[Snyk] Fix for 22 vulnerabilities

[chris-green-s1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 250 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 (#3540)
• d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
• a722237 Remove lib folder from git (#3531)
• e0f5c1a Move changelog to root (#3530)
• f7bdce7 Duplicate dist files in root for older links (#3529)
• 0925cf1 Test-data module (#3525)
• 51fb02b Fixes #3504 / organizes tests (#3523)
• efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
• a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
• e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
• 95b9007 Update changelog
• 6238bbc Fixes #3508 (#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager (#3498)
• 0f271f3 issue#3481 ignore missing debugInfo (#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
• 0715d90 fix: Use make-dir instead of mkdirp (#3490)
• 2634494 Properly exit calc mode after use (#3493)
• 096dd22 Convert to auto-changelog (#3477)
• 842386b Fixes #3469 - Include tslib dependency (#3475)
• 1adaadb 3.11.0 (#3468)

See the full diff

Package name: postcss-reporter

The new version differs by 10 commits.

• 67bd0ef Prepare 5.0.0
• e1f50c0 Drop support for Node 0.12 (update lodash demisto/sane-reports#42)
• 150897d Move PostCSS from peerDependencies to dependencies
• c33ef36 Add changelog note
• fa02dbb PostCSS v6
• ea2ff31 Prepare 3.0.0
• 10c11db Add new option to clear messages for others plugins. (Report fixes demisto/sane-reports#33)
• be81a59 Prepare 2.0.0
• 3141991 Merge pull request Duration and fixes demisto/sane-reports#31 from shouze/issues/30
• 56a8e5a Should report only error & warning typed messages by default

See the full diff

Package name: semantic-ui

The new version differs by 250 commits.

• cc5e7f3 Tag more issues reporting build typo
• 1c8f74c Remove lockfile
• 55e0ad0 Cleanup auto npm publish
• abfbbb9 Fix auto publishing npm
• de2d7fc Finalize fixing admin scripts with kludge
• 5bd99a3 Ye old annoying admin task rewrite
• d89327e Merge branch 'next' of github.com:Semantic-Org/Semantic-UI
• 6f2a912 Work on admin scripts gulp4
• b19d2d3 Merge branch 'master' of github.com:Semantic-Org/Semantic-UI into next
• 4b3fc0a Date
• 2ec0dd0 Update rls notes
• 2a7a90b Notes
• 49b9cbf #7023 Fix loading icon in button
• 9e12d42 Update notes
• 69d2ddb Merge pull request #7023 from flppv/next
• 365b6ba Merge pull request #7047 from jsoref/gitter-link
• 3aa6f7f Merge pull request #7062 from eltociear/patch-1
• 0300061 Rebuild with gulp4
• d948dfc RM package-lock from tracking
• 9a3300f Merge branch 'master' of github.com:Semantic-Org/Semantic-UI into next
• 9f59052 Merge pull request #7089 from LucienLeMagicien/master
• d965bea remove extra semicolon
• 825c5b7 Readme updates
• 6879d3a Fix typo in dimmer.js

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn