[Snyk] Fix for 29 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Arbitrary Code Execution SNYK-JS-REACTDEVUTILS-72875	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-URLPARSE-543307	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:react-dom:20180802	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: chrome-webstore-upload-cli

The new version differs by 29 commits.

• 5b715f8 2.0.0
• 3c1990d Improve errors ([Snyk] Fix for 1 vulnerabilities #55)
• 71f6a26 Use async functions ([Snyk] Security upgrade chrome-webstore-upload-cli from 1.1.1 to 2.0.0 #54)
• 45fd16b Rename CLI command from `webstore` to `chrome-webstore-upload` ([Snyk] Fix for 1 vulnerabilities #53)
• 51eddc7 `clientSecret` is not required if token is for "Chrome App" ([Snyk] Security upgrade axios from 0.18.0 to 0.21.3 #52)
• 1829794 Turn into ES Module + update all dependencies ([Snyk] Security upgrade webpack-dev-server from 2.9.4 to 4.0.0 #51)
• 41f8a0c Lint
• ab45eda Add more information to the readme
• 8eb5157 Run CI on Node 12, 14, 16
• 55d2d6c Upgrade `ava` and `meow` ([Snyk] Security upgrade css-loader from 0.28.7 to 1.0.0 #49)
• 281faac 1.2.2
• c86232c Meta updates and enable GitHub Actions ([Snyk] Security upgrade css-loader from 0.28.7 to 1.0.0 #48)
• 3b176ec Upgrade meow dependency to v5.0.0 ([Snyk] Fix for 1 vulnerabilities #47)
• a65728a Readme: Add FACEIT Enhancer to the extensions using it ([Snyk] Security upgrade url-parse from 1.4.3 to 1.5.0 #42)
• 354133d 1.2.1
• 89e3369 `clientSecret` is no longer required
• 86146ee Added environment variables documentation to Options ([Snyk] Security upgrade webpack-dev-server from 2.9.4 to 3.1.6 #39)
• 76d2703 Mention Travis guide in eadme ([Snyk] Fix for 1 vulnerabilities #38)
• 114d334 Add license ([Snyk] Security upgrade axios from 0.18.0 to 0.21.1 #41)
• 4ba32cb Drop outdated projects from list, keep popular ones
• fcf4b0a 1.2.0
• 9a83acf Support trustedTesters (Remove tips from interface when user did not write anything #18)
• 514d661 Add Refined Twitter to the extensions using it ([Snyk] Security upgrade webpack from 3.8.1 to 4.0.0 #30)
• f0663bb Add Refined GitHub to the extensions using it ([Snyk] Security upgrade jest from 20.0.4 to 24.0.0 #28)

See the full diff

Package name: css-loader

The new version differs by 98 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: [email protected] (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: [email protected] (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: file-loader

The new version differs by 9 commits.

• 1451b1e chore(release): 1.1.7
• 98bf052 fix(index): don't concat `options.outputPath` and `options.publicPath` (#246)
• 9ee8332 docs(README): add `regExp` option (`options.regExp`) (#244)
• f62bc44 chore(package): update `schema-utils` v0.3.0...0.4.5 (#245)
• ef5688e docs(README): correct default value for `digestType` (`hashes`) (#239)
• d965494 chore(release): 1.1.6
• 1e4b7cf fix: rootContext compatibility fix for legacy / v4 (#237)
• 0c4cdc2 docs(README): correct the default value for `[hash:<length>]` (#230)
• 52c882e test: standardize test configuration (#214)

See the full diff

Package name: html-webpack-plugin

The new version differs by 203 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 5 commits.

• 60c8e5f chore(deps): upgrade `postcss` to `7` ([Snyk] Security upgrade webpack-dev-server from 2.9.4 to 4.0.0 #51)
• 7974ef7 Update README.md ([Snyk] Fix for 1 vulnerabilities #47)
• d9d3955 Revert "Revert Autoremoval of 0% Basis" ([Snyk] Security upgrade css-loader from 0.28.7 to 1.0.0 #46)
• bae98c0 Push changelog
• fe6215e Revert Autoremoval of 0% Basis ([Snyk] Security upgrade jest from 20.0.4 to 24.0.0 #43)

See the full diff

Package name: postcss-loader

The new version differs by 54 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (#375)
• 114db12 docs(README): add autoprefixing example (#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (#379)

See the full diff

Package name: style-loader

The new version differs by 14 commits.

• 5d73db7 chore(release): 0.20.0
• 08ce425 chore(package): update dependencies
• 28f603f refactor: remove comments from bundle source code
• dda8b89 test: rename && update HMR tests
• 23c3567 fix(options): add `transform` option validation (`{String}`)
• e0c4b19 fix(options): support passing a `{Function}` (`options.insertInto`)
• ac8430c ci(travis): update `node` v4.3.0...4.8.0
• 0eb8fe7 feat: support passing a `{Function}` (`options.insertInto`) (#279)
• 3a4cb53 fix(index): enable HMR in case `locals` (`css-modules`) are unchanged (#298)
• 9b46128 fix(addStyles): check if `HTMLIFrameElement` exist (#296)
• a7734e6 chore(package): update repository url (#290)
• 6ca2ecb chore(release): 0.19.1
• 2bfc93e fix(addStyles): correctly check `singleton` behavior when `{Boolean}` (`options.singleton`) (#285)
• 57c457d docs: fixed missing commas in configuration examples (#266)

See the full diff

Package name: url-loader

The new version differs by 11 commits.

• 0eeaaa9 chore(release): 1.0.0
• 0390cdb test: standardize (`@ webpack-contrib/test-utils`) (#114)
• 457618b fix(index): use `Buffer.from` instead of deprecated `new Buffer` (#113)
• b4be0c8 ci(circle): Fix rebuild issues
• 4a62cd5 ci(circle): Generate checksum from lock file
• 5aeba3e chore: Update to defaults rc.1
• 3c87902 chore(release): 1.0.0-beta.0
• b61859c chore: Fix package.json prop ordering
• f9174d2 docs(readme): Updates coverage badge
• 5ce17f7 docs(readme): Update CI status badge
• 073b588 refactor: apply `webpack-defaults` (#102)

See the full diff

Package name: url-parse

The new version differs by 47 commits.

• 201034b [dist] 1.5.2
• 2d9ac2c [fix] Sanitize only special URLs (#209)
• fb128af [fix] Use `'null'` as `origin` for non special URLs
• fed6d9e [fix] Add a leading slash only if the URL is special
• 94872e7 [fix] Do not incorrectly set the `slashes` property to `true`
• 81ab967 [fix] Ignore slashes after the protocol for special URLs
• ee22050 [ci] Use GitHub Actions
• d2979b5 [fix] Special case the `file:` protocol (#204)
• 9f43f43 [pkg] Update browserify to version 17.0.0
• af84da0 [test] Fix multiple mixed slashes test
• eb6d9f5 [dist] 1.5.1
• 750d8e8 [fix] Fixes relative path resolving #199 #200 (#201)
• 3ac7774 [test] Make test consistent for browser testing
• 267a0c6 [dist] 1.5.0
• d1e7e88 [security] More backslash fixes (#197)
• d99bf4c [ignore] Remove npm-debug.log from .gitignore
• 422c8b5 [pkg] Replace nyc with c8
• 933809d [pkg] Move coveralls to dev dependencies
• 190b216 [pkg] Add .npmrc
• ce3783f [test] Do not test on all available versions of Edge and Safari
• 77c1184 [pkg] Update mocha to version 8.0.1
• 673c3a7 [travis] Test on node 14
• 08fd2cc [pkg] Update mocha to version 7.0.1 (#189)
• 3ce7824 [pkg] Update nyc to version 15.0.0 (#188)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request #8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request #8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request #8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for #8293
• af123a8 Merge pull request #8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request #8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request #8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request #8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c5b9c7e chore(release): 4.6.0
• 1ba9720 fix: reload on warnings (#4056)
• 5026601 feat: allow to pass all `chokidar` options (#4025)
• 7e78bfa chore(deps-dev): bump webpack from 5.64.2 to 5.64.3 (#4054)
• f2a7d16 chore(deps-dev): bump memfs from 3.3.0 to 3.4.0 (#4055)
• d104b58 chore: remove redundant `eslint-disable` comments (#4053)
• e6330f5 chore: remove redundant snapshots (#4052)
• cf26a3f chore(deps): bump ws from 8.2.3 to 8.3.0 (#4051)
• 7823237 chore(deps-dev): bump lint-staged from 12.1.1 to 12.1.2 (#4048)
• 9b32c96 fix: reconnection logic (#4044)
• 5e7c001 chore(deps-dev): bump eslint from 8.2.0 to 8.3.0 (#4045)
• 12d6d52 chore(deps-dev): bump lint-staged from 12.0.2 to 12.1.1 (#4047)
• 7ed2ba3 chore(deps-dev): bump webpack from 5.64.1 to 5.64.2 (#4046)
• b497f68 docs: fix typo (#4042)
• 285487f chore(deps): remove unused (#4036)
• a19ee71 chore(deps-dev): bump acorn from 8.5.0 to 8.6.0 (#4040)
• 497e615 chore(deps): bump webpack-dev-middleware
• ec882db chore(deps-dev): bump typescript from 4.4.4 to 4.5.2 (#4034)
• 7d117de chore: update dependencies (#4033)
• a5b1c70 chore: update `schema-utils` (#4032)
• d3be607 chore(deps): bump @ babel/preset-env from 7.16.0 to 7.16.4 (#4030)
• 25bace8 chore(deps): bump @ babel/plugin-transform-runtime (#4031)
• 6a5b58d docs: fix `--https` option alignment (#4028)
• fd8c54a chore: remove redundant `eslint-disable` comments (#4024)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic