option for testing private packages (#3503)
• afde32e chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 in /website (#3532)
• f444045 chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 (#3531)
• ad39fe2 fix(create): normalize quotes and indents in generated test and lib files (#3529)
• 6b50725 chore: remove non-runtime deps from lerna package.json (#3528)
• f03ee3e feat(publish): recover from network failure (#3513)
• 724633c chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (#3525)
• 937b02a feat(run): allow multiple script targets to be triggered at once (#3527)
• aea79df chore(docs): add lerna watch -- build --include-dependents example (#3512)
• 1fe6188 chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (#3524)
• aaccdfb chore(run): warn in docs about using yarn and passing args to lerna run (#3521)
• b8dff21 chore: ci updates (#3522)
• 70de43c chore: ci updates (#3523)
• 116c62c chore: update docs (#3520)
• 86f8021 chore: apply typo fixes (#3518)
• 69a45de chore(deps): bump ua-parser-js from 0.7.32 to 0.7.33 in /website (#3514)
• fc094da chore: initial codebase refactor (#3517)
• 510c3e9 fix(repair): re-enable repair generators (#3497)
• fcab26a chore(docs): update filter options docs to specify quote necessity (#3496)
• a5217c6 chore(release): v6.4.1
• 24d0d5c fix(run): resolve erroneous failures (#3495)
• 4688f9d chore(docs): remove state of js banner
• eb4a755 chore(docs): add workspace watching feature doc (#3487)

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: sass-loader

The new version differs by 61 commits.

• 3b51d47 chore(release): 8.0.1
• 6c59e37 fix: support webpack@5 (#794)
• 5611f73 docs: improved documentation after breaking changes in release version 8.0.0 (#780)
• 4834287 refactor: use startsWith (#792)
• 22c597b refactor: use Array.includes (#777)
• ed345fa chore(deps): switch to memfs (#791)
• 2e14b68 chore: removed the duplicated prettier config (#781)
• 9274387 chore(deps): update (#772)
• 6d11b7b docs: overhaul readme (#771)
• 185ba80 test: sass modules "@ use" (#770)
• aa9b53b chore(release): 8.0.0
• 45ad0be chore: next (#748)
• 194fea4 chore(release): 7.3.1
• 1175920 fix: minimum `node` version in `package.json` (#733)
• a3ac649 chore(release): 7.3.0
• 6f4ea37 feat: `webpackImporter` option (#732)
• 0330253 docs: standardize readme (#730)
• 997a255 fix: handle module import ending `/` as module (#728)
• 071fa88 test: alias on directory with `_index` file (#727)
• 6be93c8 test: import without quotes (#726)
• dc23895 refactor: code (#725)
• 97c93dd test: manual test (#724)
• b2af379 fix: use "compressed" output when mode is "production" (#723)
• 3545434 refactor: code

See the full diff

Package name: semver

The new version differs by 232 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• 503a4e5 feat: allow identifierBase to be false (#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (#538)
• aa516b5 fix: faster parse options (#535)
• 61e6ea1 fix: faster cache key factory for range (#536)
• f8b8b61 fix: optimistic parse (#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (#533)
• 3f222b1 fix: reuse comparators on subset (#537)
• 113f513 feat: identifierBase parameter for .inc (#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• fb8cf35 15.10.1
• eeed72b Prepare release (#7048)
• 8090553 Document check of configs in release process (#7047)
• 56a545e Security fix for `semver` vulnerability (#7043)
• a42f955 Fix rules documentation for `media-query-no-invalid` (#7044)
• e56aa30 15.10.0
• c9e89eb Prepare release (#6974)
• b8e5317 Fix `selector-type-case` performance (#7041)
• f82a24a Fix `selector-anb-no-unmatchable` performance (#7042)
• 16110fd Revert removed changelog entry (#7039)
• 59d5bf9 Add support JS objects for extends config option (#6998)
• 888192d Fix `patch-package` warning (#7036)
• 74c90b3 Refactor `replaceBackslashes()` test utility to migrate to ESM (#7034)
• 15c15b6 Refactor to use `sourceIndices` utility from `@ csstools/css-parser-algorithms` (#7033)
• 3f91eaa Bump lint-staged from 13.2.2 to 13.2.3 (#7029)
• 3948f47 Bump fast-glob from 3.2.12 to 3.3.0 (#7030)
• 8bb207c Bump typescript from 5.1.3 to 5.1.6 (#7032)
• fff5ee3 Bump eslint from 8.43.0 to 8.44.0 (#7031)
• 5775ba0 Bump @ changesets/cli from 2.26.1 to 2.26.2 (#7028)
• 21e7345 Fix `selector-type-no-unknown` performance (#7027)
• cf73360 Fix `no-descending-specificity` performance (#7026)
• b919a0b Refactor `lib/rules/__tests__/*` test files to migrate to ESM (#7024)
• 366e0d8 Switch Jest `coverageProvider` from `babel` (default) to `v8` (#7025)
• 1d145f9 Refactor `lib/utils/__tests__/*` test files to migrate to ESM (#7022)

See the full diff

Package name: ts-loader

The new version differs by 106 commits.

• 268bc69 chore(deps): upgrade most production deps (#1237)
• e160564 Add a cache to file path mapping (#1228)
• 14fa3f8 Add documentation about performance profiling (#1230)
• 3cc78b8 Fix typo in README.md (#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option (#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (#1217)
• 172ebeb Feature/typescript 4 1 (#1213)
• 0816fe9 Add peer dependencies for Yarn PnP (#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 (#1208)
• 3f73e98 Fix failed builds when using thread-loader (#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (#1202)
• f99c7c4 doc: escape pipe in table (#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning (#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. (#1195)
• cafc933 Fix installation link on README.md (#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (#1182)
• 0767bce add github action status badge (#1190)
• db5ea55 Feature/upgrade testpack to ts4 (#1189)
• 95b6fe8 Uses existing instance if config file is same as already built solution (#1177)
• b38678a Update minimum compiler version to 3.6.3 (#1188)
• f8eba53 Add documentation and example code for projectReferences (#1184)
• 46d9761 Update docs to show transpileOnly does not affect project references (#1175)
• 0e64ceb Fix getOptionsHash when two options has different props but same values. (#1170)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request #11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting asset...