[Snyk] Fix for 7 vulnerabilities

[peterjoseph]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLPARSESTRINGIFY2-1079307	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 36 commits.

• e1572d9 2.0.0
• 2daf6a9 Bump dependencies
• b1e54b1 By default, select test and helpers inside 'tests' directories
• 677578f Replace individual lodash packages with the main package
• a53ea15 Define environment variables to be injected in the test file processes
• 626e58c 2.0.0-rc.1
• 51433be Implement helper for our ESLint plugin
• c10e38c Remove underline from Babel configuration validation errors
• 928ed14 Bump dependencies
• 98034fb Make the object printing depth configurable (#2121)
• f26634b 2.0.0-beta.2
• 80d72ff Bump dependencies
• 5f4c96f Further helper selection improvements
• ba5cd80 Fix TypeScript definition allowing macro-without-title-using-tests to be skipped
• 13a89e1 Reduce size of logo in readme
• 799eb91 Update domain name
• cb4c809 Make watch mode dependency tracking work with custom require hooks
• 08e99e5 Treat .spec.js files as test files
• 91b7641 Use underscore-prefixed helpers in documentation
• c2d8218 Improve the TypeScript definition `ObservableLike` type
• 5bae97c Fix sample test in Flow recipe
• 2762d3c Fix require path in Babel recipe
• 05f925f Fix sample test in TypeScript recipe
• 8a3f6ca Remove mention of the obsolete `devtool` package

See the full diff

Package name: babel-plugin-module-resolver

The new version differs by 20 commits.

• ff8a445 chore(release): 5.0.0
• c43e71c chore: Update dependencies and find-babel-config to fix json5 vulnerabilities (#441)
• f2daf06 docs: Valid install commands when using Github copy button (#426)
• f533cc2 chore(release): 4.1.0
• 57c53c3 chore: Run CI on node >= 10
• 91c053c chore: Update husky & lint-staged
• 2a14940 chore: Update standard-version to v9.0.0
• facf14c feat: Add new jest methods (#419)
• a3eba3a chore(deps): bump ini from 1.3.5 to 1.3.8 (#418)
• e4a1165 docs: update readme to include Intellij / Webstorm workaround for resolving aliases (#410)
• 8a3ac0f chore(deps): bump yargs-parser from 13.1.1 to 13.1.2 (#408)
• aac96f2 chore(deps-dev): bump standard-version from 7.0.1 to 8.0.1 (#401)
• 1179e27 chore(deps): bump lodash from 4.17.15 to 4.17.19 (#402)
• 5e3feaa docs: Add yarn install command (#394)
• a65c39a chore(release): 4.0.0
• a5045b0 chore: Add Test github action (#378)
• 0cef5ee chore: Update dependencies (#377)
• 8963f88 docs: Add Quasar Framework as a user using this lib (#364)
• f2173ee feat: Add support for alias with array of paths (#376)
• 77b1bc1 chore: Update Expo link (#370)

See the full diff

Package name: bcrypt

The new version differs by 107 commits.

• 2f124bd Fix artifact upload path
• 10eacf5 Prepare v5.0.1
• 6eacfe1 Merge pull request #856 from kelektiv/update-deps
• feb477c Update node-pre-gyp to 1.0.0
• 42c8b0c Merge pull request #852 from kelektiv/update-deps
• bafefc3 Update packages
• 7c5d8df Merge pull request #851 from recrsn/node-15-ci
• 1ba55f9 Add Node 15 to CI
• 19c06c1 Update Node version compatibility info
• 09cb4fc Merge pull request #825 from dogon11/patch-1
• 2821c03 Merge pull request #811 from techhead/use_buffers
• 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
• 984ef18 remove reference to $2y$ algo identifier
• 630c897 fixes: #828
• 0f93284 README.md typo fix
• 4125ebc Update README.md
• f503e57 Create SECURITY.md
• f158e6e Allow optional use of Node Buffers.
• 8866277 Deploy on any travis tag
• 61139e6 v5.0.0
• 1bde62c Update node-pre-gyp to 0.15.0
• 40770d6 Add NodeJS 14 to appveyor CI
• 5916a46 Merge pull request #807 from techhead/known_length
• f28e916 Reword comment

See the full diff

Package name: node-sass

The new version differs by 121 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: react-i18next

The new version differs by 250 commits.

• 2bd69a2 11.8.13
• e5c77c2 prepare version
• 4b9b8c5 Replace html-parse-stringify2 with html-parse-stringify (#1283)
• deb8b62 update razzle example
• e856175 update the new examples
• 4c005be Bump y18n from 3.2.1 to 3.2.2 in /example/react-native (#1289)
• 8bdb666 11.8.12
• 1e1bf1c rebuild
• e83da8a Merge pull request #1286 from TQjona/master
• 740c4e3 refactor: remove unneeded object
• ffbe35e 11.8.11
• 17b40b2 rebuild
• f9bfd55 Merge pull request #1284 from pedrodurek/master
• 83a62a2 update i18next dep
• 9aedf85 Fix DefaultNamespace conditional type
• 34c87ff Fix TransProps key to accept array of keys
• 228c55f 11.8.10
• 303dc11 rebuild
• 7e089dc Merge pull request #1276 from pedrodurek/master
• f9db6be Fix react-i18next path
• 408db63 Move types
• 44ad9cd 11.8.9
• 5215a4d rebuild
• 13c95ce Merge pull request #1273 from medihack/replaceable-i18n-instance

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn