[Snyk] Fix for 44 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 137 commits.

• 52ab250 v2.28.0
• 019f8ea fix: remove document.write (#2019)
• 3b0581e browser-sync-2017 use chalk everywhere (#2018)
• c1db647 v2.27.12
• 6a8133d build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (#2011)
• 61bfdd9 build(deps): bump cookiejar in /packages/browser-sync (#2006)
• 9d71626 build(deps): bump cookiejar in /packages/browser-sync-ui (#2005)
• f5fd00f build(deps): bump parse-url and lerna (#2000)
• 54d16e4 build(deps): bump minimist in /packages/browser-sync-ui (#1998)
• 98ae491 build(deps): bump minimist from 1.2.5 to 1.2.7 (#1997)
• 423d137 build(deps): bump socket.io-parser in /packages/browser-sync-ui (#1996)
• 9b46af3 build(deps): bump moment in /packages/browser-sync-ui (#1973)
• 769c4df build(deps): bump ua-parser-js in /packages/browser-sync (#2007)
• 01caeb3 v2.27.11
• 74873cc updated deps (#1995)
• 88527a8 Add CodeSee architecture diagram workflow to repository (#1972)
• f6965a6 v2.27.10
• e6c7bed Updated portscanner to 2.2.0 (#1960)
• 6a587ec fix readme's
• 91258ae Merge branch 'browser-sync-1946-esbuild'
• f48d6b4 👋 app veyor
• 30c24dc Merge pull request #1947
• 9d24de5 drop webpack from UI
• 7a00341 build client with esbuild

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-autoprefixer

The new version differs by 13 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6

See the full diff

Package name: gulp-imagemin

The new version differs by 29 commits.

• 2f7ecc9 8.0.0
• 1b4baf6 Require Node.js 12.20 and move to ESM
• ed39463 Move to GitHub Actions (#351)
• 8b40da0 Update readme lossless note (#346)
• 1cbb7c5 7.1.0
• 67cceb3 Update `imagemin-gifsicle` optional dependency
• 97432ea 7.0.0
• aacca91 Require Node.js 10
• 279a91b Replace jpegtran with mozjpeg (#336)
• f4a2255 6.2.0
• 0460c78 Add `silent` option (#331)
• dfdba76 6.1.1
• 165bf8b Make Gulp an optional peer dependency
• 6c35e59 6.1.0
• 92e224a Update dependencies
• 97cd1c3 6.0.0
• 6e091ed Require Node.js 8
• c1c3346 Create funding.yml
• 8e731f0 5.0.3
• 3e68bd4 Fix another regression of b57f1d6 (#318)
• 3ad32ab 5.0.2
• c7170ba Fix another regression in b57f1d6
• 51bb2ad 5.0.1
• 821dc8a Fix regression in b57f1d6 (#316)

See the full diff

Package name: gulp-sass

The new version differs by 15 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options

See the full diff

Package name: understrap

The new version differs by 250 commits.

• 1a9747b Merge pull request #1279 from understrap/release/0.9.6
• a2d77e7 Merge pull request #1273 from schnoggo/master
• 032d711 Updates version umber and changelog.
• 2169a04 Merge remote-tracking branch 'remotes/origin/includes' into release/0.9.6
• b67af17 Use get_theme_file_path() to make include files child theme friendly.
• a415b82 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/ua-parser-js-0.7.28' into update/dependencies
• 5033d8a Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/lodash-4.17.21' into update/dependencies
• a504ac2 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/hosted-git-info-2.8.9' into update/dependencies
• c53120c Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/postcss-8.2.10' into update/dependencies
• 78ed1e1 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/browserslist-4.16.6' into update/dependencies
• b40ada9 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/ws-7.4.6' into update/dependencies
• dc0f6e0 Make the credits links https.
• 2b7720e Merge pull request #1270 from understrap/point-release
• 9789232 increments version number.
• 60fff40 Bump ws from 7.4.3 to 7.4.6
• c7990df Bump browserslist from 4.16.1 to 4.16.6
• 78da2f7 Bump postcss from 8.2.9 to 8.2.10
• 8f761fc Bump hosted-git-info from 2.8.8 to 2.8.9
• 068e3af Bump lodash from 4.17.20 to 4.17.21
• 0dc4cc1 Bump ua-parser-js from 0.7.23 to 0.7.28
• 44edc3d Merge pull request #1251 from IanDelMar/deps
• 6f7e7dd Bump @ babel/preset-env from 7.13.12 to 7.13.15
• aa35e25 Bump @ babel/core from 7.13.14 to 7.13.15
• 34c6599 Bump squizlabs/php_codesniffer from 3.5.8 to 3.6.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Request Forgery (CSRF)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn