[Snyk] Fix for 2 vulnerabilities

[baophucct]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fork-ts-checker-webpack-plugin

The new version differs by 250 commits.

• 04581f4 fix(dependency): updating chokidar as per original issue
• 032475e feat: add nativescript-vue-template-compiler support (Replace TSLint with CRA's ESLint config wmonk/create-react-app-typescript#354)
• 73e3903 fix: convert afterCompile to emit (Allow to configure source map type wmonk/create-react-app-typescript#353)
• 074b2bf fix: revert 2.0.0 afterCompileCallback changes (Global test functions in setupTests.ts wmonk/create-react-app-typescript#352)
• 594bed1 chore(deps-dev): bump lodash from 4.17.11 to 4.17.13
• dd410b0 fix: change fork-ts-checker-emit to fork-ts-checker-after-compile
• b135193 refactor: rename emitCallback to afterCompileCallback
• 2e3aedd fix: replace emit hook with afterCompile
• ac95f23 doc: fix formatting of the REAMDE.md header
• 16c32c6 chore(deps): bump mixin-deep from 1.3.1 to 1.3.2
• 9c37ebc feat: add devcontainer support (Verbose output during build? wmonk/create-react-app-typescript#334)
• 73a0b9a fix types for eslint option (Is using react *.tsx components from an npm package something that should work ? wmonk/create-react-app-typescript#348)
• da2db52 Revert "fix: log everything to stderr, not stdout (Revert "Stick @types/node to 9.6.7 to avoid problems with 10.0.0" wmonk/create-react-app-typescript#321)" (Adding custom config for babel wmonk/create-react-app-typescript#345)
• 1621fd5 chore(deps): bump eslint-utils from 1.3.1 to 1.4.2
• a89fdaf fix: log everything to stderr, not stdout (Revert "Stick @types/node to 9.6.7 to avoid problems with 10.0.0" wmonk/create-react-app-typescript#321)
• 4e8c6f9 feat: apply clickable filename format to codeframeFormatter (Error: Cannot find module 'react-dev-utils/workspaceUtils' wmonk/create-react-app-typescript#320)
• 39fbffb fix: eslint excludes .json & ignored files (feat(webpack): support debug package & associated env wmonk/create-react-app-typescript#316) (The less template has errors on start after clean install wmonk/create-react-app-typescript#318)
• f292028 fix: handle unhandled "write EPIPE" error (Jest: Test cases with TypeScript errors report as 'pass' wmonk/create-react-app-typescript#306)
• cb31cae fix: do not lint tsconfig.json (Subsequent property declarations must have the same type - Compilation error wmonk/create-react-app-typescript#313)
• 34b16c5 docs: clarify `watch` option (n/a with useTypescriptIncrementalApi) (Typings error on start without any modifications wmonk/create-react-app-typescript#311)
• 544f205 feat: add eslint typescript support (fix(modules): remove duplicate mjs from jest config wmonk/create-react-app-typescript#305)
• cae170b chore(deps): bump lodash.template from 4.4.0 to 4.5.0
• 0c93455 docs: add the "Credits" section in README.md
• 9f431ad docs: change all references from Realytics to TypeStrong

See the full diff

Package name: ts-jest

The new version differs by 250 commits.

• 6916e7b Merge pull request #650 from kulshekhar/kulshekhar-patch-1
• 54a30eb Bump the version (minor)
• 9e61969 Merge pull request #626 from huafu/feature/upgrade-babel-and-fix-tsconfig
• ef21f50 Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
• c67ba4d Merge pull request #649 from kulshekhar/greenkeeper/monorepo.react-16.4.2
• 9a6904f Merge branch 'master' of https://github.com/kulshekhar/ts-jest into feature/upgrade-babel-and-fix-tsconfig
• 8a94008 chore(package): update react-test-renderer to version 16.4.2
• 6e73fb9 chore(package): update react to version 16.4.2
• c947791 chore(package): update @ types/node to version 10.5.5 (#646)
• fd24ae6 Merge pull request #640 from jmheik/to-dev-deps
• e2028da Merge branch 'master' into to-dev-deps
• 4396dde Merge pull request #641 from jeznag/patch-1
• 7d78123 Merge branch 'master' into patch-1
• b38e4ca Add TypeScript ^3.0.0 as supported peer dependencies (#644)
• 1e287f3 Add more details on using module name mapper
• df71945 doc: adds troubleshooting wiki page links
• 0b2e406 Move dev only deps to devDependencies.
• fb5cd12 chore: simplify jest config test helper + moves test utils
• ddc8c32 chore: moves test-utils.ts in __helpers__ dir
• a5370cf Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
• db590d2 Update @ types/react to the latest version 🚀 (#631)
• 4fc3933 chore: changes after GeeWee review
• fbe4f1f perf: do not hash cache key, jest does it underneath
• 5ab100c fix: resolves correctly config file path (fix #636)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption