[Snyk] Fix for 25 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-SVELTE-2414372	Yes	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-SVELTE-2931080	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-SVELTE-564437	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: copy-webpack-plugin

The new version differs by 96 commits.

• 832f139 chore(release): 4.4.3
• 522c2b5 chore(package): update `loader-utils` v0.2.15...1.1.0 (#152)
• 445d548 fix(index): `tapable` deprecation warnings (`webpack >= v4.0.0`) (#234)
• ee78c06 chore(release): 4.4.2
• 0eb2cd5 fix(src/): don't escape non-glob patterns (#230)
• 4e15c1c style(utils/promisify): add missing semicolons
• 2a6ec79 chore(release): 4.4.1
• dadac24 fix: replace `pify` with simpler promise helpers (#221)
• d0e17a1 docs(README): add missing comma in examples (#219)
• b95fe62 chore(release): 4.4.0
• aff71ee docs(README): standardize
• 6a16b3c fix: support `webpack >= v4.0.0`
• 7780271 chore(package): add `engines` field
• 42701b6 refactor(package): rm `test:nolint` script
• 9bf0d99 fix(package): add `prepare` script
• 685d9ff ci(travis): add node `lts/*` && `stable`
• 158f821 feat: use `compiler.inputFileSystem` instead `fs` (#205)
• ea0c05f fix(preProcessPatterns): support glob context paths with special characters (#208)
• f6c1ba7 refactor: avoid using `lodash` (#191)
• 7c8a403 chore(package): add `files` property to reduce package size (#187)
• 7f3486b chore(release): 4.3.1
• 6beb89e fix: `cache` behaviour (#196)
• 8a93598 docs(README): add `fromArg` option (`pattern.fromArgs`) (#190)
• 5f68d1d Merge pull request #186 from webpack-contrib/fix-cache-behaviour

See the full diff

Package name: css-loader

The new version differs by 191 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: d3

The new version differs by 202 commits.

• 1b8bada 7.0.0
• b98d63a update API
• 23b0212 Adopt type: module. (#3506)
• 0f01226 Fix broken markdown for link
• 5149a2f 6.7.0
• a8ebbc5 update d3-time, d3-scale
• 31d73d1 6.6.2
• 1836b64 update d3-scale
• 76c92ca 6.6.1
• ff34b4c d3-array 2.12.1
• cff66a4 add space
• b62d444 fix a typo in API.md
• 607a60f 6.6.0
• 11aa552 update dependencies
• 37cd9bf 6.5.0
• 73110b9 d3-array 2.11
• 12336e3 6.4.0
• afd34bb update dependencies
• e9fee2c 6.3.1
• ec388d8 Update d3-array.
• a8baadf 6.3.0
• 4d3baf7 Update d3-array.
• 3c63660 6.2.0
• ffb43e6 Update d3-array, d3-scale.

See the full diff

Package name: d3-scale-chromatic

The new version differs by 47 commits.

• 2aa3ad2 3.0.0
• 8fc14d0 Adopt type=module (Bump svelte from 1.38.0 to 3.49.0 distillpub/post--feature-visualization#37)
• 90e7c02 v2.0.0
• 540ea6d d3 dependencies
• b8f6fa4 Merge pull request Add appendix links for branches distillpub/post--feature-visualization#26 from d3/two
• ca0e283 yarn.lock
• 7d1a33f v2.0.0-rc.1
• 779eef1 Merge branch 'master' into two
• 1ae2a28 links to @ 6 versions
• 7def264 Merge pull request s/these/this distillpub/post--feature-visualization#30 from curran/patch-1
• 0510300 Fix match the text in joint optimization diagram default view distillpub/post--feature-visualization#29
• 6e96e58 deliberate ES6 syntax
• cafd1a3 Update README.md
• 05e76da 1.5.0
• e2fb5cb Fix irregular whitespace.
• be6fb1f Update d3-color.
• d22e006 Mark the package as having no side-effects
• f15e0f6 Add interpolateCividis. Fixes Gram matrix notation unclear - multiplication seems element-wise, but is actually a dot product distillpub/post--feature-visualization#15.
• 8be01a8 Add interpolateTurbo.
• fcae297 1.4.0
• b26f93c Update README.
• 5bcfc81 Merge branch 'master' of https://github.com/akngs/d3-scale-chromatic into akngs-master
• 8b4a76c Standardize dependencies. Standardize dependencies. d3/d3#3337
• 7309166 Use explicit files when publishing. Use explicit files when publishing. d3/d3#3335

See the full diff

Package name: file-loader

The new version differs by 15 commits.

• 5d8f73e chore(release): 0.10.1
• a8358a0 fix(getOptions): deprecation warn in loaderUtils (#129)
• b01526a Merge pull request #123 from simon04/master
• 32aada7 Remove license link
• 2d239df chore(release): 0.10.0
• ba2e876 ci(Travis): update to webpack standard build
• d82e8de docs(readme): update urls for contrib move
• eaeaa0e docs(readme): fix icon url
• 6fec719 chore(release): add standard version & documentation
• 3e5985a docs(readme): fix maintainers section look
• b5ea427 chore(readme): Update to webpack standard format
• 1462d4b chore(license): add js foundation LICENSE file
• 6833c70 feat(resources): specify custom public file name
• 0727efe chore(issues): add issue templates
• 9fdd47e Add -loader suffix to README to reflect new loader syntax webpack 2 requirement

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: svelte

The new version differs by 250 commits.

• 52153db -> v3.49.0
• 3798808 update changelog
• 0fa0a38 [fix] export CompileOptions (#7658)
• a3ecb44 update changelog
• 7e1691c [fix] support @ layer (#7514)
• 4583b17 Update CHANGELOG.md
• 02f60fb [fix]destroy empty component (#7492)
• 31e5f8b [docs] "What's new in Svelte" July newsletter (#7637)
• 6f57571 [feat] add convenience types ComponentType and ComponentProps (#6770)
• 2f562d9 [docs] use npm create instead of npm init (#7641)
• d7557e1 [docs] remove v2 -> v3 converter mention (#7597)
• ecb29aa Update changelog
• f8605d6 [fix] harden attribute escaping during ssr (#7530)
• 9635a2e [chore] remove nyc stuff (#7601)
• 346c27d [chore] update changelog (#7602)
• cab5e73 [docs] fix typo in 02-template-syntax.md (#7593)
• 7630a25 [docs] update getting started info (#7573)
• 9dc308a cleanup PR links in last blog post
• d9cc0ff [docs] "What's new in Svelte" June newsletter (#7565)
• a4fa98c Update CHANGELOG.md
• 6776fe0 fix to apply class directive for svelte:element (#7531)
• 5242ab9 [docs] Fix statement about the order of bind: and on: (#7357)
• 8b828a4 [docs] clarify array methods that won't trigger reactivity (#7073)
• 0ed6ebe [fix] remove duplicate semicolon (#7534)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request #8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request #8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request #8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for #8293
• af123a8 Merge pull request #8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request #8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request #8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request #8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn