[Snyk] Fix for 22 vulnerabilities

[LiefBodhi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-image

The new version differs by 55 commits.

• f2cc810 6.3.0
• 9371d80 chore: add files field
• 903000e chore(deps): update dependencies
• 88ecb0f chore(deps): update dependencies
• 4e5bf8c refactor: use p-event to deprecate test.cb()
• 542b78d build(deps-dev): bump xo from 0.44.0 to 0.45.0
• 41d4316 test: tweak CI
• 4e1e143 docs: fix badge url
• 8fd2ac3 fix: fix lint issues
• 55560c8 chore(deps): update dependencies
• afd9121 refactor: use native ESM
• 71c04a3 Upgrade to GitHub-native Dependabot
• 764fd72 chore(deps): fix several dependencies
• 731b4e9 chore: update svgo
• 03f6276 chore: update lockfileVersion
• d7224a7 fix: fix lint issues
• 8171f51 build(deps-dev): bump xo from 0.36.1 to 0.37.1
• b7b83e1 build(deps): bump pretty-bytes from 5.4.1 to 5.5.0
• f84af02 build(deps-dev): bump ava from 3.14.0 to 3.15.0
• 7705905 chore(deps): update xo
• 9003c0b build(deps): [security] bump ini from 1.3.5 to 1.3.7
• ccfd32b build(deps-dev): bump ava from 3.13.0 to 3.14.0
• 17087e4 refactor: use GitHub Actions instead of Travis CI
• 5bb33de chore: drop Node.js 10 support

See the full diff

Package name: gulp-rev-all

The new version differs by 12 commits.

• d0bf52a Release v1.0.0 (Don't rely on a stable dictionary sort pypi/warehouse#197)
• 317401d Add more badges in README.md (Remove the Continous Deployment pypi/warehouse#196)
• a2eafb4 Update npm dependencies (add column to packages for current_serial, as well as trigger on journal... pypi/warehouse#195)
• e000132 Setup ESLint (What metadata/installability checks should Warehouse check uploads for? pypi/warehouse#194)
• c44f38c Setup Prettier (Module Import Errors pypi/warehouse#193)
• 1a6ae0a Commit package-lock.json (Address issue #191. pypi/warehouse#192)
• 743c1b9 Replace custom is_binary_file implementation with a library (Basic Typography pypi/warehouse#179)
• 51c5ce8 Do not stringify contents before calling md5 hasher (Exception when attempting to call xmlrpc.list_packages_with_serial() pypi/warehouse#167)
• 108ad70 Update Gulp link and add yarn example in README.md (attempt to fix xmlrpc encoding issue pypi/warehouse#169)
• d0e721c Update npm dependencies (Load Required PostgreSQL Extension into Database pypi/warehouse#190)
• a9401f5 Use 'Buffer.from()' instead of 'new Buffer()' (Unexpected XML-RPC Method Return Types pypi/warehouse#191)
• 06c12f7 Use only active versions of Node.js (6, 8, 10) on CI (Add links, fix broken link, and minor edits. pypi/warehouse#189)

See the full diff

Package name: gulp-sass

The new version differs by 5 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (Fix CSS errors pypi/warehouse#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (Enable "forever" caching of static assets pypi/warehouse#776)
• 8d6ac29 Update changelog

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request Bump types-redis from 4.2.6 to 4.3.1 pypi/warehouse#11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request Bump boto3-stubs from 1.24.9 to 1.24.10 pypi/warehouse#11603 from MayaWolf/master
• 76e8cbd Merge pull request Bump boto3 from 1.24.9 to 1.24.13 pypi/warehouse#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request Bump types-redis from 4.2.6 to 4.3.0 pypi/warehouse#11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request Bump types-pytz from 2021.3.8 to 2022.1.0 pypi/warehouse#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request Bump boto3 from 1.24.9 to 1.24.12 pypi/warehouse#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request Bump botocore from 1.27.9 to 1.27.10 pypi/warehouse#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request Bump boto3 from 1.24.9 to 1.24.11 pypi/warehouse#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request Bump babel from 2.10.2 to 2.10.3 pypi/warehouse#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request Bump types-redis from 4.2.6 to 4.2.7 pypi/warehouse#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request Bump botocore from 1.27.9 to 1.27.11 pypi/warehouse#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-stream

The new version differs by 77 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request Elasticsearch index name should be configurable. pypi/warehouse#212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request Fix #212 - Allow configuration of the search index pypi/warehouse#214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request Use the new deterministic gzip support in whitenoie 0.12 pypi/warehouse#225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request Switch customer Powered-By middleware with werkzeug HeaderRewriterFix pypi/warehouse#235 from marekdedic/webpack-5
• ff485fe Merge pull request Allow larger PGP key ids pypi/warehouse#234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

Package name: zopflipng-bin

The new version differs by 17 commits.

• 067584b 7.0.0
• 3ca52bc Use native ESM ([Snyk] Security upgrade pygments from 2.7.1 to 2.7.4 #25)
• d81ad03 Meta tweaks
• 6f49031 Tweak CI config
• bc98910 Use console.log to remove logalot
• 195df37 Use GitHub Actions instead ([Snyk] Security upgrade pygments from 2.5.2 to 2.7.4 #24)
• 9d5dcfe 6.0.1
• 18d1006 Add vendor/source to published npm files ([Snyk] Fix for 6 vulnerabilities #23)
• 9a1951e 6.0.0
• cfd1bf3 Set test timeout
• ae1029b Bundle source ([Snyk] Fix for 5 vulnerabilities #22)
• 1cf428e Require Node.js 10 ([Snyk] Security upgrade Pygments from 2.7.1 to 2.7.4 #21)
• ecf8627 Update zopfli sources to v1.0.3
• 3da7a0c Update zopflipng to 1.0.3-5-g9689d25-win64-msvc-2019-static-ltcg
• 0f54e96 Update Windows binary.
• 25158c1 Add Node.js 11 to the test matrix ([Snyk] Security upgrade gulp-sass from 4.1.0 to 5.0.0 #20)
• 50b6273 Use Travis to test on Windows ([Snyk] Security upgrade gulp-sass from 4.1.0 to 5.0.0 #19)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 NULL Pointer Dereference
🦉 More lessons are available in Snyk Learn