[Snyk] Fix for 2 vulnerabilities

[chriswrightdesign]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-plugin-module-resolver

The new version differs by 20 commits.

• ff8a445 chore(release): 5.0.0
• c43e71c chore: Update dependencies and find-babel-config to fix json5 vulnerabilities (#441)
• f2daf06 docs: Valid install commands when using Github copy button (#426)
• f533cc2 chore(release): 4.1.0
• 57c53c3 chore: Run CI on node >= 10
• 91c053c chore: Update husky & lint-staged
• 2a14940 chore: Update standard-version to v9.0.0
• facf14c feat: Add new jest methods (#419)
• a3eba3a chore(deps): bump ini from 1.3.5 to 1.3.8 (#418)
• e4a1165 docs: update readme to include Intellij / Webstorm workaround for resolving aliases (#410)
• 8a3ac0f chore(deps): bump yargs-parser from 13.1.1 to 13.1.2 (#408)
• aac96f2 chore(deps-dev): bump standard-version from 7.0.1 to 8.0.1 (#401)
• 1179e27 chore(deps): bump lodash from 4.17.15 to 4.17.19 (#402)
• 5e3feaa docs: Add yarn install command (#394)
• a65c39a chore(release): 4.0.0
• a5045b0 chore: Add Test github action (#378)
• 0cef5ee chore: Update dependencies (#377)
• 8963f88 docs: Add Quasar Framework as a user using this lib (#364)
• f2173ee feat: Add support for alias with array of paths (#376)
• 77b1bc1 chore: Update Expo link (#370)

See the full diff

Package name: doctoc

The new version differs by 18 commits.

• 2faf563 2.0.0
• 68af396 Bump lodash from 4.17.15 to 4.17.20 (docs: add rafgraph as a contributor kentcdodds/kcd-scripts#187)
• 9bc2c83 Update dependencies to fix deprecation warnings (docs: add MichaelDeBoey as a contributor kentcdodds/kcd-scripts#179)
• d38d04b pre-commit docs: update sha -> rev (docs: add rbusquet as a contributor kentcdodds/kcd-scripts#178)
• bf7896b collapse consecutive blank lines if there's no title (closes Prettier kentcdodds/kcd-scripts#101) (6.1.0 seems to have a regression kentcdodds/kcd-scripts#145)
• 88ec7cd Merge pull request chore: Add 'Cancel Previous Runs' step kentcdodds/kcd-scripts#181 from uetchy/preserve
• f07f3aa fix: update notice text
• 88e4c56 docs: add help text for --update-only
• 04ffd96 feat: add notice for --update-only
• 2be533d chore: rename --preserve to --update-only
• 617c7c5 feat: flag to keep file without toc untouched
• f146558 add --all flag (Add Rollpkg to other solutions kentcdodds/kcd-scripts#186)
• 751f031 show warning if --all flag is set
• 41bd8ff change --entire to --all
• de06803 Make commands explicit and update npm versions (docs: add aprillion as a contributor kentcdodds/kcd-scripts#180)
• 405b035 add --entire flag
• 427b21a Create FUNDING.yml
• e4c74ae expose API in top level (feat: update all deps kentcdodds/kcd-scripts#160)

See the full diff

Package name: eslint-config-kentcdodds

The new version differs by 70 commits.

• 9ad1375 feat: update dependencies (Allow to debug unit tests, e.g. Visual Studio Code kentcdodds/kcd-scripts#78)
• f67857d fix: disable no-promise-executor-return
• 9137e63 chore: fix prettier config
• ae2b3dd fix: update best-practices.js (refactor(tests): removes mockClear kentcdodds/kcd-scripts#76)
• d585bd5 chore: remove circular dep on kcd-scripts
• 4d849c5 fix: Fix peerDependencies (Add support for flow in babel kentcdodds/kcd-scripts#77)
• 5ab7684 chore: restore validation in travis
• 7c82d99 chore: disable validate temporarily
• 36edffc chore: update all deps
• d41a11f feat: Support ESLint 7.x (check prettier formatting in validate script kentcdodds/kcd-scripts#64)
• a75feb8 fix: drop Node 8
• 37b6f5c chore: remove node 8 from travis
• b3a6d94 feat: Update dependencies & add new rule (Add support for flow in babel kentcdodds/kcd-scripts#75)
• 9d83799 docs: add benmonro as a contributor (fix(scipts tests): removes unused mocks kentcdodds/kcd-scripts#74)
• 1a27012 feat(jest-dom): add new rule from jest-dom (feat(deps): upgrade everything kentcdodds/kcd-scripts#73)
• 756d2e5 feat: Update dependencies & add new rules (fix: support babel.config.js kentcdodds/kcd-scripts#72)
• 0e47472 fix: Alphabetize jest rules (Use @babel/runtime helpers instead of bundled ones kentcdodds/kcd-scripts#71)
• 84a7959 fix: Update dependencies (lintstagedrc.js failes on Windows  kentcdodds/kcd-scripts#70)
• 7fb9f77 fix: Fix hasJestDom & hasTestingLibrary checks (Scoped package name is resulting into weird path in dist/ kentcdodds/kcd-scripts#69)
• 7be82bd feat: Update dependencies & add new rules (Fix ci kentcdodds/kcd-scripts#68)
• 7665b2a feat: Update dependencies & add new rules (feat: support custom node version based on engines kentcdodds/kcd-scripts#66)
• 1c4356d feat(curly): add curly config for multi-line
• 207b3c4 refactor: Cleanup dependency calculation (chore: upgrade travis-deploy-once dependency kentcdodds/kcd-scripts#63)
• c2b55ab feat: only add testing library plugins when needed

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution