[Snyk] Fix for 29 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GETOBJECT-1054932	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	No Known Exploit
	569/1000 Why? Has a fix available, CVSS 7.1	Arbitrary Code Execution SNYK-JS-GRUNT-597546	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	486/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.3	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:concat-stream:20160901	Yes	Mature
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-jshint

The new version differs by 9 commits.

• cd26571 v0.12.0
• 3a23c20 Bump JSHint to v2.9.1.
• 333d69f Update copyright to 2016
• 6df2d10 CI: Remove node.js '0.12' and add '5'.
• d4f5023 Update CHANGELOG.
• 789f405 Fix typo's typo.
• 547cf4b Update appveyor.yml.
• 810c393 Fix typos in docs.
• aa19a8d CI: test node.js 4.0.

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 74 commits.

• d7704c4 v0.11.1
• c129bf6 Merge pull request [Snyk] Upgrade puppeteer from 22.3.0 to 22.6.1 #377 from avdg/fix-screw-ie8-option-crash
• d74556f Merge pull request [Snyk] Upgrade rollup from 4.12.0 to 4.14.0 #387 from joeldenning/patch-1
• 758b7d5 Merge branch 'master' of github.com:gruntjs/grunt-contrib-uglify
• 92c84c8 Point main to task
• 0b00c0b Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
• 52cc6ae Merge pull request [Snyk] Upgrade @babel/preset-env from 7.24.0 to 7.24.4 #388 from swarajgiri/bump-dependencies
• 2ff0283 Update lodash, maxmin and dev dependencies
• 6352022 Improve documentation for conditional compilation
• a6dd1cb Merge pull request [Snyk] Upgrade puppeteer from 22.3.0 to 22.6.2 #386 from ramswaroop/master
• f3c4592 Update README.md
• ea77dde Merge pull request [Snyk] Upgrade typescript from 5.3.3 to 5.4.3 #375 from jrhite/master
• 63279df Update copyright to 2016
• 71bf6f5 Merge branch 'master' of https://github.com/vibornoff/grunt-contrib-uglify into fix-screw-ie8-option-crash
• be7de43 CI: Remove node.js '0.12' and add '5'.
• 8578547 add handling of mangle_properties regex option in uglifyjs
• 1deb3be v0.11.0
• 13e95a2 Bump uglify-js to v2.6.0.
• 17ee505 Revert "Do not use "^" versions, ever, use ~"
• 2562bb2 v0.10.1
• 326f932 Merge pull request chore(deps): update dependency eslint-plugin-jest to v28 #369 from Rialgar/patch-1
• 7276245 Do not use "^" versions, ever, use ~
• b8bd228 v0.10.0
• e47d9e1 Merge pull request [Snyk] Security upgrade eslint from 8.57.0 to 9.0.0 #361 from UltCombo/patch-1

See the full diff

Package name: grunt-replace

The new version differs by 26 commits.

• e2752e4 Remove .DS_Store from root.
• e57f6ef General improvements and dependencies bump.
• 2133feb Version 1.0.1 released.
• 63eba05 Update README.md file.
• efc6db1 Version 1.0.0 released.
• e9e12cc Version 0.11.0 released.
• a41b97b Version 0.10.2 released.
• e035a65 Earlier version commit.
• f424ba7 Version 0.10.1 released.
• 53a4071 Earlier version commit.
• b9b3b0e Earlier version commit.
• e611189 Earlier version commit.
• 6ee3c84 Earlier version commit.
• caa9d18 Earlier version commit.
• 8e1adf5 Earlier version commit.
• 5657061 Version 0.10.0 released.
• 0d3bf45 Version 0.9.3 released.
• 70776ce Merge pull request chore(deps): update dependency puppeteer to v15.1.1 #77 from donkeybanana/feature/fail-and-warn
• dba9d08 Support grunt.fail.warn via options.pedantic when no matches exist. fixes donkeybanana/grunt-replace#1
• 9ba2bae Version 0.9.2 released.
• 1c1d4ca Version 0.9.1 released.
• a20c980 Update readme file.
• e56e513 Version 0.9.0 released.
• 6b201a2 Fixes Update dependency to d3.js v7.4.0 #43, add new silent flag and closes chore(deps): update dependency puppeteer to v14 #62.

See the full diff

Package name: karma

The new version differs by 250 commits.

• 16010eb chore(release): 5.0.8 [skip ci]
• a409696 chore: remove unused `grunt lint` command (#3515)
• 47f1cb2 fix(dependencies): update to latest log4js major (#3514)
• b60391f fix(dependencies): update and unlock socket.io dependency (#3513)
• 4d49948 chore(release): 5.0.7 [skip ci]
• f399063 fix: detect type for URLs with query parameter or fragment identifier (#3509)
• 17b50bc chore(release): 5.0.6 [skip ci]
• 0cd696f fix(dependencies): update production dependencies (#3512)
• 7c24a03 chore: fix broken HTML markup in the changelog file (#3507)
• fdc4f9d refactor(test): remove no debug matching option (#3504)
• 35d57e9 chore(release): 5.0.5 [skip ci]
• e99da31 fix(cli): restore command line help contents (#3502)
• 4f2fe56 chore: add Node 14 to the build matrix (#3501)
• 100b227 refactor(test): move execKarma into the World (#3500)
• f375884 refactor(test): reduce execKarma to a reasonable size (#3496)
• a3d1f11 refactor(test): add common method to start server in background (#3495)
• e4a5126 refactor(test): write config file in its own steps (#3494)
• 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic (#3493)
• b788f94 refactor(test): extract proxy into a separate Given claim (#3492)
• 633f833 chore(release): 5.0.4 [skip ci]
• 810489d refactor(test): migrate Proxy to ES2015 (#3490)
• fa95fa3 fix(browser): make sure that empty results array is still recognized (#3486)
• 255bf67 refactor(test): migrate World to ES2015 (#3489)
• be5db67 chore(test): remove usage of deprecated defineSupportCode (#3488)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic