[Snyk] Fix for 29 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 35 commits.

• 2b55728 v2.26.9
• 2bf8812 v2.26.8
• 0f3cc0b fix: npm audit fixes (root)
• ba1f09f fix: npm audit fixes
• d89252a Merge pull request #1749 from ProLoser/securityFix
• df81272 Merge pull request #1771 from tolulawson/master
• 64f87b9 Merge pull request #1768 from fozzleberry/bump-http-proxy-1.18.1
• 43dc459 Merge pull request #1725 from nitinbansal1989/master
• 894d031 -- Corrected codesync tagline
• 0667104 used correct syntax on bump
• 938e611 bumped node engines to >= 8.0.0
• 20a0334 bumped http proxy to >=1.18.1
• c103029 Security fix for #1649
• 864c9f1 upgrade chokidar version
• 2191369 v2.26.7
• 53f9b36 docs: readme
• 0b3d98b v2.26.6
• fdfc681 tests: add e2e tests to package.json
• c56cfd9 Merge pull request #1698 from emeitch/fix_deprecated_header
• 2fd598f Merge pull request #1690 from XhmikosR/xmr-ci
• 841ccd5 Merge pull request #1694 from coliff/patch-1
• 209c9c1 Merge pull request #1697 from gaards/update-localtunnel
• 87bee4b Use getHeaders or _headers
• 77abfd3 Update localtunnel

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-imagemin

The new version differs by 29 commits.

• 2f7ecc9 8.0.0
• 1b4baf6 Require Node.js 12.20 and move to ESM
• ed39463 Move to GitHub Actions (#351)
• 8b40da0 Update readme lossless note (#346)
• 1cbb7c5 7.1.0
• 67cceb3 Update `imagemin-gifsicle` optional dependency
• 97432ea 7.0.0
• aacca91 Require Node.js 10
• 279a91b Replace jpegtran with mozjpeg (#336)
• f4a2255 6.2.0
• 0460c78 Add `silent` option (#331)
• dfdba76 6.1.1
• 165bf8b Make Gulp an optional peer dependency
• 6c35e59 6.1.0
• 92e224a Update dependencies
• 97cd1c3 6.0.0
• 6e091ed Require Node.js 8
• c1c3346 Create funding.yml
• 8e731f0 5.0.3
• 3e68bd4 Fix another regression of b57f1d6 (#318)
• 3ad32ab 5.0.2
• c7170ba Fix another regression in b57f1d6
• 51bb2ad 5.0.1
• 821dc8a Fix regression in b57f1d6 (#316)

See the full diff

Package name: gulp-sass

The new version differs by 15 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options

See the full diff

Package name: gulp-sourcemaps

The new version differs by 18 commits.

• 2bcfcbb 3.0.0
• d8bed0c Merge pull request #373 from adrian3d/update/doc-gulp-4
• 5686db3 Merge pull request #380 from kennyr87/gh-378/upgrade-css
• 2c66b2c Depdenency: Upgrade css to v3.0.0
• 9a9289b Breaking: Drop Node <6 support & upgrade identity-map which uses changes CSS sourcemaps (#376)
• 11d1e31 Update doc to gulp 4
• bd0aeb0 Docs: Temporarily point at phated/gulp-sourcemaps for AppVeyor badge
• 7e69e97 Build: Ensure tests pass on Windows
• 404eb5b Docs: Update badges
• 8a22ecc Scaffold: Convert repository to use gulp patterns (closes #357) (#367)
• 06cf0f0 2.6.5
• 8f68c5f Merge pull request #366 from gulp-sourcemaps/issue-363
• 178b1b7 issue-363: trying to get to 100% coverage again
• 3286f8f fixing older node code for es5
• 27e4c8b fixing linting errors
• 1de522e cleaning things up to get coverage up
• 01c802f issue-363: cleaned up commentFormatter code to handle css correctly on preExisting
• 5a99012 Use proper comment format for css with pre-existing comment.

See the full diff

Package name: understrap

The new version differs by 250 commits.

• 1a9747b Merge pull request #1279 from understrap/release/0.9.6
• a2d77e7 Merge pull request #1273 from schnoggo/master
• 032d711 Updates version umber and changelog.
• 2169a04 Merge remote-tracking branch 'remotes/origin/includes' into release/0.9.6
• b67af17 Use get_theme_file_path() to make include files child theme friendly.
• a415b82 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/ua-parser-js-0.7.28' into update/dependencies
• 5033d8a Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/lodash-4.17.21' into update/dependencies
• a504ac2 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/hosted-git-info-2.8.9' into update/dependencies
• c53120c Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/postcss-8.2.10' into update/dependencies
• 78ed1e1 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/browserslist-4.16.6' into update/dependencies
• b40ada9 Merge remote-tracking branch 'remotes/origin/dependabot/npm_and_yarn/ws-7.4.6' into update/dependencies
• dc0f6e0 Make the credits links https.
• 2b7720e Merge pull request #1270 from understrap/point-release
• 9789232 increments version number.
• 60fff40 Bump ws from 7.4.3 to 7.4.6
• c7990df Bump browserslist from 4.16.1 to 4.16.6
• 78da2f7 Bump postcss from 8.2.9 to 8.2.10
• 8f761fc Bump hosted-git-info from 2.8.8 to 2.8.9
• 068e3af Bump lodash from 4.17.20 to 4.17.21
• 0dc4cc1 Bump ua-parser-js from 0.7.23 to 0.7.28
• 44edc3d Merge pull request #1251 from IanDelMar/deps
• 6f7e7dd Bump @ babel/preset-env from 7.13.12 to 7.13.15
• aa35e25 Bump @ babel/core from 7.13.14 to 7.13.15
• 34c6599 Bump squizlabs/php_codesniffer from 3.5.8 to 3.6.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 More lessons are available in Snyk Learn