[Snyk] Fix for 54 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-535499	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	Yes	Proof of Concept
	600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540960	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540962	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540966	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540968	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540970	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540972	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-540974	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-540984	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540986	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODESASS-540988	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-NUNJUCKS-1079083	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Directory Traversal npm:koa-static-cache:20170613	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 8 commits.

• 0d366a6 0.15.0
• a78e007 Merge pull request #78 from webpack/postcss
• 633cdec move importPrefix into separate file
• e1c20e7 added import var test case
• 927420e added import string test
• 623b197 add useful minimize options
• 421c2d4 added test case for minimized plus local
• 420bd9e Use PostCSS

See the full diff

Package name: extract-text-webpack-plugin

The new version differs by 126 commits.

• 5268d14 chore(release): 2.0.0
• 518e54d Merge pull request #429 from helloyou2012/master
• 16e7601 fix deprecation warning (close #427)
• a078c82 Merge pull request #419 from webpack-contrib/d3viant0ne-JSFMaintainers
• facb563 docs(readme): updates for JSF maintainers
• b755a1f Merge pull request #414 from ShinyChang/patch-1
• 28dca8a Update README.md
• 261df23 Merge pull request #402 from webpack-contrib/remove-remove-and-do-dependency
• 6d42658 Merge pull request #400 from GeorgeTaveras1231/patch-1
• ad44d20 Merge pull request #411 from BorodinDemid/patch-1
• 78d0947 Merge pull request #413 from scottdj92/master
• 3d9f857 fix typo in readme
• 7097a1d make extracting Sass/LESS more clear
• 91befda Merge pull request #394 from pndewit/master
• c307def Merge pull request #395 from billgo/patch-1
• 61c5672 Update README.md
• 002c887 Merge pull request #409 from simon04/patch-1
• 52950f3 README: add install instructions for webpack 2
• a768464 inline removeAndDo dep to webpack internal lib
• 15dbccb Adhere to module schema in README
• ca96b7b Update README.md
• 9311650 docs - adds array type for options.use and options.fallback
• e831507 2.0.0-rc.3
• d279b25 Merge pull request #391 from bebraw/ignore-fix

See the full diff

Package name: happypack

The new version differs by 61 commits.

• c93d33d Release 4.0.0-beta.5
• e86e33c make it work with cache-loader
• c99b827 Release 4.0.0-beta.4
• 13612f8 set default bufferedMessaging in ThreadPool
• 35947c0 provide correct args for process.send() on node 4
• f66a613 buffer process.send() calls on Windows
• 009581d Correct link to TS example
• 50fbd32 Release 4.0.0-beta.2
• 54fb685 Update and run all examples against webpack 1,2,3
• 593503b Specify chai as dep of test utils
• eeeb6a0 Specify dependencies of tests
• c8ae100 Update npm ignores
• c7235f2 Move test utils to their own package
• 6dac270 Run tests against webpack 1, 2, and 3
• 3dfc59f serialize errors in emitWarning and emitError
• 9a14f97 amend usage of fork-ts-checker-plugin as blockEmit removed (and the example is more complex than necessary - my bad)
• caaed26 Correct information re TS in readme
• 945d8e4 Add TS compatibility section to README
• cb01dae Fix ts-loader example
• 9d258be Added ts-loader example
• 6d7c2d6 Fix broken markdown link
• 44ce4fe Reduce bogus in README
• 01b01d6 Use loaderUtils.getOptions instead of .parseQuery
• 515cc1b Drop node 0.12 from travis

See the full diff

Package name: image-webpack-loader

The new version differs by 115 commits.

• ce6f669 4.5.0
• d0b73ec Merge pull request #172 from aaboyd/master
• e0de6ed Update imagemin dependencies to latest version
• c7b50a6 Merge pull request #169 from markwoon/patch-1
• b8d9ea2 Remove unnecessary peer dependency
• c3bb33f 4.4.0
• e41a33e Merge pull request #165 from maturanomx/master
• de849ec Update `imagemin-pngquant` version
• 0942611 Merge pull request #163 from amilajack/patch-1
• 757072f Fix failing CI
• 9b568be Tests against latest node on CI
• 8f874ac update some packages
• 6337d3a 4.3.1
• 605862b Merge pull request #157 from goto-bus-stop/dev-webpack
• 2bcd82f Move webpack-cli to devDependencies
• a797c9b 4.3.0
• f864e8a Merge pull request #156 from Eterion/master
• ea8107f Update of imagemin dependencies
• e424808 Disable option for webpack@2.x
• 4dcac71 Added package-lock and rm -rf replaced with rimraf for windows compatibility
• 84f3122 Merge pull request #155 from DanielMSchmidt/danielmschmidt/webpack-4-support
• ac03972 add support for webpack 4
• b30e0fb Merge pull request #152 from DanielMSchmidt/add-webpack-3
• b247cac Merge pull request #151 from DanielMSchmidt/add-ci

See the full diff

Package name: koa-onerror

The new version differs by 4 commits.

• dc2d339 Release 3.0.0
• e8ea0f6 fix: Send default text/plain body if message is undefined
• 70ca644 fix: lint
• 6aa55e7 refactor: remove nunjucks

See the full diff

Package name: koa-static-cache

The new version differs by 7 commits.

• a71ecb5 Release 4.1.1
• dbfa92e fix: only load file under options.dir (#66)
• 6e310c3 test: test on 8, remove 0.12
• b12e585 Release 4.1.0
• b84ea6d feat: files support lru (#64)
• 0ee8be8 Release 4.0.0
• 68081c3 refactor: check prefix first to avoid calculate (#56)

See the full diff

Package name: node-sass

The new version differs by 250 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 2 commits.

• 3b217bc 2.0.0
• 5a9f467 Move cssnano dependency to peerDependencies

See the full diff

Package name: postcss-loader

The new version differs by 205 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (#375)
• 114db12 docs(README): add autoprefixing example (#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (#379)

See the full diff

Package name: sass-loader

The new version differs by 18 commits.

• c42086e 4.0.1
• 2ee710a Update CHANGELOG
• 08090a8 Add small improvements after merging https://github.com/Use resoucePath for custom importers webpack-contrib/sass-loader#267
• 5dc9c2a Update dependencies
• 327de9c Merge pull request #267 from chrisfitz/master
• fd6be1f Use resoucePath for custom importers
• 11aaf06 Merge branch 'release/v3.2.3'
• 15a4b89 3.2.3
• e2a8491 Update CHANGELOG
• 43d6d14 4.0.0
• ca6638a Update CHANGELOG
• 13287b1 3.2.2
• 2219b4d Update CHANGELOG
• e0ce2b4 Merge pull request #250 from cevou/sourcemaps-path
• ad89943 Update dependencies
• 9d27799 Merge pull request #228 from eastwood/patch-1
• e0923ab Fix file path in source maps
• 8a5d964 Update README information

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (#87)
• 636ebed feat: add `fallback` option (#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (#89)
• 2de70bb docs(README): fix typo in example (#81)
• ced5990 feat(index): add options validation (`schema-utils`) (#78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request #5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request #5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary Code Execution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn