[Snyk] Fix for 1 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: del

The new version differs by 38 commits.

• cd0543e 6.0.0
• 6c99805 Require Node.js 10
• 1df5280 Readme tweaks
• 4acd962 Add tip about deleting subdirectories (#116)
• 1a0c36c Add mention of GitHub Sponsors
• 1e0d705 Tidelift tasks
• 892ce2a Make it clear that it recursively deletes directories (#113)
• 728cb7c Fix benchmark
• 557c1fa 5.1.0
• 12c443d Meta tweaks
• 01da91f Allow non-glob patterns with backslash on Windows (#100)
• 9c72270 Add benchmarks (#101)
• 1299747 Use graceful-fs (#108)
• f509a89 Update dependencies (#109)
• ca05c65 Sort removed files (#102)
• 51662ac Reverse order back for the returned paths (#99)
• 902b594 Meta tweaks
• ffbf4c4 Fix the `cwd` option (#96)
• 8efdbcd Prevent race condition on macOS when deleting files (#95)
• 9e7550b Add note about backward-slashes
• c071180 5.0.0
• a73462c Meta tweaks
• 6f96d2d Update globby to version 10 ([Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #64)
• 6e23f6a Tidelift tasks

See the full diff

Package name: gulp-imagemin

The new version differs by 29 commits.

• 2f7ecc9 8.0.0
• 1b4baf6 Require Node.js 12.20 and move to ESM
• ed39463 Move to GitHub Actions (#351)
• 8b40da0 Update readme lossless note (#346)
• 1cbb7c5 7.1.0
• 67cceb3 Update `imagemin-gifsicle` optional dependency
• 97432ea 7.0.0
• aacca91 Require Node.js 10
• 279a91b Replace jpegtran with mozjpeg (#336)
• f4a2255 6.2.0
• 0460c78 Add `silent` option (#331)
• dfdba76 6.1.1
• 165bf8b Make Gulp an optional peer dependency
• 6c35e59 6.1.0
• 92e224a Update dependencies
• 97cd1c3 6.0.0
• 6e091ed Require Node.js 8
• c1c3346 Create funding.yml
• 8e731f0 5.0.3
• 3e68bd4 Fix another regression of b57f1d6 (#318)
• 3ad32ab 5.0.2
• c7170ba Fix another regression in b57f1d6
• 51bb2ad 5.0.1
• 821dc8a Fix regression in b57f1d6 (#316)

See the full diff

Package name: gulp-sass

The new version differs by 15 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options

See the full diff

Package name: understrap

The new version differs by 250 commits.

• 1a9747b Merge pull request #1279 from understrap/release/0.9.6
• a2d77e7 Merge pull request #1273 from schnoggo/master
• 032d711 Updates version umber and changelog.
• 2169a04 Merge remote-tracking branch 'remotes/origin/includes' into release/0.9.6
• b67af17 Use get_theme_file_path() to make include files child theme friendly.
• a415b82 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/ua-parser-js-0.7.28' into update/dependencies
• 5033d8a Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/lodash-4.17.21' into update/dependencies
• a504ac2 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/hosted-git-info-2.8.9' into update/dependencies
• c53120c Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/postcss-8.2.10' into update/dependencies
• 78ed1e1 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/browserslist-4.16.6' into update/dependencies
• b40ada9 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/ws-7.4.6' into update/dependencies
• dc0f6e0 Make the credits links https.
• 2b7720e Merge pull request #1270 from understrap/point-release
• 9789232 increments version number.
• 60fff40 Bump ws from 7.4.3 to 7.4.6
• c7990df Bump browserslist from 4.16.1 to 4.16.6
• 78da2f7 Bump postcss from 8.2.9 to 8.2.10
• 8f761fc Bump hosted-git-info from 2.8.8 to 2.8.9
• 068e3af Bump lodash from 4.17.20 to 4.17.21
• 0dc4cc1 Bump ua-parser-js from 0.7.23 to 0.7.28
• 44edc3d Merge pull request #1251 from IanDelMar/deps
• 6f7e7dd Bump @ babel/preset-env from 7.13.12 to 7.13.15
• aa35e25 Bump @ babel/core from 7.13.14 to 7.13.15
• 34c6599 Bump squizlabs/php_codesniffer from 3.5.8 to 3.6.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.