[Snyk] Fix for 3 vulnerabilities

[ayishagisel]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes Update adding-typescript.md facebook/create-react-app#10801) (Completely issue with macbook pro M1 facebook/create-react-app#10802)
• 5103ee7 Docs: Add Brackets integration (tsconfig compilerOptions paths alias config not working facebook/create-react-app#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (Material UI core components not installed with CRA facebook/create-react-app#10808)
• 2824d43 Docs: fix comment placement in a code example (react-app-polyfill only "starts"/activates when running local development mode on Windows facebook/create-react-app#10799)
• 10690b7 Upgrade: devdeps and deps to latest (Shouldn't the const braces be removed to make it work properly? facebook/create-react-app#10622)
• 80c8598 Docs: gitignore syntax updates (fixes Provide a way to configure the mainFields for webpack facebook/create-react-app#8139) (App returns blank page in the first time after upgrading react-scripts to v4.0.3 facebook/create-react-app#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (Bug with redux in firefox facebook/create-react-app#10764)
• a857cd9 5.4.0
• 8dee250 Build: changelog update for 5.4.0
• a70909f Docs: Add jscs-dev.github.io links (Change node-sass to sass because node-sass is deprecated facebook/create-react-app#10771)
• 034690f Fix: no-invalid-meta crashes for non Object values (fixes Changing the location of Jest test snapshots facebook/create-react-app#10750) (wrap scripts into dom loaded event listener if defer is specified facebook/create-react-app#10753)
• 11a462d Docs: Broken jscs.info URLs (fixes after installing home-brew  facebook/create-react-app#10732) (changes to install package as dev dependancy facebook/create-react-app#10770)
• 985567d Chore: rm unused dep string.prototype.matchall (npx create-react-app isnt working facebook/create-react-app#10756)
• f3d8454 Update: Improve no-extra-parens error message (Upgrade jest from 26.6.0 to 27.0.0-next.6 facebook/create-react-app#10748)
• 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes Fixed broken link for the pace.js facebook/create-react-app#10722) (npm update fails in CRA app after node-sass facebook/create-react-app#10749)
• 6492233 Chore: enable no-prototype-builtins in codebase (fixes babel-preset-react-app no longer generates ES modules with babel CLI facebook/create-react-app#10660) (Bump elliptic from 6.5.3 to 6.5.4 in /docusaurus/website facebook/create-react-app#10664)
• 137140f Chore: use eslintrc overrides (#10677)
• 2af6f4f 5.3.0
• 11e70c7 Build: changelog update for 5.3.0
• dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes Unable to delete project created with "npx create-react-app" facebook/create-react-app#9695) (CVE-2021-27290 in react-scripts due to using old version of webpack facebook/create-react-app#10699)
• 6009239 Chore: rename utils for consistency (EXC-68: customize react scripts facebook/create-react-app#10727)

See the full diff

Package name: lerna

The new version differs by 250 commits.

• 0c40a17 chore(release): publish v3.0.0
• aa29ff5 chore(release): No more release candidates
• 4dd10cf test(integration): Improve test root normalization pattern
• cbac458 test(helpers): Show empty log message's prefix
• 627cfc2 fix(publish): Improve `npm pack` experience
• 9c767ac feat: Add @ lerna/log-packed module, extracted from npm
• 012afcc test(publish): Avoid npm login-required validation in CI
• 8d80b2c feat(publish): Run `npm pack` before `npm publish`
• 088ea54 feat(npm-publish): Add npmPack export
• be453cd feat(package): Add tarball property
• ebc8ba6 feat(publish): Validate npm registry and package access prerequisites
• 0097360 refactor(publish): Pass npmConfig to dist-tag methods
• 37e3ec7 refactor(publish): Move license setup into class method
• 410b8d5 test(npm-publish): Use actual Package instance in tests
• 566ab0e refactor(get-npm-exec-opts): Always return env, even if empty
• 3a5c079 chore(serialize-tempdir): Remove desperate logging
• 3cc6ccf chore(windows): Massive simplification of tempdir serializer
• 92e48c1 test: Move windows path serializer 'before' tempdir serializer
• 9c030c6 chore(pkg-matchers): Normalize backslashes of version comparison
• 00436cd Revert "fix(add): Always use POSIX paths when computing relative file: specifiers"
• aae9adb chore(windows): Add ludicrous logging to serialize-tempdir
• ffe354f fix(add): Always use POSIX paths when computing relative file: specifiers
• 16d93b6 test(listable): Turn off chalk so stuff doesn't fail in CI
• 1d6fbc0 chore(windows): join the wack to the whack path

See the full diff

Package name: lerna-changelog

The new version differs by 99 commits.

• a536a41 v0.8.0
• 7b99ca7 Update Changelog
• e91182a Merge pull request [Snyk] Fix for 1 vulnerabilities #116 from Turbo87/color-blind-progress-bar
• e548592 Fix progress bar rendering for `--no-color`
• c39f612 Merge pull request [Snyk] Security upgrade webpack from 3.12.0 to 4.0.0 #115 from Turbo87/cli-options
• 0bd7f7b Merge pull request [Snyk] Security upgrade lerna from 2.6.0 to 3.0.0 #114 from Turbo87/to-from
• 819e45e cli: Add "epilog"
• 9a20eda cli: Use wider `wrap` value
• 24f0865 Add `--from` and `--to` as replacements for `--tag-from/to`
• c3e6525 Merge pull request [Snyk] Security upgrade lerna from 2.6.0 to 3.0.0 #113 from Turbo87/readme
• cae018c Update `progress` to v2.0.0 ([Snyk] Security upgrade webpack-dev-server from 2.11.0 to 3.11.3 #111)
• 8a10dbc Rewrite README file
• 3ae650c Add LICENSE file
• acd2dc8 Update `rimraf` to v2.6.2 ([Snyk] Security upgrade webpack-dev-server from 2.11.0 to 4.7.3 #112)
• 06189ab Update `p-map` to v1.2.0 ([Snyk] Security upgrade lerna-changelog from 0.6.0 to 0.7.0 #110)
• b1ca3bd v0.8.0-beta.2
• 6b4b418 Update Changelog
• b400a33 Update `yargs` to v11.0.0 ([Snyk] Security upgrade webpack-dev-server from 2.11.0 to 4.7.3 #109)
• 7c7ab16 Merge pull request [Snyk] Security upgrade jest from 22.4.1 to 25.0.0 #108 from Turbo87/progress
• 17d4462 Improve progress reporting
• 00b0497 Merge pull request [Snyk] Security upgrade react-dev-utils from 5.0.3 to 12.0.0 #107 from Turbo87/tag-parsing
• 7e0b3ed Fix `refName` parsing
• 73d7bbe Merge pull request [Snyk] Security upgrade react-dev-utils from 5.0.3 to 12.0.0 #106 from Turbo87/period
• 152fcc5 Remove periods from PR titles

See the full diff

Package name: lint-staged

The new version differs by 250 commits.

• 885a644 Merge pull request Add root imports with tilde prefix facebook/create-react-app#852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request After ejecting, unsure of how to add Bourbon / Neat to webpack facebook/create-react-app#837 from okonet/serial-git-add

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution