[Snyk] Fix for 60 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Command Injection SNYK-JS-CODECOV-543183	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Command Injection SNYK-JS-CODECOV-548879	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Command Injection SNYK-JS-CODECOV-585979	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHDEFAULTSDEEP-450198	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHDEFAULTSDEEP-450199	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:http-proxy-agent:20180406	Yes	Mature
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature
	469/1000 Why? Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:ip:20170304	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:vue:20180802	No	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-plugin-istanbul

The new version differs by 6 commits.

• ac8abab chore(release): 4.0.0
• e902924 fix: load configuration from process.env.NYC_CONFIG if present (adding FR translation bliblidotcom/vue-rangedate-picker#93)
• f77db2a feat: we can now use the language feature Object.assign (Bump eslint from 3.19.0 to 4.19.1 bliblidotcom/vue-rangedate-picker#92)
• 80afed9 docs(readme): add Greenkeeper badge 🌴 (add initRange bliblidotcom/vue-rangedate-picker#89)
• 594c03a feat: drop Node 0.10 and 0.12 support, upgrade dependencies to reflect this (Make initRange initialize the datepicker bliblidotcom/vue-rangedate-picker#88)
• f0b8d7e chore(package): update test-exclude to version 4.0.0 (In mobile, some parts of calendar hidden. bliblidotcom/vue-rangedate-picker#86)

See the full diff

Package name: codecov

The new version differs by 100 commits.

• 29dd5b6 3.7.1
• c0711c6 Switch from execSync to execFileSync (#180)
• 5f6cc62 Bump lodash from 4.17.15 to 4.17.19 (#183)
• 0c4d7f3 Merge pull request #182 from codecov/update-readme-badges
• cc5e121 Update depstat image and urls
• b44b44e Update readme with 400 error info (#181)
• bb79335 V3.7.0 (#179)
• 0d7b9b0 Remove `'x-amz-acl': 'public-read'` header (#178)
• eeff4e1 Bump acorn from 5.7.3 to 5.7.4 (#174)
• eb8a527 Merge pull request #172 from RoboCafaz/bugfix/codebuild-pr-parser
• 55d69cd Merge pull request #159 from SaferNodeJS/master
• ef348ec Verify source version before parsing PR
• ebe132e 3.6.5
• 02cf13d [CE-1330] Escaping args (#167)
• e138efe Merge lastest changes
• bac0787 v3.6.4
• 203ff3a Merge pull request #161 from codecov/drazisil-patch-1
• 696562d Merge pull request #147 from iansu/patch-1
• 7856231 v3.6.3
• 96e6d96 Merge pull request #166 from codecov/chore/updates
• c8ea169 update deps
• 7c4cdc4 Merge pull request #149 from aiell0/master
• 62389fa Merge pull request #162 from codecov/dependabot/npm_and_yarn/handlebars-4.5.3
• 73ae008 Add dependabot config

See the full diff

Package name: copy-webpack-plugin

The new version differs by 85 commits.

• 650d44d chore(release): 5.1.2
• a42d63f fix(security): update `serialize-javascript` (#521)
• 96e2315 chore(release): 5.1.1
• 3b79595 fix: allow to setup empty array (#425)
• 5df649c chore(release): 5.1.0
• c936416 refactor: tests (#421)
• 08a4d7f docs: fix
• 8b13bc3 refactor: improve schema
• d155dd0 docs: update ignore instructions (#410)
• 45780be docs: example for placeholders in `to` (#420)
• 452539a feat: validate options (#419)
• 4826e56 fix: better to determine when glob is used
• 51c3680 docs: issue 408 (#418)
• f6f72a7 chore(deps): update
• 0675847 chore(release): 5.0.5
• 9146c2a docs: fix typo (#401)
• 3103940 refactor: minor code refactor (#399)
• c546871 perf: improvement for webpack@5 (#406)
• 5db376b chore(deps): update (#409)
• 806eb41 docs: fix broken fragment links (#398)
• 6158483 chore(release): 5.0.4
• cd0e9f5 docs: clarify plugin description (#395)
• f848140 test: refactor (#394)
• ff0c736 refactor: tests (#393)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 77bb207 5.7.0
• aa599c4 Build: changelog update for 5.7.0
• 536611a Revert "Build: Use karma-chrome-launcher to run tests (#10898)" (#10973)
• 6cb63fd Update: Add iife to padding-line-between-statements (fixes #10853) (#10916)
• 5fd1bda Update: no-tabs allowIndentationTabs option (fixes #10256) (#10925)
• d12be69 Fix: no-extra-bind No autofix if arg may have side effect (fixes #10846) (#10918)
• 847372f Fix: no-unused-vars false pos. with markVariableAsUsed (fixes #10952) (#10954)
• 4132de7 Chore: Simplify space-infix-ops (#10935)
• 543edfa Fix: Fix error with one-var (fixes #10937) (#10938)
• 95c4cb1 Docs: Fix typo for no-unsafe-finally (#10945)
• 5fe0e1a Fix: no-invalid-regexp disallows \ at end of pattern (fixes #10861) (#10920)
• f85547a Docs: Add 'When Not To Use' section to space-infix-ops (#10931)
• 3dccac4 Docs: Update working-with-parsers link (#10929)
• 557a8bb Docs: Remove old note about caching, add a new one (fixes #10739) (#10913)
• fe8111a Chore: Add more test cases to space-infix-ops (#10936)
• 066f7e0 Update: camelcase rule ignoreList added (#10783)
• 70bde69 Upgrade: table to version 5 (#10903)
• 9bc3f7c Build: Use karma-chrome-launcher to run tests (#10898)
• 2e52bca Chore: Update issue templates (#10900)
• bf96e96 5.6.1
• 7e13c4c Build: changelog update for 5.6.1
• 9b26bdb Fix: avoid exponential require-atomic-updates traversal (fixes #10893) (#10894)
• 9432b10 Fix: make separateRequires work in consecutive mode (fixes #10784) (#10886)
• e51868d Upgrade: debug@4 (fixes #10854) (#10887)

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: http-server

The new version differs by 205 commits.

• 77243e7 0.13.0
• a845834 Update dependency tree
• f2c0dfb update milestone
• aec3911 update security for release
• 1f994c0 Merge pull request #591 from http-party/no_server_headers
• c57654d Merge branch 'master' into no_server_headers
• a4ec10b Merge pull request #713 from http-party/codeql-bye-bye
• 6b87653 drop codeql
• a7fdf0f remove server header
• cd1afb7 Merge pull request #706 from zbynek/no-charset-binary
• 46c0ce7 Merge pull request #705 from zbynek/patch-1
• 9c51cb2 Merge branch 'master' into no_server_headers
• cd84a85 revert
• 7830ac2 Remove charset from header of binary files
• b4991b8 Remove line break from LICENSE
• fab3248 Merge pull request #704 from zbynek/patch-1
• e9716d1 Account for CRLF in a test
• 0f3e241 Merge pull request #642 from skyward-luke/master
• 33fe714 Merge pull request #702 from http-party/replace-travis
• e9ad269 Replace travis badge
• f09c821 Update node.js.yml
• 2c2ad02 Update node.js.yml
• dad375d Update node.js.yml
• 133a64c Update node.js.yml

See the full diff

Package name: karma

The new version differs by 250 commits.

• 3653caf chore(release): 6.0.0 [skip ci]
• 04a811d fix(ci): abandon browserstack tests for Safari and IE (#3615)
• 4bf90f7 feat(client): update banner with connection, test status, ping times (#3611)
• 68c4a3a chore(test): run client tests without grunt wrapper (#3604)
• fec972f fix(middleware): catch errors when loading a module (#3605)
• 3fca456 fix(server): clean up close-server logic (#3607)
• 1c9c2de fix(test): mark all second connections reconnects (#3598)
• 87f7e5e chore(license): Update copyright notice to 2020 [ci skip] (#3568)
• e6b045f chore(deps): npm audit fix the package-lock.json (#3603)
• 3c649fa chore(build): remove obsolete Grunt tasks (#3602)
• 8997b74 fix(test): clear up clearContext (#3597)
• fe0e24a chore(build): unify client bundling scripts (#3600)
• 1a65bf1 feat(server): remove deprecated static methods (#3595)
• fb76ed6 chore(test): remove usage of deprecated buffer API (#3596)
• 35a5842 feat(server): print stack of unhandledrejections (#3593)
• 4a8178f fix(client): do not reset karmaNavigating in unload handler (#3591)
• 603bbc0 feat(cli): error out on unexpected options or parameters (#3589)
• 7a3bd55 feat: remove support for running dart code in the browser (#3592)
• 1b9e1de fix(deps): bump socket-io to v3 (#3586)
• 3fed0bc fix(cve): update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#3578)
• f819fa8 fix(cve): update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#3584)
• 05dc288 fix(context): do not error when karma is navigating (#3565)
• e5086fc docs: clarify `browser_complete` vs `run_complete`
• ead31cd chore(release): 5.2.3 [skip ci]

See the full diff

Package name: karma-coverage

The new version differs by 36 commits.

• 32acafa chore(release): 2.0.2 [skip ci]
• bb8f9ee chore: add semantic-release for project - fix #408 (#413)
• 9c37de6 chore: add check commit message (#411)
• 27822c9 ci(test): use eslint as ci command and add all js files to check by eslint (#410)
• 1adb27a ci: drop node 8, adopt node 12 (#409)
• 4962a70 fix(reporter): update calls to match new API in istanbul-lib-report fix #398 (#403)
• fc6e289 refactor: remove isAbsolute and replace with path.isAbsolute (#405)
• 83bafc3 refactor: replace migrate coffee unit tests to modern JS (#407)
• 49f174d refactor: onRunComplete method to upgrade on new major version of Istanbul (#406)
• 4cfa697 chore: Update dev Dependencies eslint and load-grunt-tasks (#387)
• 5cf931a fix: remove information about old istanbul lib (#404)
• 352254a chore(deps): bump handlebars from 4.1.2 to 4.5.3 (#399)
• 0ee780c chore(deps): bump lodash.template from 4.4.0 to 4.5.0 (#392)
• d18cde4 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (#397)
• 55aeead Update Source Map Handling (#394)
• b23664e Added debug msg whether coverage is in reporters (#396)
• d3f53e3 chore(all): Migrate to ES6 (#385)
• 9c8a222 Make travis file simpler (#386)
• b76db9e Remove unused dateformat dependency (#384)
• 075ece0 Remove unused istanbul dependency (#382)
• 9184fc0 chore: release v2.0.1
• 57d4bd3 chore(deps): npm audit fix --force; update travis.yml (#380)
• 0e2800b chore: release v2.0.0
• 99c0c35 chore: update contributors

See the full diff

Package name: karma-mocha

The new version differs by 18 commits.

• 5828416 chore(release): 2.0.0 [skip ci]
• 4e35a55 chore(ci): semantic-release on success (#221)
• 00b24b6 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (#220)
• f7ec4e7 Merge pull request #218 from karma-runner/semanitic-release
• 5a5b6d5 feat(ci): enable semanitic-release
• 36404cf Merge pull request #217 from franktopel/minimist-update
• bab0416 updated minimum version of minimist dependency to ^1.2.3 instead of 1.2.0
• 3f9e4b7 Revert "updated minimum version of minimist dependency to ^1.2.3 instead of 1.2.0"
• a9bfdf9 updated minimum version of minimist dependency to ^1.2.3 instead of 1.2.0
• 3dd7a56 Merge pull request #215 from mbaumgartl/update-node-versions
• 844939c Merge pull request #213 from mbaumgartl/fix-travis-build
• fd64f5b Update Node.js versions
• 6eb28de Fix Travis builds
• c8feade Merge pull request #210 from elpddev/chore/align-node-support-same-as-karma
• ea076c0 test(mock-fs): update mock-fs version
• 2fb6c93 ci(node versions): change running node verison the same as karma package
• 6c63662 Merge pull request #122 from maksimr/karma-mocha-109
• e847121 feat: Expose 'pending' status

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (#4026)
• 3f7b987 uncaughtException: report more than one exception per test (#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes #4035 (#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (#4025)
• 9650d3f add OpenJS Foundation logo to website (#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (#3971)
• aca8895 Add link checking to docs build step (#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (#3986)
• 18ad1c1 treat '--require esm' as Node option (#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (#3984)
• ad4860e Remove extraGlobals() (#3970)
• b269ad0 Clarify effect of .skip() (#3947)
• 1e6cf3b Add Matomo to website (#3765)
• 91b3a54 fix style on mochajs.org (#3886)

See the full diff

Package name: mocha-loader

The new version differs by 15 commits.

• a06194d chore(release): 2.0.1
• a8d3eaf Mark mocha@6 compatibility and upgrade all dependencies
• 66c1dca chore(release): 2.0.0
• d7b005c refactor(index): remove outdated loader caching mechanism (`webpack >= v2.0.0`)
• fd095cf test(loader): migrate to `@ webpack-contrib/test-utils`
• 1a244e4 refactor(lib): rename folder to `src`
• 0123bcf chore(package): update `dependencies` && `devDependencies`
• c78e850 docs(readme): standardize formatting
• 9b01fcc ci(codecov): remove custom config, use defaults
• 1d3e725 build(commitlint): remove unnecessary commit linting
• 109df98 refactor(example): move example to the README
• 844df18 build(babelrc): remove unnecessary transpiling via `babel`
• e7030b9 docs(readme): fix link to `CONTRIBUTING.md` (Project appears dead bliblidotcom/vue-rangedate-picker#74)
• 5ab9ea1 chore(package): upgrade to `[email protected]` and `[email protected]` (`dependencies`) (Agregar Idioma bliblidotcom/vue-rangedate-picker#75)
• cc09b1a refactor(defaults): update to `webpack-defaults@latest` (Indonesian language. How to have english version bliblidotcom/vue-rangedate-picker#73)

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (#5160)
• eb93d92 fix corner case in `awaits` (#5158)
• a0250ec fix corner case in `dead_code` (#5154)
• 2580162 parse `let` as symbol names correctly (#5151)
• 32ae994 fix issues in tests flagged by LGTM (#5150)
• 03aec89 fix corner cases in `strings` & `templates` (#5147)
• faf0190 document ECMAScript quirks (#5148)
• c8b0f68 fix corner case in `merge_vars` (#5143)
• 87b9916 fix corner case in `inline` (#5141)
• 940887f fix corner case in `evaluate` (#5139)
• 0b2573c fix corner case in `templates` (#5137)
• 1575210 avoid potential RegExp denial-of-service (#5135)
• f766bab enhance `templates` (#5131)
• 436a293 enhance `dead_code` (#5130)
• 55418fd fix corner case in `rests` (#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (#5123)
• c3aef23 fix corner case in `reduce_vars` (#5121)
• db94d21 fix corner case in `side_effects` (#5118)
• 9634a9d fix corner cases in `optional_chains` (#5110)
• befb99b fix corner case in `inline` (#5115)
• 02eb8ba fix corner case in `collapse_vars` (#5113)
• c09f63a fix corner case in `rests` (#5109)

See the full diff

Package name: vue

The new version differs by 4 commits.

• 636c9b4 build: release 2.5.17
• 7e75b79 build: build 2.5.17
• b3c5e64 chore: minor tweaks
• c28f792 fix: fix potential xss vulnerability in ssr

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f010546 update examples
• bc840ec 3.11.0
• 9323ee6 Merge pull request #6398 from addaleax/no-binding
• c7cbc35 Merge pull request #6430 from jbottigliero/update/ajv
• 61b75b7 update ajv + ajv-keywords
• 8da8b93 Work around Node environment variable bug
• ddb1fad Merge pull request #6408 from ocombe/fix/#6407-empty-array
• 2aebfbe fix(ConcatenatedModule): don't throw on arrays with empty values
• 3972d9a Merge pull request #6391 from nerdkid93/patch-1
• e4375f8 Avoid relying on Node’s internals
• 0dd1727 change polymer loader link
• 33f518b Merge pull request #6300 from nename0/fix-6243
• 80ed1c4 Merge pull request #6335 from Connormiha/banner-plugin-optimize
• 5d93c53 Minor optimize banner plugin
• 1895b76 Add Tests checking chunkhash of runtime chunk only changes if needed
• dc7ebeb Fix #6243: Don't include initial chunks in chunkhash computation
• b545b51 Merge pull request #6242 from nename0/6239-require-ensure-initial-chunks
• b059e07 Merge pull request #6176 from mikegreiling/fix-no-fail-on-child-compilation-error
• 64c4350 Update StatsTestCases
• 8b0a2ad Merge pull request #6225 from neeharv/feature/async-script-type
• d1e0bec Fix: the require-ensure only includes non-initial chunks
• 21b5a02 stringify jsonpScriptType option
• 8eb0bb6 move default script type option to WebpackOptionsDefaulter
• be327f9 lint fixes

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

_{Mention [stepsize] in a comment if you'd like to report some technical debt. See examples here.}

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication