[Snyk] Fix for 3 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 7 commits.

• ffa6775 1.4.0
• 63b2e89 Merge pull request #1728 from gruntjs/update-deps-changelog
• 106ed17 Update changelog and util dep
• 49de70b Merge pull request #1727 from gruntjs/update-deps-apr
• 47cf8b6 Update CLI and nodeunit
• e86db1c Merge pull request #1722 from gruntjs/update-through
• 4952368 Update deps

See the full diff

Package name: grunt-contrib-nodeunit

The new version differs by 18 commits.

• 1bf44d0 5.0.0
• 95c40bd Changelog
• beb2b27 Update deps (#78)
• 47c8bef Update nodeunit x (#75)
• 1622d58 chore(packages): updating all dev packages because of security vulnerabilities (Bump hosted-git-info from 2.8.8 to 2.8.9 twbs/grunt-bootlint#71)
• d538dad Bump async from 2.6.3 to 2.6.4 (Bump grunt from 1.0.4 to 1.3.0 twbs/grunt-bootlint#70)
• 193148c Bump ejs from 3.1.6 to 3.1.7 (Bump lodash from 4.17.19 to 4.17.21 twbs/grunt-bootlint#69)
• 4a0cd06 Bump grunt from 1.4.1 to 1.5.2 (Bump y18n from 4.0.0 to 4.0.1 twbs/grunt-bootlint#68)
• 74e1dc3 Readme generated
• 118b2b2 Update deps (Bump lodash from 4.17.15 to 4.17.19 twbs/grunt-bootlint#67)
• 9a6ee33 package.json: remove the unused appveyor_id property
• d39333a Bump glob-parent from 5.1.0 to 5.1.2 (Bump acorn from 6.3.0 to 6.4.1 twbs/grunt-bootlint#66)
• b2fc851 Bump hosted-git-info from 2.8.8 to 2.8.9 (Switch to GitHub Actions CI. twbs/grunt-bootlint#65)
• d7325a1 Fix changelog year
• 2953872 Update README
• ffeffaf Update dependencies (Update peerDependencies to support Grunt 1.0 twbs/grunt-bootlint#64)
• a4dba14 Bump yargs-parser from 13.1.1 to 13.1.2 (Travis: replace stable by 5. twbs/grunt-bootlint#61)
• b655307 Bump lodash from 4.17.15 to 4.17.19 (Lint tweaks. twbs/grunt-bootlint#60)

See the full diff

Package name: micromatch

The new version differs by 29 commits.

• 89efcff 4.0.0
• f3238cb Merge pull request #151 from micromatch/dev
• 7c78f9a ensure args are strings
• 2e42796 bump picomatch
• 09f8260 windows, it's time we had a talk...
• a49f94c fix slashes in tests
• a6ab670 use braces patch, build readme
• 976d956 upgrade braces and picomatch
• a6596da add benchmarks
• 11168b1 rename unixify to windows
• 5bf40fe package.json: Use github versions of deps to test the env.
• 5d78d48 Drop node v6 since picomatch doesnt support it.
• 96ac3ba Remove duplicate node. Remove unsupported node v7.
• bf44408 Merge branch 'master' into dev
• b8abcf9 Merge remote-tracking branch 'origin/dev'
• e07df11 rebuild docs
• 47340ad Merge remote-tracking branch 'origin/master' into dev
• 52df06d refactor
• 09bd55c Merge pull request #149 from Glazy/hotfix/issue-template-update
• c32543d Add myself to package.json contributors list
• 86858bf Update issue template w/ typo and question change
• f2ce9d2 Merge pull request #130 from wtgtybhertgeghgtwtg/unescape
• 677f127 Merge pull request #134 from Tvrqvoise/v3-changelog
• 4a70a66 Merge pull request #141 from simlu/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution