[Snyk] Fix for 24 vulnerabilities

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:cryptiles:20180710	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 28 commits.

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (Working prototype of writable facts UI. getguesstimate/guesstimate-app#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base (We need to compare expressions now, not inputs. getguesstimate/guesstimate-app#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference (Edit option should not close on click if disabled. getguesstimate/guesstimate-app#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert Change readableId color if item is input getguesstimate/guesstimate-app#584 (Display deleted metric or fact inputs as '??' getguesstimate/guesstimate-app#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• 020d012 Treat type alias declarationlike function declaration (Change readableId color if item is input getguesstimate/guesstimate-app#584)
• b400cb1 Test eslint5, update peerDep (Suggest the shortest shared prefix. getguesstimate/guesstimate-app#690)
• c333bd6 Drop old monkeypatching behavior (Fix positional decorators. getguesstimate/guesstimate-app#689)
• 6aa8b6f 9.0.0
• c7ee9ae Bump to babel@7.0.0 🎉 (Adds fact deletion logic and buttons. getguesstimate/guesstimate-app#676)
• 3ece549 Docs: Make the default parserOptions more explicit (Adding basic edit capability to the facts. getguesstimate/guesstimate-app#673)
• 0b36951 Add logical assignment plugin (Improvements to the new fact variable name autofill getguesstimate/guesstimate-app#674)
• 5856ff5 Bump some devDeps
• 45938d9 build(deps): upgrade @ babel/* to 7.0.0-rc.2 (Release 07/29 getguesstimate/guesstimate-app#668)
• bc97875 9.0.0-beta.3
• 74c5d62 update lock
• 6a45632 chore - fixing eslint-scope to a safe version; resolves Calculator fixes getguesstimate/guesstimate-app#656. (Calculator expand button should go to the space with the calculator open in the compressed view. Closes 628. getguesstimate/guesstimate-app#657)
• e0119e0 9.0.0-beta.2
• 198964b Merge pull request Allows proper comma usage in inputs. Closes 625. getguesstimate/guesstimate-app#645 from rubennorte/support-new-flow-syntax-in-scope-analysis

See the full diff

Package name: extract-text-webpack-plugin

The new version differs by 177 commits.

• cc3ba94 chore(release): 3.0.2
• d5a1de2 fix: refer to the `entrypoint` instead of the first `module` (`module.identifier`) (Take snapshots in specific stages getguesstimate/guesstimate-app#601)
• 5286ab2 build(defaults): update to v1.6.0 (Fixes to calculator help pane getguesstimate/guesstimate-app#652)
• 4cfde50 chore(release): 3.0.1
• 8de6558 fix: get real path from `__filename` instead of `__dirname` (`NS`)
• 510704f fix(index): stricter check for `shouldExtract !== wasExtracted` (07/12 Release getguesstimate/guesstimate-app#605)
• 6a660f3 docs(README): update install instructions (Trash can in space menu getguesstimate/guesstimate-app#570)
• 083a6c8 docs(README): add custom `[contenthash]` formats (Move text suggestion to lib getguesstimate/guesstimate-app#566)
• d7a75fc chore(release): 3.0.0
• 7ae32d9 refactor: Apply webpack-defaults & webpack 3.x support (Using the proper server path alias and restyling imports. getguesstimate/guesstimate-app#540)
• dd43832 fix: add missing `options.ignoreOrder` details in Error message (06/20 Release 2 getguesstimate/guesstimate-app#539)
• e81b883 chore(release): 2.1.2
• 8766821 fix(index): resolve schemas relative to `__dirname` (Tracking for auto fill behavior. getguesstimate/guesstimate-app#536)
• 0271b39 chore(release): 2.1.1
• e595417 fix: don't extract from common async chunks (Organization creation improvements getguesstimate/guesstimate-app#508)
• a8ae003 chore(package): fix broken links && update devDependencies (Beta distribution shouldn't offer option to change distribution types. Closes 355. getguesstimate/guesstimate-app#531)
• c3cb091 fix(loader): rm unnecessary `this.cacheable` (caching) (06/15 Release 2 getguesstimate/guesstimate-app#530)
• eaa5236 docs: rm `RELEASE.md` (Center metric modal by increasing width slightly. Closes 226. getguesstimate/guesstimate-app#532)
• 671e35e chore(package): update `webpack-sources` v0.1.0...1.0.1 (Hide overflow scroll bars in embed getguesstimate/guesstimate-app#526)
• dfeb347 fix: validation schema (`schema-utils`) (Revamped Plan & Pricing Page getguesstimate/guesstimate-app#527)
• d0e88d0 docs(README): add lead-in description (Use less hacky way of hiding upgrade button getguesstimate/guesstimate-app#517)
• 58dd5d3 fix: add a not null check for the content property before throwing error (Main page update getguesstimate/guesstimate-app#404)
• 6c50d8e Update README.md (Points should get statistics too, for rendering. getguesstimate/guesstimate-app#469)
• c63dc04 docs(README): clarify to set allChunks option when using CommonsChunkPlugin (The space sidebar should only re-render when necessary. getguesstimate/guesstimate-app#476)

See the full diff

Package name: precss

The new version differs by 23 commits.

• 9556604 4.0.0
• ec41a10 Update dependencies
• 2c81353 3.1.2
• 298a55f 3.1.1
• c675034 Add list of plugins to readme
• a1a0949 3.1.0
• 8876377 Use PostCSS Preset Env
• aaedc9e Update CHANGELOG.md
• 2fe95ae Use consistent package.json dependencies versioning
• bafe9c3 3.0.0
• 559e84d 2.0.0
• a229fd8 package.json
• 867b221 Update plugin organization
• bd71070 Merge branch 'master' of github.com:jonathantneal/precss
• 6c51f13 PostCSS 6 - updated dependencies
• d25d0ac README.md - Use scss for code blocks
• cd3279d Merge pull request Guesstimates in models get copied hundreds of times getguesstimate/guesstimate-app#85 from jboelen/patch-1
• 2935fae .travis.yml - Node 4
• c2520f6 Merge pull request Add an Faq getguesstimate/guesstimate-app#72 from pacosegovia/master
• eb4866f Merge pull request Correlations getguesstimate/guesstimate-app#79 from RobLoach/fix-tests
• 1ba6285 Update postcss-partial-import dependency
• b9f8293 Fix the tests
• 04635ea Update README.md

See the full diff

Package name: surge

The new version differs by 10 commits.

• 86f3b43 changes default message on card input
• 693f773 Merge branch 'onfido-improvement/clean-dependencies'
• e1a474a Fixed insecure dev dependency nixt
• 826926d removed unused du dependency
• b6d0794 Fixed versions for inquirer and mocha in package.json
• a81e5b5 increased test timeouts to make them pass
• 129b396 Bumped insecure dependencies
• 1b947a5 Merge branch 'master' of github.com:sintaxi/surge
• aca262d updates project output
• 4044eb8 updates tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn