[Snyk] Fix for 15 vulnerabilities

[baophucct]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:content-type-parser:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 98 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: fork-ts-checker-webpack-plugin

The new version differs by 250 commits.

• 5bdc643 refactor(dependency): update babel-code-frame to @ babel/code-frame (Merge react-scripts@2.x.x upstream wmonk/create-react-app-typescript#409)
• 07c31ef chore: update semantic-release configuration (Update ts-jest 22.0.1 -> 23.10.3 wmonk/create-react-app-typescript#410)
• 8cb608a chore(deps): bump acorn from 5.7.3 to 5.7.4 (updated ts-jest version  wmonk/create-react-app-typescript#399)
• 5fbc15a fix: measurement formatting as per SI rules (Update packages to remove typescript 2.0 dependencies. wmonk/create-react-app-typescript#402)
• 5be63fa fix: fix "ESLint fix option silently fails" issue (increased support for common image formats wmonk/create-react-app-typescript#401)
• 4013a3f fix: add a warning message for SIGINT
• 54a51c7 feat: Support ESLint fix option
• d083fc8 fix: properly output chained Typescript errors (Module is missing in production mode (webpack) wmonk/create-react-app-typescript#390)
• df98e98 Merge pull request Release 2.17 exists on npm but not in github tags? wmonk/create-react-app-typescript#385 from TypeStrong/fix/issue-363
• 642b5bf fix: prevent null-pointer error after killing child process
• 6ee3d7a Merge pull request (chore) tune up TypeScript compiler wmonk/create-react-app-typescript#381 from TypeStrong/dependabot/npm_and_yarn/handlebars-4.7.2
• 6f9cf64 Merge branch 'master' into dependabot/npm_and_yarn/handlebars-4.7.2
• 9887bd1 Merge pull request 'Plugin/Preset files are not allowed to export objects, only functions' when importing JS files wmonk/create-react-app-typescript#382 from kubilaysalih/master
• 1c82006 fix: change import of crypto
• 8cb3066 chore(deps): bump handlebars from 4.1.2 to 4.7.2
• 36a649a Merge pull request Makes getting started a one-liner wmonk/create-react-app-typescript#380 from TypeStrong/fix/declaration-files-dependency
• a9db0d0 fix: remove @ types/eslint dependency as eslint is optional
• 3c3b894 Merge pull request Fix errors on Travis - WIP wmonk/create-react-app-typescript#378 from TypeStrong/fix/semantic-release
• 27f2719 fix: bump patch version because of previous misconfiguration
• 5008da9 Merge pull request fix: TypeError in production build when targeting ES2015 wmonk/create-react-app-typescript#377 from TypeStrong/beta
• c7a1b2c chore: fix semantic-release config for the beta branch
• 27596fc Merge branch 'master' of github.com:TypeStrong/fork-ts-checker-webpack-plugin into beta
• ec647e2 chore: upgrade semantic-release to the stable version
• a0208ba feat: change configuration to support Node.js 6

See the full diff

Package name: html-webpack-plugin

The new version differs by 203 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: ts-jest

The new version differs by 250 commits.

• 6916e7b Merge pull request #650 from kulshekhar/kulshekhar-patch-1
• 54a30eb Bump the version (minor)
• 9e61969 Merge pull request #626 from huafu/feature/upgrade-babel-and-fix-tsconfig
• ef21f50 Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
• c67ba4d Merge pull request #649 from kulshekhar/greenkeeper/monorepo.react-16.4.2
• 9a6904f Merge branch 'master' of https://github.com/kulshekhar/ts-jest into feature/upgrade-babel-and-fix-tsconfig
• 8a94008 chore(package): update react-test-renderer to version 16.4.2
• 6e73fb9 chore(package): update react to version 16.4.2
• c947791 chore(package): update @ types/node to version 10.5.5 (#646)
• fd24ae6 Merge pull request #640 from jmheik/to-dev-deps
• e2028da Merge branch 'master' into to-dev-deps
• 4396dde Merge pull request #641 from jeznag/patch-1
• 7d78123 Merge branch 'master' into patch-1
• b38e4ca Add TypeScript ^3.0.0 as supported peer dependencies (#644)
• 1e287f3 Add more details on using module name mapper
• df71945 doc: adds troubleshooting wiki page links
• 0b2e406 Move dev only deps to devDependencies.
• fb5cd12 chore: simplify jest config test helper + moves test utils
• ddc8c32 chore: moves test-utils.ts in __helpers__ dir
• a5370cf Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
• db590d2 Update @ types/react to the latest version 🚀 (#631)
• 4fc3933 chore: changes after GeeWee review
• fbe4f1f perf: do not hash cache key, jest does it underneath
• 5ab100c fix: resolves correctly config file path (fix #636)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn