[Snyk] Fix for 1 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: add-asset-html-webpack-plugin

The new version differs by 61 commits.

• da0dea5 docs: remove `david` from readme
• 7265aba fix: update globby to v11 (feat(sourcemap): Proper source maps for 3rd party packages PatrickJS/PatrickJS-starter#248)
• b9bacc2 docs: update readme withcorrect version ranges
• 4073291 fix: update micromatch to v4 (Adding a UI framework PatrickJS/PatrickJS-starter#199)
• 8387886 fix: remove the hash calculation if hash exists (Include vendor chunk when creating common chunk PatrickJS/PatrickJS-starter#159)
• e84e7d5 fix: fix "compilation.emitAsset" with more than 1 HtmlWebpackPlugins (Get rid of require() in vendor.ts PatrickJS/PatrickJS-starter#236)
• 87590ef chore(ci): cancel in progress builds
• d37deb4 chore(deps): lock file maintenance (Testing - imported module - not exists PatrickJS/PatrickJS-starter#224)
• 0a123f9 chore: lock down stack-utils
• c949ee0 chore: lock down anymatch dependency
• 49eaf2e chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 ({%= o.webpackConfig.metadata.title %},what this is? PatrickJS/PatrickJS-starter#225)
• 75bf092 chore(deps): bump path-parse from 1.0.6 to 1.0.7 (Add CompressionPlugin PatrickJS/PatrickJS-starter#234)
• 316c03a chore(deps): update codecov/codecov-action action to v2 (Serving assets in npm start PatrickJS/PatrickJS-starter#232)
• ed9e132 chore(deps): bump tmpl from 1.0.4 to 1.0.5 (feat(webpack): add compression plugin PatrickJS/PatrickJS-starter#237)
• c5cf273 chore(deps): bump ws from 5.2.2 to 5.2.3 (Typings main.d.ts not referenced in tsconfig.json? PatrickJS/PatrickJS-starter#244)
• 6a994ea chore: run tests on node 16 and 17 (how to remove testing files dependency PatrickJS/PatrickJS-starter#243)
• 42a345a chore(deps): bump browserslist from 4.16.3 to 4.16.6 (under windows - ERROR in HtmlWebpackPlugin: template error TypeError: tmpl is not a function PatrickJS/PatrickJS-starter#227)
• 041b842 chore(deps): bump lodash from 4.17.20 to 4.17.21 (Error in phpStorm PatrickJS/PatrickJS-starter#223)
• 77fc7fb chore: lock down merge2
• af3572e chore: automerge lockfile PRs
• 718473c chore(deps): update actions/setup-node action to v2.1.5 (updated readme PatrickJS/PatrickJS-starter#205)
• 0ed36d8 chore: add renovate
• a467638 chore(deps): bump ssri from 6.0.1 to 6.0.2 (chore(angular2 webpack starter): Uncaught TypeError PatrickJS/PatrickJS-starter#203)
• ca2fb77 chore: increase timeout for puppeteer test

See the full diff

Package name: copy-webpack-plugin

The new version differs by 151 commits.

• 46af20a chore(release): 7.0.0
• 5d5635f refactor: code (chore: remove unused import PatrickJS/PatrickJS-starter#567)
• c6f68a5 refactor: code
• 4cea28b refactor: next
• 6c11e21 chore(release): 6.4.0
• db53937 feat: added the `info` option
• 9bc5416 feat: added type `Function` for the `to` option (unit tests before e2e tests PatrickJS/PatrickJS-starter#563)
• 7167645 chore(release): 6.3.2
• 7b58fd9 fix: watching directories (Update karma-chrome-launcher to version 1.0.1 🚀 PatrickJS/PatrickJS-starter#558)
• 5215721 chore(release): 6.3.1
• c92b5ee style: default prettier options (remove selenium jar path PatrickJS/PatrickJS-starter#556)
• b996923 fix: watching (Added MdRadioGroup (it was throwing an error without) PatrickJS/PatrickJS-starter#555)
• fa5aa1b chore(release): 6.3.0
• bc2833e refactor: fix cache (Update Bootstrap 4 wiki PatrickJS/PatrickJS-starter#549)
• 87a8486 chore(deps): update (Issue installing PatrickJS/PatrickJS-starter#547)
• b827c6e refactor: logger (Update codelyzer to version 0.0.18 🚀 PatrickJS/PatrickJS-starter#545)
• f98be10 refactor: handle errors (Wallaby.js , Runtime error: reflect-metadata shim is required when using class decorators at undefined: PatrickJS/PatrickJS-starter#544)
• b971374 refactor: code (Update codelyzer to version 0.0.17 🚀 PatrickJS/PatrickJS-starter#543)
• db2e3bf feat: added the `sourceFilename` info (original source filename) to assets info (Update codelyzer to version 0.0.16 🚀 PatrickJS/PatrickJS-starter#542)
• c892451 feat: persistent cache between compilations (webpack@5 only) (lots of warnings with primeng PatrickJS/PatrickJS-starter#541)
• 93936a0 chore(deps): update (Yoeman  PatrickJS/PatrickJS-starter#540)
• 36ff46a ci: updated webpack versions application in the subfolder PatrickJS/PatrickJS-starter#536
• bd09a24 ci: updated webpack versions
• fb60b9b chore(release): 6.2.1

See the full diff

Package name: gh-pages

The new version differs by 43 commits.

• a8478a8 2.2.0
• 8bb003c Log changes
• 5bf8204 Merge pull request rimraf missing on Windows platform PatrickJS/PatrickJS-starter#318 from okuryu/dist
• 169f29b Merge pull request Webpack Dev Server Hot Module Reload PatrickJS/PatrickJS-starter#319 from Sag-Dev/master
• ff212fe Merge pull request TSD is deprecated PatrickJS/PatrickJS-starter#323 from tschaub/updates
• 3dcf9ea Update dependencies
• f6bb57b Update dev dependencies
• 6b87c84 Merge pull request proposal - split vendor from code PatrickJS/PatrickJS-starter#277 from dplusic/feature/no-history
• e73d921 cli: add `--no-history` flag not to preserve deploy history
• 1f313c7 Use path.resolve() instead
• a5f6b56 Added 'remove' documentation to 'readme.md'
• 1f0e59f Allow an absolute path as dist directory
• 0249ac9 2.1.1
• aa27355 Log changes
• 3a92063 Add MIT license
• 3cb4f30 Merge pull request Errors running server:dev on windows PatrickJS/PatrickJS-starter#312 from tschaub/git-default
• 0b3f02c Use default for git
• ba7e5e1 2.1.0
• 28f006b Log changes
• 47d051b Merge pull request Three production bundles (main, polyfills and 1) PatrickJS/PatrickJS-starter#307 from tschaub/updates
• 76288c5 Update dev dependencies
• 496aeb4 Audit fix
• 5bcf217 Test for git option
• 2fb83f5 Merge pull request duplicate declarations PatrickJS/PatrickJS-starter#303 from JRJurman/patch-1

See the full diff

Package name: karma-coverage

The new version differs by 36 commits.

• 32acafa chore(release): 2.0.2 [skip ci]
• bb8f9ee chore: add semantic-release for project - fix Remove unnecessary comma and empty line PatrickJS/PatrickJS-starter#408 (Routes in components (navbar) not working in prod PatrickJS/PatrickJS-starter#413)
• 9c37de6 chore: add check commit message (PrimeNG integration PatrickJS/PatrickJS-starter#411)
• 27822c9 ci(test): use eslint as ci command and add all js files to check by eslint (Websockets and proxy PatrickJS/PatrickJS-starter#410)
• 1adb27a ci: drop node 8, adopt node 12 (add whitespace PatrickJS/PatrickJS-starter#409)
• 4962a70 fix(reporter): update calls to match new API in istanbul-lib-report fix IE11 is still broken in Prod with uglify plugin PatrickJS/PatrickJS-starter#398 (Build Configuration Customisation PatrickJS/PatrickJS-starter#403)
• fc6e289 refactor: remove isAbsolute and replace with path.isAbsolute (Set default state of a checkbox PatrickJS/PatrickJS-starter#405)
• 83bafc3 refactor: replace migrate coffee unit tests to modern JS (Update dependencies PatrickJS/PatrickJS-starter#407)
• 49f174d refactor: onRunComplete method to upgrade on new major version of Istanbul (Kendo? Grid? PatrickJS/PatrickJS-starter#406)
• 4cfa697 chore: Update dev Dependencies eslint and load-grunt-tasks (Bump tslint-loader to 2.1.3  PatrickJS/PatrickJS-starter#387)
• 5cf931a fix: remove information about old istanbul lib (update to beta.9 PatrickJS/PatrickJS-starter#404)
• 352254a chore(deps): bump handlebars from 4.1.2 to 4.5.3 (Module parse failed PatrickJS/PatrickJS-starter#399)
• 0ee780c chore(deps): bump lodash.template from 4.4.0 to 4.5.0 (Bootstrap 4 + Sass setup fails on fresh install PatrickJS/PatrickJS-starter#392)
• d18cde4 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (Prod build crashes after today's changes PatrickJS/PatrickJS-starter#397)
• 55aeead Update Source Map Handling (reflect-metadata shim is required when dist folder deployed to server PatrickJS/PatrickJS-starter#394)
• b23664e Added debug msg whether coverage is in reporters (Is the development experience supposed to be that slow? PatrickJS/PatrickJS-starter#396)
• d3f53e3 chore(all): Migrate to ES6 (Minify html template PatrickJS/PatrickJS-starter#385)
• 9c8a222 Make travis file simpler (Best way to pass variables through Webpack? PatrickJS/PatrickJS-starter#386)
• b76db9e Remove unused dateformat dependency (developement mode fails in IE11, latest beta.8 PatrickJS/PatrickJS-starter#384)
• 075ece0 Remove unused istanbul dependency (Import with alias PatrickJS/PatrickJS-starter#382)
• 9184fc0 chore: release v2.0.1
• 57d4bd3 chore(deps): npm audit fix --force; update travis.yml (How to deploy with PM2? PatrickJS/PatrickJS-starter#380)
• 0e2800b chore: release v2.0.0
• 99c0c35 chore: update contributors

See the full diff

Package name: node-sass

The new version differs by 90 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: protractor

The new version differs by 63 commits.

• 5d8da04 chore(release): version bump to 6.0.0 and update the changelog
• d777738 chore(tests): circleci - chrome 69 requires chromdriver to 2.44 (#5182)
• 3d50b68 chore(deps): update based on npm audit
• e478ba8 chore(release): bump version to 6.0.1-beta
• 7054827 chore(types): fix types to use not @ types/selenium-webdriver (#5127)
• 2e5c2e6 chore(jasmine): prevent random execution order in jasmine 3 (#5126)
• 8afc4e2 chore(release): release 6.0.0-beta and update the changelog
• 5fd711c chore(webdriver-manager): use webdriver-manager@13.0.0-beta
• 96ae17c deps(jasmine): upgrade jasmine 3.3 (#5102)
• 68491dd chore(expectedConditions): update generic Function typings (#5101)
• cf43651 chore(debugprint): convert debugprint to TypeScript (#5074)
• d213aa9 deps(selenium): upgrade to selenium 4 (#5095)
• 4672265 chore(browser): remove timing issues with restart and fork (#5085)
• b4dbcc2 chore(elementexplorer): remove explorer bin file (#5094)
• 7de6d85 docs(api): update examples to use async/await (#5081)
• 1b2036e typings(selenium): try out new version of typings (#5084)
• befb457 chore(bin): update webdriver-manager require to use the cli (#5093)
• 509f1b2 deps(latest): upgrade to the gulp and typescript (#5089)
• 2def202 deps(webdriver-manager): use replacement (#5088)
• 9d510db chore(test): remove jasmine addMatcher test (#5072)
• 6522e40 chore(cleanup): clean up imports and wdpromises (#5073)
• 3b8f263 chore(ignoreSynchornization): clean up to use waitForAngularEnabled (#5071)
• ffa3519 chore(debugger): remove debugger and explore methods (#5070)
• 0f7a38a chore(test): error tests fixed (#5069)

See the full diff

Package name: rimraf

The new version differs by 52 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Package name: typedoc

The new version differs by 250 commits.

• bde0b6a chore: Bump version to 0.21.0
• 83a7eef chore: Sort thanks in changelog
• 371e035 chore: Upgrade dependencies
• a618f20 Merge remote-tracking branch 'origin/master' into beta
• 6b69252 chore: Bump version to 0.20.37
• 0e8d429 fix: Pin `marked` dependency to 2.0.x (Added yarn lock file PatrickJS/PatrickJS-starter#1602)
• 90cd4a0 chore: Bump version to 0.21.0-beta.4
• 6789331 chore: Remove outdated note in readme
• 1b1cd14 fix: Correctly handle comments on function type aliases
• 1dc5659 fix: Setters should always have a `void` return type
• d9e66b2 chore: Bump version to 0.21.0-beta.3
• 3f39508 fix: Resolve paths in option files according to the config directory
• 858b231 chore: Refactor tests to reduce runtime
• ec18bb0 Revert "feat: Add disableAliases option (add vars from external config files PatrickJS/PatrickJS-starter#1576)"
• 6d215df feat: Improve monorepos by adding support for TS entry points (Upgrade abnormal PatrickJS/PatrickJS-starter#1596)
• f95e456 chore: Bump version to 0.21.0-beta.2
• e142f00 chore: Fix lint
• 9f56423 chore: Fix lint
• 269cf08 chore: Move package tests into TD repo
• 15c0552 feat: Support for monorepos
• 2c2b91b chore: Bump beta version
• 9e94e5c chore: Fix tests when compiling with strict=false
• b2165d3 chore: Upgrade beta version
• 5a6a125 chore: Upgrade prettier

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request #11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request #11690 from webpack/bugfix/11673
• 234373e Merge pull request #11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request #11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request #11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request #11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request #11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request #11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5aad1e7 chore(release): 4.8.0
• 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (#4368)
• 7920364 feat: export initialized socket client (#4304)
• 4e7800e chore: update webpack (#4367)
• fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (#4366)
• 67c080b chore(deps-dev): bump puppeteer from 13.5.1 to 13.5.2 (#4361)
• 56ec411 chore(deps): bump html-entities from 2.3.2 to 2.3.3 (#4358)
• ca8a53a chore: update deps and fix audit (#4356)
• 501f6aa chore(deps-dev): bump @ babel/runtime
• 7d2b4f0 chore(deps-dev): bump @ babel/core
• 95e26fe test: add cases for `webSocketURL` with `server` option (#4346)
• 84b4774 chore: migrate script for examples on `setupMiddlewares` option (#4347)
• a7ccab1 chore: replace deprecated String.prototype.substr() (#4343)
• 1bf2614 chore(deps-dev): bump lint-staged from 12.3.6 to 12.3.7 (#4344)
• 188497a chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 (#4339)
• 7560a37 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.6 (#4341)
• dc2d6f7 chore(deps): bump http-proxy-middleware from 2.0.3 to 2.0.4 (#4333)
• 552e4ab chore(deps-dev): bump @ babel/runtime
• af3de07 chore(deps-dev): bump @ babel/core
• a80fa1f chore(deps): bump @ types/ws
• 457e1e5 chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 (#4334)
• b48ff7f chore(deps-dev): bump puppeteer from 13.5.0 to 13.5.1 (#4330)
• 3ce15d4 chore(deps-dev): bump puppeteer from 13.4.1 to 13.5.0 (#4329)
• a892235 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (#4328)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.