[Snyk] Fix for 6 vulnerabilities

[GTVolk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @vue/cli-plugin-unit-jest

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-service

The new version differs by 250 commits.

• 92d80a8 v5.0.1
• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 145aec1 7.16.0
• 83518a5 Build: changelog update for 7.16.0
• a62ad6f Update: fix false negative of no-extra-parens with NewExpression (fix another build matomo-org/matomo#13930)
• f85b4c7 Fix: require-atomic-updates false positive across await (fixes Have you eaten the territory of China ? matomo-org/matomo#11954) ([automatic translation update] Updated 651 strings in 8 languages (ru, zh-cn, es, pl, de, el, it, sq) matomo-org/matomo#13915)
• 301d0c0 Fix: no-constant-condition false positives with unary expressions ([automatic translation update] Updated 331 strings in 7 languages (de, el, es, it, sq, tr, be) matomo-org/matomo#13927)
• 555c128 Fix: false positive with await and ** in no-extra-parens (fixes doTrackGoal() in the PHP API should return success or failure response, not tracking GIF matomo-org/matomo#12739) (Enable fingers crossed handler via INI config and show backtrace in logs/archive api output matomo-org/matomo#13923)
• d93c935 Docs: update JSON Schema links (Update submodules. matomo-org/matomo#13936)
• 8d0c93a Upgrade: table@6.0.4 (Homograph attack matomo-org/matomo#13920)
• 9247683 Docs: Remove for deleted npm run profile script (Avoid browser tooltips for piwik-fields matomo-org/matomo#13931)
• ab240d4 Fix: prefer-exponentiation-operator invalid autofix with await (Fix insights test matomo-org/matomo#13924)
• dc76911 Chore: Add .pre-commit-hooks.yaml file (Don't tell people to run chmod -R 755 on their install if update fails matomo-org/matomo#13628)
• 2124e1b Docs: Fix wrong rule name (Allow customization of GeoIP2 database location using DI matomo-org/matomo#13913)
• 06b5809 Sponsors: Sync README with website
• 26fc12f Docs: Update README team and sponsors
• 902a032 7.15.0
• 6356778 Build: changelog update for 7.15.0
• 5c11aab Upgrade: @ eslint/esintrc and espree for bug fixes (refs “Anonymize past data” is not working matomo-org/matomo#13878) (Make sure all Matomo emails use correct branding. matomo-org/matomo#13908)
• 0eb7957 Upgrade: file-entry-cache@6.0.0 (don't work purge mysql db matomo-org/matomo#13877)
• 683ad00 New: no-unsafe-optional-chaining rule (fixes Fix "not empty" condition in SegmentExpression (#13386) matomo-org/matomo#13431) (Allow setting send_image=0 in js client matomo-org/matomo#13859)
• cbc57fb Fix: one-var autofixing for export (fixes Matomo 3.7.0, IIS 8, HTML 403, PHP 7.1.1 matomo-org/matomo#13834) (Do not fetch totals for insights matomo-org/matomo#13891)
• 110cf96 Docs: Fix a broken link in working-with-rules.md (Use Request::processRequest in UserId::isUsedInSite. matomo-org/matomo#13875)
• 0cb81a9 7.14.0
• fb3a594 Build: changelog update for 7.14.0
• 5f09073 Update: fix 'skip' options in no-irregular-whitespace (fixes Upgrade to 3.8.0b4 triggered failure to login without 'session_save_handler = ' matomo-org/matomo#13852) (If totals row already exists, do not recalculate in ReportTotalsCalculator. matomo-org/matomo#13853)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[github-actions]

This PR was last updated more than one month ago, maybe it's time to close it. Please check if there is anything we still can do or close this PR. ping @matomo-org/core-reviewers

[github-actions]

If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.