[Snyk] Fix for 13 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 67 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.21.0 tech-conferences/confs.tech#860)
• e7525c9 test: nested url (Bump react-router from 7.0.2 to 7.1.3 tech-conferences/confs.tech#859)
• 7259faa test: css hacks (Bump tailwindcss from 3.4.13 to 3.4.17 tech-conferences/confs.tech#858)
• 5e6034c feat: allow to filter import at-rules (Bump husky from 9.1.6 to 9.1.7 tech-conferences/confs.tech#857)
• 5e702e7 feat: allow filtering urls (Bump mini-css-extract-plugin from 2.9.1 to 2.9.2 tech-conferences/confs.tech#856)
• 9642aa5 test: css stuff (Bump lint-staged from 15.2.10 to 15.4.1 tech-conferences/confs.tech#855)
• 3338656 fix: reduce number of require for url (Bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.20.0 tech-conferences/confs.tech#854)
• 533abbe test: issue 636 (Bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.19.1 tech-conferences/confs.tech#853)
• 08c551c refactor: better warning on invalid url resolution (Bump sass from 1.78.0 to 1.83.1 tech-conferences/confs.tech#852)
• b0aa159 test: issue Bump @types/node from 20.10.6 to 20.10.7 tech-conferences/confs.tech#589 (Remove conference in Tel Aviv tech-conferences/confs.tech#851)
• f599c70 fix: broken unucode characters (Bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.19.0 tech-conferences/confs.tech#850)
• 1e551f3 test: issue 286 (Add valid locations check tech-conferences/confs.tech#849)
• 419d27b docs: improve readme (Bump sass from 1.78.0 to 1.83.0 tech-conferences/confs.tech#848)
• d94a698 refactor: webpack-default (Bump @typescript-eslint/eslint-plugin from 7.18.0 to 8.18.1 tech-conferences/confs.tech#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Bump bfj from 9.0.2 to 9.1.1 tech-conferences/confs.tech#845)
• 8a6ea10 refactor: postcss plugins (Bump date-fns from 3.6.0 to 4.1.0 tech-conferences/confs.tech#844)
• fdcf687 fix: url resolving logic (Bump eslint-plugin-jsx-a11y from 6.10.1 to 6.10.2 tech-conferences/confs.tech#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Bump postcss-normalize from 13.0.0 to 13.0.1 tech-conferences/confs.tech#842)
• ee2d253 test: importLoaders option (When topic is general, don't allow other topics tech-conferences/confs.tech#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Bump the npm_and_yarn group with 3 updates tech-conferences/confs.tech#840)
• fe94ebc test: icss reserved keywords (Bump react-router from 6.28.0 to 7.0.2 tech-conferences/confs.tech#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Bump react-router-dom from 6.28.0 to 7.0.2 tech-conferences/confs.tech#838)

See the full diff

Package name: eslint

The new version differs by 10 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
• 5103ee7 Docs: Add Brackets integration (#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
• 2824d43 Docs: fix comment placement in a code example (#10799)
• 10690b7 Upgrade: devdeps and deps to latest (#10622)
• 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (#10764)

See the full diff

Package name: fork-ts-checker-webpack-plugin

The new version differs by 184 commits.

• 5ba6839 Release 5.0.0 (Do not default to JavaScript when adding a conference tech-conferences/confs.tech#445)
• d056616 feat: remove "incremental: true" from ts default options (iCal version of events tech-conferences/confs.tech#444)
• 188d44d feat: add issue.scope option (Update UX of CFP sorting tech-conferences/confs.tech#442)
• b865f1d fix: always pass compilation to issues hook (Added elm topic tech-conferences/confs.tech#443)
• e812f18 feat: overwrite other fields in tsconfig.json (Update webpack-dev-server version tech-conferences/confs.tech#440)
• 2b72fd0 fix: properly disconnect rpc client to be able to reconnect (Update tech-comm topic name tech-conferences/confs.tech#439)
• c4796b2 fix: include files that are outside project context (Update dependencies to enable Greenkeeper 🌴 tech-conferences/confs.tech#437)
• 1f7ae0d docs: update bug-report template by merging master into alpha branch
• aa8f74d feat: rename tsconfig option to configFile for consistency (No greenkeeper badge  tech-conferences/confs.tech#436)
• 944e0c9 feat: improve overall typescript performance (Conf search tech-conferences/confs.tech#435)
• a430979 feat: add `context` option for typescript reporter (Increase initial conference list from 150 to 600 tech-conferences/confs.tech#430)
• 503a948 fix: support webpack multi-compiler (Add groovy to configuration and readme tech-conferences/confs.tech#431)
• 9b3b9dd feat: add "mode" for typescript reporter (Internal server error when trying to add a scala conference tech-conferences/confs.tech#429)
• 2ba396d fix: respect eslint extensions in incremental check
• 8a10ca9 docs: add babel-loader example
• be9cd64 docs: add ts-loader example
• b5d5977 docs: add vscode-tasks example
• e59a8d2 chore: fix github actions release job
• 37b8944 feat: export `version` const for external tools (Updated text when submitting a conference tech-conferences/confs.tech#428)
• 5552f62 docs: update bug template to use eslint, not tslint
• 5665dac feat: change start hook to AsyncSeriesWaterfallHook (Add search ability tech-conferences/confs.tech#425)
• 8687c63 feat: support @ vue/compiler-sfc in the vue extension (Fix topic list display on Suggest a Conf w Firefox tech-conferences/confs.tech#423)
• f277444 fix: remove references to external typings (Add java topic tech-conferences/confs.tech#422)
• cfcc0fe fix: properly handle import modules with .vue suffix (Add Christian as contributor tech-conferences/confs.tech#420)

See the full diff

Package name: html-webpack-plugin

The new version differs by 139 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: ts-loader

The new version differs by 192 commits.

• 218718a drop support for < node 8 and republish 5.4.6 as 6.0.0 (#930)
• 9946fbc v5.4.6
• e13bee2 Update dependencies (#928)
• a6572ce internal: remove usage of hand crafted webpack typings (#927)
• 48626a9 add common appendTsTsxSuffixesIfRequired function to instance (#924)
• 0fd623f add node12 to travis build (#925)
• 77b8471 prepare 5.4.3 release
• 381a6a9 more .npmignore
• 3f8316a don't publish anything but ts-loader (#923)
• ea2fcf9 resolveTypeReferenceDirective support for yarn PnP (#921)
• 4692a22 ts 3.4 tests (#916)
• dc1dda8 edited broken link in README.md (#915)
• c1f3c4e update example (#912)
• 4a8df76 Feature/3.3 tests (#903)
• 58505c4 drop fast-incremental-builds example (#901)
• 4354cf8 fixed name of fork-ts-checker-webpack-plugin (#900)
• 4551893 there's way too many examples (#899)
• c9b1f31 add probot-stale https://github.com/probot/stale
• 92a2de9 Merge pull request #898 from TypeStrong/example-for-mcolyer
• ff9bc37 example of filter issue for @ mcolyer
• ba6f5c4 Merge pull request #884 from zerdos/master
• 92f0d70 migrate large comparison test to be execution test (#896)
• df04a56 release event not available so use push event and filter (#893)
• 177a985 add first github action! (#891)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)