[Snyk] Fix for 23 vulnerabilities

[chris-green-s1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	No	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 250 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 (#3540)
• d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
• a722237 Remove lib folder from git (#3531)
• e0f5c1a Move changelog to root (#3530)
• f7bdce7 Duplicate dist files in root for older links (#3529)
• 0925cf1 Test-data module (#3525)
• 51fb02b Fixes #3504 / organizes tests (#3523)
• efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
• a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
• e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
• 95b9007 Update changelog
• 6238bbc Fixes #3508 (#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager (#3498)
• 0f271f3 issue#3481 ignore missing debugInfo (#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
• 0715d90 fix: Use make-dir instead of mkdirp (#3490)
• 2634494 Properly exit calc mode after use (#3493)
• 096dd22 Convert to auto-changelog (#3477)
• 842386b Fixes #3469 - Include tslib dependency (#3475)
• 1adaadb 3.11.0 (#3468)

See the full diff

Package name: react-highlight

The new version differs by 24 commits.

• ebad4d4 Update README.md
• 4fea775 new release
• 2485508 cleanup babelrc
• 0fc4790 Import
• 3c28ce0 Docs link
• 2660e0e Remove extra dep
• 4674e3c Made all tests pass
• 5901c28 Removed webpack config
• 93ddc98 Pulled in babel latest dep
• a4501e4 Update Readme
• f63da19 version update to fix build issue
• 86d295e Released 0.11.0 version
• 660fff2 Merge pull request Upgrade webpack-dev-server demisto/sane-reports#51 from akiran/rewrite
• fe96677 Added package-lock to gitignore
• bcdec94 Removed docs
• 9c2712f Merge branch 'react-v16' of https://github.com/briancappello/react-highlight into rewrite
• 433f71c Merge pull request Fix markdown paragraph and hardbreak demisto/sane-reports#46 from knewzen/master
• ccd8b36 remove codesponsor
• 9e7d444 Update README.md
• d128058 fix typo in prepublish command
• 12d67cf fix tests
• 388c8ec support react v16
• 798da1d upgrade babel
• dda2963 updated version with react 15.0 support

See the full diff

Package name: semantic-ui

The new version differs by 250 commits.

• cc5e7f3 Tag more issues reporting build typo
• 1c8f74c Remove lockfile
• 55e0ad0 Cleanup auto npm publish
• abfbbb9 Fix auto publishing npm
• de2d7fc Finalize fixing admin scripts with kludge
• 5bd99a3 Ye old annoying admin task rewrite
• d89327e Merge branch 'next' of github.com:Semantic-Org/Semantic-UI
• 6f2a912 Work on admin scripts gulp4
• b19d2d3 Merge branch 'master' of github.com:Semantic-Org/Semantic-UI into next
• 4b3fc0a Date
• 2ec0dd0 Update rls notes
• 2a7a90b Notes
• 49b9cbf #7023 Fix loading icon in button
• 9e12d42 Update notes
• 69d2ddb Merge pull request #7023 from flppv/next
• 365b6ba Merge pull request #7047 from jsoref/gitter-link
• 3aa6f7f Merge pull request #7062 from eltociear/patch-1
• 0300061 Rebuild with gulp4
• d948dfc RM package-lock from tracking
• 9a3300f Merge branch 'master' of github.com:Semantic-Org/Semantic-UI into next
• 9f59052 Merge pull request #7089 from LucienLeMagicien/master
• d965bea remove extra semicolon
• 825c5b7 Readme updates
• 6879d3a Fix typo in dimmer.js

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 More lessons are available in Snyk Learn