[Snyk] Fix for 33 vulnerabilities

[DmytroSkrypnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ESM-72880	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: d3-scale

The new version differs by 91 commits.

• f7cb35b 4.0.0
• 120ad7a adopt InternMap for ordinal scales (#237)
• ac30873 Adopt type=module (#246)
• 2b7db62 3.3.0
• f3cfd2c update dependencies
• 80ff9b2 adopt d3-time’s ticks
• 8afe6bd 3.2.4
• 60e10c4 update dependencies
• 116ac06 Treat null as undefined. (#241)
• c7efc99 3.2.3
• 5d3e9c3 Update d3-array.
• 1ff6522 yarn
• 957482b Update tickFormat.js
• 42d546e scaleQuantile performance fixup
• 0a427eb time_copy is part of the API but was missing from the README
• 1dd3f5a Merge pull request #219 from d3/links-v6
• 8460207 v3.2.2
• 6169111 d3 dependencies
• 0a55cc8 Merge pull request #210 from domoritz/fix-nice
• 5046251 links to d3@6 versions
• d0a2fe4 fix documentation: the diverging scale's default domain is [0, 0.5, 1]
• da99948 Use var
• 0932d15 Merge pull request #211 from oluckyman/patch-1
• 2751067 Fix a typo

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 36ced0a 5.0.0
• 5fd5632 Build: changelog update for 5.0.0
• 0feedfd New: Added max-lines-per-function rule (fixes #9842) (#10188)
• daefbdb Upgrade: eslint-scope and espree to 4.0.0 (refs #10458) (#10500)
• 077358b Docs: no-process-exit: recommend process.exitCode (#10478)
• f93d6ff Fix: do not fail on unknown operators from custom parsers (fixes #10475) (#10476)
• 05343fd Fix: add parens for yield statement (fixes #10432) (#10468)
• d477c5e Fix: check destructuring for "no-shadow-restricted-names" (fixes #10467) (#10470)
• 7a7580b Update: Add considerPropertyDescriptor option to func-name-matching (#9078)
• e0a0418 Fix: crash on optional catch binding (#10429)
• de4dba9 Docs: styling team members (#10460)
• 5e453a3 Docs: display team members in tables. (#10433)
• b1895eb Docs: Restore intentional spelling mistake (#10459)
• a9da57d 5.0.0-rc.0
• 3ac3df6 Build: changelog update for 5.0.0-rc.0
• abf400d Update: Add ignoreDestructing option to camelcase rule (fixes #9807) (#10373)
• e2b394d Upgrade: espree and eslint-scope to rc versions (#10457)
• a370da2 Chore: small opt to improve readability (#10241)
• 640bf07 Update: Fixes multiline no-warning-comments rule. (fixes #9884) (#10381)
• 831c39a Build: Adding rc release script to package.json (#10456)
• dc4075e Update: fix false negative in no-use-before-define (fixes #10227) (#10396)
• 3721841 Docs: Add new experimental syntax policy to README (fixes #9804) (#10408)
• d0aae3c Docs: Create docs landing page (#10453)
• fe8bec3 Fix: fix writing config file when `source` is `prompt` (#10422)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 5 commits.

• 60c8e5f chore(deps): upgrade `postcss` to `7` ([Snyk] Fix for 1 vulnerabilities #51)
• 7974ef7 Update README.md ([Snyk] Fix for 1 vulnerabilities #47)
• d9d3955 Revert "Revert Autoremoval of 0% Basis" ([Snyk] Fix for 1 vulnerabilities #46)
• bae98c0 Push changelog
• fe6215e Revert Autoremoval of 0% Basis ([Snyk] Security upgrade react-map-gl from 4.1.16 to 5.0.0 #43)

See the full diff

Package name: postcss-loader

The new version differs by 73 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (#375)
• 114db12 docs(README): add autoprefixing example (#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (#379)

See the full diff

Package name: react-router-dom

The new version differs by 41 commits.

• 0c9a10d v5.0.1
• b0bb959 Update package locks
• 8ed894f add hooks option to scroll restoration docs (#6762)
• 0f5d701 Small code change in matchPath.md (#6761)
• caa9950 esModule: false fix read only TypeError in expors (#6758)
• bd436ce Merge branch 'website'
• a38ef04 Don't override path in NavLink component. Fixes #6613 (#6623)
• 97f0eee Removing "update blocking" content (#6652)
• 56c829b fix(react-router): Allow string and object refs in withRouter (#6680)
• aeccaeb Updated some devDependencies to fix audit warnings (#6741)
• 48a97bf Fix build on windows. (#6740)
• 82ce94c prevent reload of page if an error occurs in onClick event handler (#6711)
• 7bd1407 matchPath: Fixed exception thrown if `path` is undefined (#6715)
• 67df646 use huskyrc file (#6706)
• 29155fc Update matchPath docs (#6703)
• 3ccbd19 Add a default value for context in StaticRouter.navigateTo (#6698)
• f7c8e56 Fix website internal links not prepended with public path (#6678)
• 992af48 Switch to mini-create-router-context (#6692)
• 2ce1d32 call createLocation on 'to' regardless of type (#6690)
• 10d78bb withRouter: Directly use RouterContext instead of Route. (#6685)
• 017f692 Fixed maximum update depth exceeded caused by Redirect. (#6674)
• f9849c8 Pin create-react-context to 0.2.2 (#6682)
• 6a99c93 fix: set DisplayName correctly for Named Context (#6677)
• 13b044a Document Redirect sensitive prop. (#6676)

See the full diff

Package name: recharts

The new version differs by 250 commits.

• 3115b4d build 2.1.3
• 6f2551e fix: Customized component has no key (#2637)
• f5b8414 Fix XAxis scale propery type (#2641)
• ae02a4d Update README.md (#2649)
• 9aba237 build 2.1.2
• 300f726 Fix fragment children (#2481)
• 2805e0b fixes undefined field reference when optional variables not supplied (#2630)
• 89f3232 build 2.1.1
• c3381af fix: responsive container (#2622)
• 213d4a9 fix: fix format
• 8da1b74 build 2.1.0
• 2093a6b Wrap ResponsiveContainer with forwardRef (#2612)
• 281ea48 Add chart type to tooltip payload (#2599)
• 857663f Fix for recharts issue #1787 (#2604)
• af948a7 build 2.0.10
• 40a18f8 fix: show scatter chart tooltip cross cursor (#2592)
• 94e5808 Update Bar.tsx (#2582)
• e91fad3 Merge pull request #2516 from ckotyan/patch-1
• d857b4e Merge pull request #2512 from andy128k/patch-1
• e90a4e1 Merge pull request #2477 from bsell93/patch-1
• 8340d63 Merge pull request #2457 from anselmpaul/master
• 35840a0 Passthrough position attribute on createLabeledScales
• a0ab49c Fix barchart for a single data point
• d0b5781 allow automated axis padding for "gap" and "no-gap"

See the full diff

Package name: style-loader

The new version differs by 22 commits.

• 5d73db7 chore(release): 0.20.0
• 08ce425 chore(package): update dependencies
• 28f603f refactor: remove comments from bundle source code
• dda8b89 test: rename && update HMR tests
• 23c3567 fix(options): add `transform` option validation (`{String}`)
• e0c4b19 fix(options): support passing a `{Function}` (`options.insertInto`)
• ac8430c ci(travis): update `node` v4.3.0...4.8.0
• 0eb8fe7 feat: support passing a `{Function}` (`options.insertInto`) (#279)
• 3a4cb53 fix(index): enable HMR in case `locals` (`css-modules`) are unchanged (#298)
• 9b46128 fix(addStyles): check if `HTMLIFrameElement` exist (#296)
• a7734e6 chore(package): update repository url (#290)
• 6ca2ecb chore(release): 0.19.1
• 2bfc93e fix(addStyles): correctly check `singleton` behavior when `{Boolean}` (`options.singleton`) (#285)
• 57c457d docs: fixed missing commas in configuration examples (#266)
• c9707f1 chore(release): 0.19.0
• 378e906 feat: add option to enable/disable HMR (`options.hmr`) (#264)
• 67120f8 feat: support 'before' insertions (`options.insertAt`) (#253)
• a2ae3ac docs(README): fix bash code highlight (#262)
• ce53bd9 docs(readme): fix typo (#260)
• 57e171f docs: Fixes typo in readme (#258)
• 01ceef8 docs(README): fix example (`options.insertInto`) (#251)
• 25e8e89 feat: add support for iframes (`options.insertInto`) (#248)

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (#87)
• 636ebed feat: add `fallback` option (#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (#89)
• 2de70bb docs(README): fix typo in example (#81)
• ced5990 feat(index): add options validation (`schema-utils`) (#78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request #8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request #8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request #8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for #8293
• af123a8 Merge pull request #8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request #8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request #8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request #8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5280ee7 docs: fix typo
• d834582 chore(release): 4.7.3
• 7b8c85b chore(deps): update `selfsigned` (#4170)
• d598325 chore: fix lint
• c1907f1 refactor: remove redundant `if` statements (#4158)
• e535f25 ci: debug (#4144)
• 75999bb chore(release): 4.7.2
• 90a96f7 ci: fix (#4143)
• f6bc644 fix: compatible with `onAfterSetupMiddleware`
• 317e4b9 docs: fix testing instructions (#4133)
• ff4550e test: remove redundant test cases related to 3rd party code (#4131)
• 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
• afe4975 chore(release): 4.1.7
• 4e5d8ea fix: droped `url` package (#4132)
• b0c98f0 chore(release): 4.7.0
• 3138213 chore(deps): update (#4127)
• 8f02c3f feat: added types
• f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
• 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
• f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
• c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
• 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
• f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
• c13aa56 feat: added the `setupMiddlewares` option (#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn