[Snyk] Fix for 39 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Yes	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Yes	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 27 commits.

• 43179a8 chore(release): 1.0.0
• 3d53968 Merge remote-tracking branch 'origin/master'
• 240db53 version 1.0 (Style guide will not load (browser hangs) styleguidist/react-styleguidist#742)
• 1b7acf7 Merge remote-tracking branch 'origin/master'
• 1703721 docs(README): add more context to `localIdentName` (Disable HMR option styleguidist/react-styleguidist#711)
• 1c51265 docs(README): fix malformed emoji (Easy way to set style to body styleguidist/react-styleguidist#701)
• 50f8ec0 Merge remote-tracking branch 'origin/master'
• 07444ad tests: css custom variables (add prettier for .md files styleguidist/react-styleguidist#709)
• 3de8aa7 tests: css custom variables (add prettier for .md files styleguidist/react-styleguidist#709)
• df497db chore(release): 0.28.11
• c788450 fix(lib/processCss): don't check `mode` for `url` handling (`options.modules`) (unable to customize TabButtonRenderer  styleguidist/react-styleguidist#698)
• c35d8bd chore(release): 0.28.10
• 9f876d2 fix(getLocalIdent): add `rootContext` support (`webpack >= v4.0.0`) (Update Webpack.md styleguidist/react-styleguidist#681)
• 0452f26 test: hashes inside `@ font-face` url (Styleguide previews have extra unstyled wrappers styleguidist/react-styleguidist#678)
• 630579d chore(release): 0.28.9
• 604bd4b chore(package): update dependencies
• d1d8221 fix: ignore invalid URLs (`url()`) (Navigation is broken styleguidist/react-styleguidist#663)
• 0fc46c7 chore(release): 0.28.8
• 333a2ce chore(package): update `dependencies`
• 39773aa ci(travis): use `npm`
• 8897d44 fix: proper URL escaping and wrapping (`url()`) ((feat): Adds componentDidCatch() to top-level component styleguidist/react-styleguidist#627)
• 0dccfa9 fix(loader): correctly check if source map is `undefined` (Styleguidist tries to render code blocks without language tag styleguidist/react-styleguidist#641)
• d999f4a docs: Update importLoaders documentation (Support childContextTypes styleguidist/react-styleguidist#646)
• 05c36db test: removed redundant `modules` argument (webpackConfig resolve.extensions doesn't have any effect styleguidist/react-styleguidist#599)

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn