[Snyk] Fix for 13 vulnerabilities

[christopherclark]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-cssmin

The new version differs by 39 commits.

• 3ff3635 v4.0.0.
• a62ac0e package.json: switch to the caret operator for clean-css
• f8b6a7b Adds "no rebase" test case.
• 5c05f6b Updates clean-css dependency to version 5.
• 83b0c2f Update all dependencies except clean-css
• e6dc6f8 Bump lodash from 4.17.15 to 4.17.19 (#305)
• efa725b Bump underscore.string from 3.3.4 to 3.3.5 (#303)
• 6d57138 Merge pull request #302 from gruntjs/dependabot/npm_and_yarn/lodash-4.17.15
• 866523c Bump lodash from 4.17.10 to 4.17.15
• 052b0cb v3.0.0.
• 142e850 Update all deps and require Node.js >= 6.
• 07bf23c v2.2.1.
• eb66929 Use new rebase configuration for clean-css@4 (#296)
• 5404a77 Update clean-css to v4.1.1.
• f3e3987 Set required Node.js version to >=4 since clean-css 4.x requires that.
• 22471fe Update URL to clean-css repo.
• e6b2d72 Merge pull request #281 from gruntjs/cleancss4
• c4aa531 v2.0.0.
• 47e6ed6 Update clean-css to ~4.0.3.
• 142b040 v1.0.2
• f806e2d Merge pull request #271 from hthief/master
• 11e6558 Path implementation changed in node v6 to assert inputs as strings
• 3c13094 Update CI configs from the latest grunt-contrib-internal.
• da1a48b Upgrade grunt and devDeps to 1.0

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 88 commits.

• a3f3f34 5.2.1
• 3c8d904 Update Readme
• 0850dcd update dependencies (#568)
• c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
• 98b4c5f Fix documentation in relation to issue #565 (#566)
• 7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
• e410511 Update deps, v5.1.0 (#564)
• 2cb31be Update uglify-js to v3.15.2 (#562)
• 12ca0f2 Fix wording in README.md (#560)
• 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
• 0e4b1a0 Update uglify-js (#557)
• 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
• 4e83e45 Update UglifyJS to 3.13.3 (#554)
• 8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
• 14b71da v5.0.0
• 9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
• 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
• b7bcde4 Delete .travis.yml
• cba2631 Delete appveyor.yml
• 3dc53f0 ini github workflow
• f65dbb9 v4.0.1. (#535)
• b33a071 upgrade devDependencies (#536)
• 1e40037 upgrade to uglify-js 3.5.0 (#534)
• 33724cd update links to uglifyJS documentation (#530)

See the full diff

Package name: grunt-shell

The new version differs by 12 commits.

• 0eeba40 3.0.0
• 62cdda5 Require Node.js >=6 and Grunt >=1
• 86680b4 Allow functions as shorthand commands ((feat) Added ability to get news information from nytimes api hrr11-gremlin/Represent#118)
• 32cac78 2.1.0
• 91aec55 Make it possible to specify cwd as a top-level target config entry (restyle state page (link to district page) [] hrr11-gremlin/Represent#113)
• 9f190dc Fix for Windows: don't modify process.env (clean-up backend? [] hrr11-gremlin/Represent#112)
• 780086a Update links (redo database? [] hrr11-gremlin/Represent#110)
• 9fa3d68 2.0.0
• 3619e4c increase default max buffer size
• 1159f25 change `preferLocal` option to be `true` by default
• 3b379e7 [BREAKING] ES2015ify and require Node.js 4
• 88e6f6e simplify and improve `preferLocal` option

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn