[Snyk] Fix for 11 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 98 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (No trace or debug information on fatal errors styleguidist/react-styleguidist#860)
• e7525c9 test: nested url (feat: change template container id to prevent clashes styleguidist/react-styleguidist#859)
• 7259faa test: css hacks (fix order for components and sections styleguidist/react-styleguidist#858)
• 5e6034c feat: allow to filter import at-rules (Chore: update to webpack 4 styleguidist/react-styleguidist#857)
• 5e702e7 feat: allow filtering urls (Snyk test fails due to old webpack-dev-server styleguidist/react-styleguidist#856)
• 9642aa5 test: css stuff (fix(package.json): Updating html-webpack-plugin, fixing compilation.m… styleguidist/react-styleguidist#855)
• 3338656 fix: reduce number of require for url (order for sections and components if they are in the same section styleguidist/react-styleguidist#854)
• 533abbe test: issue 636 (Use .babelrc for markdown generated examples styleguidist/react-styleguidist#853)
• 08c551c refactor: better warning on invalid url resolution (Use hr component in markdown styleguidist/react-styleguidist#852)
• b0aa159 test: issue Support for flow 53 styleguidist/react-styleguidist#589 (Build doesn't work styleguidist/react-styleguidist#851)
• f599c70 fix: broken unucode characters (can't get basic styled components with @component annotation jsdoc working styleguidist/react-styleguidist#850)
• 1e551f3 test: issue 286 (fix: configure webpack 4 styleguidist/react-styleguidist#849)
• 419d27b docs: improve readme (Is it possible to not document some components styleguidist/react-styleguidist#848)
• d94a698 refactor: webpack-default (Replace webpack with Parcel-Bundler? styleguidist/react-styleguidist#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (StencilJs support with react renderer styleguidist/react-styleguidist#845)
• 8a6ea10 refactor: postcss plugins (refactor: introduce Table components for use in Markdown #613 styleguidist/react-styleguidist#844)
• fdcf687 fix: url resolving logic (Issue #774: Adding support to location array styleguidist/react-styleguidist#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Wrap Examples in Fragment styleguidist/react-styleguidist#842)
• ee2d253 test: importLoaders option (Modifier to add whitespace between example components styleguidist/react-styleguidist#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Wrap examples in React.Fragment styleguidist/react-styleguidist#840)
• fe94ebc test: icss reserved keywords (Drop Node 4 support #744 styleguidist/react-styleguidist#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Fix broken link on the docs styleguidist/react-styleguidist#838)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: ora

The new version differs by 12 commits.

• 91dcdaa 1.4.0
• 5fed76b Make `stopAnPersist()` not run if spinner is not enabled ([Snyk] Security upgrade lodash from 4.17.4 to 4.17.17 #56)
• d348cbd Compress the screenshot with SVGO
• 9727444 Use animated SVG demo ([Snyk] Fix for 1 vulnerabilities #66)
• 0018549 Add Rust port to the Related section ([Snyk] Fix for 1 vulnerabilities #64)
• 7e319bd Remove Code Sponsor
• 90168b4 Add halo to the Related section in the readme ([Snyk] Security upgrade lodash from 4.17.4 to 4.17.17 #63)
• f8d3705 Try out CodeSponsor
• 7fec243 Update dependencies ([Snyk] Fix for 1 vulnerabilities #60)
• a1d89fb Clarify `.promise` usage ([Snyk] Security upgrade lodash from 4.17.4 to 4.17.17 #57)
• c53e7e7 Update to chalk 2 ([Snyk] Security upgrade lodash from 4.17.4 to 4.17.20 #55)
• f1d5b51 Add link to CLISpinner repo ([Snyk] Security upgrade lodash from 4.17.4 to 4.17.20 #51)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5280ee7 docs: fix typo
• d834582 chore(release): 4.7.3
• 7b8c85b chore(deps): update `selfsigned` (#4170)
• d598325 chore: fix lint
• c1907f1 refactor: remove redundant `if` statements (#4158)
• e535f25 ci: debug (#4144)
• 75999bb chore(release): 4.7.2
• 90a96f7 ci: fix (#4143)
• f6bc644 fix: compatible with `onAfterSetupMiddleware`
• 317e4b9 docs: fix testing instructions (#4133)
• ff4550e test: remove redundant test cases related to 3rd party code (#4131)
• 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
• afe4975 chore(release): 4.1.7
• 4e5d8ea fix: droped `url` package (#4132)
• b0c98f0 chore(release): 4.7.0
• 3138213 chore(deps): update (#4127)
• 8f02c3f feat: added types
• f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
• 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
• f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
• c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
• 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
• f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
• c13aa56 feat: added the `setupMiddlewares` option (#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn