[Snyk] Fix for 40 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • escheduler-ui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-72889	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-72890	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Prototype Pollution SNYK-JS-ZRENDER-1586253	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:bootstrap:20160627	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:bootstrap:20180529	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bootstrap

The new version differs by 153 commits.

• 68b0d23 Dist
• 2ccfa57 handle # selector for dropdown
• a43077d Bump version to 3.4.1.
• d821de2 Backport sanitize docs from v4.
• 5cd9ef4 Add wdm gem for Windows.
• d6b8501 ES5 fixes.
• 2c8abb9 Add sanitize for tooltips and popovers html content.
• d4129df Bump year.
• 0d64d6a less/modals.less: Add missing semicolon.
• 48c5d7b Use https.
• b23e213 Update devDependencies and gems.
• 695c541 Fix redirects.
• 9206e46 Make meaning of tooltip's 'selector' option more clear in Bootstrap 3
• b285ea3 Add a few redirects.
• 3e1b894 Fix broken link in nav version dropdown.
• 3e519c3 Support nuget contentFiles, used for some project types (#27856)
• 4c547f2 Dist.
• 0f1c6b0 Move the whole autoprefixer config to configBridge.json.
• 9332f3c Add polyfills for older browsers.
• dd71b40 docs: Concat the IE files with the rest.
• 4a5c7f2 Update devDependencies, gems and lots of cleanup/build fixes.
• 7a2cdfb Center skippy.
• 3b82587 Restore `cursor: help` for `abbr`.
• bf69f1f Backport the `abbr` fix from the updated normalize.css.

See the full diff

Package name: canvg

The new version differs by 100 commits.

• 98a12cb Merge pull request Add unit tests for cn.escheduler.common.utils.JSONUtils apache/dolphinscheduler#712 from canvg/2.0.0
• 9eb51a5 rm beta
• 435d906 npm audit
• 4b9dee3 build
• 088abbe wip
• d04bb60 Merge pull request only write core dependency in Proposal doc apache/dolphinscheduler#710 from IronGeek/issue_709
• c2b43c6 fix build
• 67e33ec Merge pull request flink task support(flink 任务支持) apache/dolphinscheduler#711 from canvg/fix_build
• 4a9c313 lock node version
• 4eb5337 Parse number with scientific notation
• fbebf8e Merge pull request remove category x what can we not include in an asf project apache/dolphinscheduler#707 from fargyriou/702-font-parsing
• 55d67f0 Issue 702: Fixed font parsing when defined as "font" and not through font properties
• cef40f0 Merge pull request bug fix #688，a user generated multiple ip session, the query error apache/dolphinscheduler#689 from canvg/2.0.0-beta.1
• aa8e62e 2.0.0-beta.1
• 4497122 Merge pull request [Ask a question]master port is occupied（master端口被占用) apache/dolphinscheduler#684 from bz2/browser_optional
• 2d75e00 Update docs for 2.0 dependency changes
• a98c42d Support browser dist without canvas dependency
• f79c146 Merge pull request refactor zk client (#692) apache/dolphinscheduler#687 from canvg/dgorbash_master
• d9a772e adding test
• fe49c3b Merge branch 'textPath_support'
• fecc100 Backport upstream/master, minor code format fix
• 79c85e5 Sync master with upstream
• f236319 Merge pull request make the edit button of the properties file clickable apache/dolphinscheduler#678 from canvg/beta_readme
• b9c9223 spacing

See the full diff

Package name: copy-webpack-plugin

The new version differs by 70 commits.

• 650d44d chore(release): 5.1.2
• a42d63f fix(security): update `serialize-javascript` (read Enterprise WeChat config test apache/dolphinscheduler#521)
• 96e2315 chore(release): 5.1.1
• 3b79595 fix: allow to setup empty array (停止工作流，并不能停止任务进程 (任务进程是常驻类型) apache/dolphinscheduler#425)
• 5df649c chore(release): 5.1.0
• c936416 refactor: tests (It is recommended that the timing management icon be grayed out if the process does not add timing apache/dolphinscheduler#421)
• 08a4d7f docs: fix
• 8b13bc3 refactor: improve schema
• d155dd0 docs: update ignore instructions (The previous step mysql query the list data as the input of the next step（前步骤mysql查询出的列表数据作为后一步的输入） apache/dolphinscheduler#410)
• 45780be docs: example for placeholders in `to` (项目之间的依赖 apache/dolphinscheduler#420)
• 452539a feat: validate options (Create a file online, the hdfs file is not created, but it returns success（在线创建文件，hdfs文件未创建，却返回成功） apache/dolphinscheduler#419)
• 4826e56 fix: better to determine when glob is used
• 51c3680 docs: issue 408 (merge from branch-1.0.2 apache/dolphinscheduler#418)
• f6f72a7 chore(deps): update
• 0675847 chore(release): 5.0.5
• 9146c2a docs: fix typo (Timing is easy to time every second. After the timing is completed, you can display the next trigger time on the page.(定时很容易定时每秒一次，定时完成以后可以在页面显示一下下次触发时间) apache/dolphinscheduler#401)
• 3103940 refactor: minor code refactor (HadoopUtils specifies user actions instead of **Deploying users（HadoopUtils指定用户操作，而不是 **部署用户） apache/dolphinscheduler#399)
• c546871 perf: improvement for webpack@5 (update images in system user documents apache/dolphinscheduler#406)
• 5db376b chore(deps): update (git test apache/dolphinscheduler#409)
• 806eb41 docs: fix broken fragment links (Administrator, with tenant (install.sh set default tenant), can create resources, projects and data sources (limited to one administrator)（管理员，有租户（install.sh设置默认租户），可以创建资源、项目和数据源（限制有一个管理员）） apache/dolphinscheduler#398)
• 6158483 chore(release): 5.0.4
• cd0e9f5 docs: clarify plugin description (For a fault-tolerant recovery process, the status cannot be ** running（对于容错恢复的流程，状态不能为 **正在运行） apache/dolphinscheduler#395)
• f848140 test: refactor (When the master&worker is deployed on the same machine, if the master&worker service is restarted, the previously scheduled tasks cannot be scheduled.（master&worker部署在同一台机器上时，如果重启master&worker服务，会导致之前调度的任务无法继续调度） apache/dolphinscheduler#394)
• ff0c736 refactor: tests (Multi-machine deployment task cannot be executed, error message "task instance dose not set host"(多机部署任务无法执行，错误提示 “task instance dose not set host“) apache/dolphinscheduler#393)

See the full diff

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file ([BUG] jar包冲突Correct the classpath of your application so that it contains a single, compatible version of javax.servlet.ServletContext apache/dolphinscheduler#860)
• e7525c9 test: nested url (How to reduce incubator-dolphin scheduler front-end Vue framework base dependency packages（如何减少incubator-dolphinscheduler前端vue框架基础依赖包） apache/dolphinscheduler#859)
• 7259faa test: css hacks ([BUG][#857]repair cross-project dependency delete bug apache/dolphinscheduler#858)
• 5e6034c feat: allow to filter import at-rules ([BUG] Cross-project dependency delete bug(跨项目流依赖删除有异常) apache/dolphinscheduler#857)
• 5e702e7 feat: allow filtering urls (Fix the en doc link. apache/dolphinscheduler#856)
• 9642aa5 test: css stuff (Highlight the mail list as high priority contact channel. apache/dolphinscheduler#855)
• 3338656 fix: reduce number of require for url ([fix bug][#847] Update pom.xml apache/dolphinscheduler#854)
• 533abbe test: issue 636 (增加打开yarn页面的功能 apache/dolphinscheduler#853)
• 08c551c refactor: better warning on invalid url resolution ([BUG] HDFS-HA connect fail  apache/dolphinscheduler#852)
• b0aa159 test: issue update i18n apache/dolphinscheduler#589 (增加功能： 项目管理－>任务实例:当任务类型为SPARK　和FLINK时,增加跳转到查看yarn页面的功能 apache/dolphinscheduler#851)
• f599c70 fix: broken unucode characters ([Bug]当两个人同时登陆admin账户的时候，其中一个人退出账户之后，另一个也会被迫退出 apache/dolphinscheduler#850)
• 1e551f3 test: issue 286 ([Feature]项目授权过粗，结合问题#848查看 apache/dolphinscheduler#849)
• 419d27b docs: improve readme ([Feature]跨项目引用工作流问题 can`t quote flows from a another project apache/dolphinscheduler#848)
• d94a698 refactor: webpack-default ([BUG] fastjson版本过低，存在安全漏洞 apache/dolphinscheduler#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes ([Feature]同一项目下，跨工作流引用节点的问题 apache/dolphinscheduler#845)
• 8a6ea10 refactor: postcss plugins ([BUG] 中文文档中看到，创建租户会自动在worker上创建linux用户，但在实际的使用中，并没有创建  apache/dolphinscheduler#844)
• fdcf687 fix: url resolving logic (补数据时，无法从UI上看到补数日期，这个希望能够新增下相关功能 can't see the very date when make up history data from UI apache/dolphinscheduler#843)
• 889dc7f feat: allow to disable css modules and disable their by default ([FEATURE][#841]Add HTTP components（添加HTTP组件） apache/dolphinscheduler#842)
• ee2d253 test: importLoaders option (Add HTTP components apache/dolphinscheduler#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (appliction_worker.properties logging.config bug fix apache/dolphinscheduler#840)
• fe94ebc test: icss reserved keywords (Spark task component only support spark1.X using sprak-submit, not suitable for spark2 apache/dolphinscheduler#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin ([BUG] start_all.sh execute failed apache/dolphinscheduler#838)

See the full diff

Package name: echarts

The new version differs by 250 commits.

• 1c70026 Merge pull request [Improvement-15744][parameter] project parameter add update time and update user id apache/dolphinscheduler#15745 from apache/release-dev
• 21d6317 release 5.2.1
• 5ff6216 Merge pull request [CI] Frontend ci require passed before merge apache/dolphinscheduler#15735 from apache/series-type-register
• a11d9af feat(type): provide ability to extend series option
• b29726d Merge pull request [CI] Fix ui build error apache/dolphinscheduler#15732 from apache/master
• 6384acf Merge pull request [Bug] [preferences] Project Preferences is enabled, but when manual start workflow, worker group and tenant still is default. apache/dolphinscheduler#15731 from apache/fix-line-animation
• 4824ada fix(line): fix animation is not stopped when direct update points.
• 26e9a95 Merge pull request [Improvement-15719] Remove the useless methods in ProcessUtils apache/dolphinscheduler#15720 from apache/fix-legend-symbol-keep-aspect
• 5d667ec Merge pull request [Question] Javac not found in Java task apache/dolphinscheduler#15722 from williamorim/ptBRlang
• add3f76 chaging double quotes for single quotes
• b98affc Adding pt-BR lang file
• 6641951 Merge pull request [Bug] Using the subprocess node, after the sub-node ends, the task will not be executed backwards apache/dolphinscheduler#15683 from apache/fix-tooltip
• 35e3511 fix(legend): add back symbolKeepAspect. optimize code logic.
• 233d2a1 Merge pull request [Bug] [Plugins] the readme.md of pulgins module exist world spell error  apache/dolphinscheduler#15715 from apache/fix-test
• 3bea75a test: optimize test cases for visual regression test
• bdafcbc Merge pull request [Bug] [service] built-in parameters like '$[yyyy-MM-dd]' defined in shell task scripts do not work when the task does not set any parameters apache/dolphinscheduler#15711 from apache/fix-line-gradient
• fde66ec Merge pull request [Improvement][Spark] Support Local Spark Cluster apache/dolphinscheduler#15589 from apache/fix-polar
• fc507c0 test(polar): update test case
• d88f7cb Merge pull request [Improvement-15707][Master] Work out the issue that the workflow with a task dependency couldn't work well.  apache/dolphinscheduler#15712 from apache/axis-hide-overlap
• 7dbf36c fix(time): add `axisLabel.hideOverlap`
• 344b648 fix(line): soft clipping gradient.
• 01bf5f1 Merge pull request [Bug][dolphinScheduler-task-seatunnel] Script suffixes can be .conf or .json apache/dolphinscheduler#15706 from apache/fix-sunburst
• dd1890b fix(sunburst): improve code
• c5fcf82 fix(sunburst): radius in levels

See the full diff

Package name: globby

The new version differs by 33 commits.

• 878ef6e 10.0.0
• 3706920 Upgrade `fast-glob` package to v3 ([Snyk] Security upgrade async-validator from 1.12.2 to 4.0.4 #126)
• 8aadde8 Add `globby.stream` ([Snyk] Fix for 1 vulnerabilities #113)
• 2dd76d2 Remove `**/bower_components/**` as a default ignore pattern
• 9f781ce Require Node.js 8
• 04d51bf Upgrade `ignore` package ([Snyk] Security upgrade io.grpc:grpc-netty from 1.9.0 to 1.42.0 #120)
• 2b61484 Readme tweaks
• ff3e1f9 Tidelift tasks
• 31f18ae Create funding.yml
• 33ca01c Fix using the `gitignore` and `stats` options together ([Snyk] Security upgrade commons-httpclient:commons-httpclient from 3.0.1 to 3.1 #121)
• c737820 Minor TypeScript definition improvements
• 82db101 Add Node.js 12 to testing ([Snyk] Security upgrade io.grpc:grpc-netty from 1.9.0 to 1.42.0 #117)
• 766b728 9.2.0
• dc0a49c Refactor TypeScript definition to CommonJS compatible export ([Snyk] Security upgrade echarts from 4.9.0 to 5.2.1 #115)
• 89cee24 9.1.0
• 59f4b48 Add check to ensure `cwd` is a directory ([Snyk] Security upgrade webpack-dev-server from 2.11.5 to 4.0.0 #110)
• 9a9cf1e Add TypeScript definition ([Snyk] Security upgrade node-sass from 4.14.1 to 5.0.0 #111)
• eb26c7e Meta tweaks
• d77a623 Add failing test for [Snyk] Fix for 53 vulnerabilities #105 ([Snyk] Security upgrade node-sass from 4.14.1 to 5.0.0 #108)
• 2294618 Deduplicate identical file patterns ([Snyk] Fix for 8 vulnerabilities #102)
• ba9c267 Add failing test for [Snyk] Fix for 3 vulnerabilities #97 ([Snyk] Fix for 2 vulnerabilities #100)
• 71b9c58 9.0.0
• 39ad0d9 Update dependencies
• d804228 Fix compatibility with latest `dir-glob` release ([Snyk] Fix for 26 vulnerabilities #99)

See the full diff

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option (Set password failed apache/dolphinscheduler#265)
• 8c73761 feat: `preprocessor` option (Is there a stand-alone version for debugging on windows?（请问有没有单机版方便在windows上调测） apache/dolphinscheduler#263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update (Hello author, I would like to ask, about the sub-process type can not run（你好作者，我想请问一下，关于子流程类型无法运行的问题） apache/dolphinscheduler#260)
• 9835bde feat: supports `link:href` attribute for css (Code directory structure - recommended by module（代码目录结构-建议按模块分开） apache/dolphinscheduler#258)
• 7af2eff refactor: improve schema (Tenant deletion causes the page user list to not be displayed（租户删除导致页面用户列表显示不出来） apache/dolphinscheduler#257)
• 98412f9 docs: `filter` sources (Child process parameter display exception（子父流程参数显示异常） apache/dolphinscheduler#256)
• ff0f44c feat: implement the `filter` option for filtering some of sources (The interval complement display exception, the child parent process global parameter (if the child parent process key is the same, retain the sub-process key; if the sub-process key exists, the parent process key does not exist, save the sub-process key; if the sub-process key does not exist, the parent process Key exists, keep the parent process key)（区间补数显示异常、子父流程全局参数（如果子父流程key相同，保留子流程key；如果子流程key存在，父流程key不存在，保存子流程key；如果子流程key不存在，父流程key存在，保留父流程key）） apache/dolphinscheduler#255)
• 1c24662 refactor: move the `root` option under the `attributes` option (Batch deletion of process instances（流程实例批量删除） apache/dolphinscheduler#254)
• 888b8fe docs: add footnote for `-attributes` (remove jasper-runtime-5.5.23.jar dep apache/dolphinscheduler#252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags (Process monitoring, project-running process, process-running task（流程监控，项目-运行的流程，流程-运行的task） apache/dolphinscheduler#253)
• 9e5ce56 perf: improve source parse (Provide custom pass parameters when starting manually（手动启动时提供自定义传参数功能） apache/dolphinscheduler#251)
• c9c8dad refactor: improve source parse (ambari plugin（ambari插件） apache/dolphinscheduler#250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources (API documentation（API 文档） apache/dolphinscheduler#247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters (Looking at the current source code and features, there is no need for priority between workflows（看了目前的源码和功能，没有工作流程之间的优先级的需求） apache/dolphinscheduler#244)
• 24b0427 fix: parser tags and attributes according spec (Branch 1.0.2 apache/dolphinscheduler#243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: node-sass

The new version differs by 90 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 ([Feature-3222][datasource] Store password in ciphertext instead apache/dolphinscheduler#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 ([Future#3253][Display website title favicon.ico apache/dolphinscheduler#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (One workflow execute with multiple groups of parameters apache/dolphinscheduler#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 ([BUG] This may cause inconsistent behavior apache/dolphinscheduler#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 ([Feature-3223][ui]Click DAG connection to add label function apache/dolphinscheduler#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 ([bugFix] ambari plugin the config options which unit doesn't write into config file apache/dolphinscheduler#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (如何控制单台Worker的并发执行任务的数量 apache/dolphinscheduler#3149)
• e80d4af chore: Drop EOL Node 15 (Can you change the ResourceManager HTTP port to a configuration file,thank you apache/dolphinscheduler#3122)
• d753397 feat: Add Node 17 support (dag add close buttion apache/dolphinscheduler#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 2 commits.

• 662dfb7 3.2.1
• 7ab5e15 Upgrade cssnano dependency

See the full diff

Package name: postcss-loader

The new version differs by 27 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (update documents apache/dolphinscheduler#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (定时任务 apache/dolphinscheduler#375)
• 114db12 docs(README): add autoprefixing example (Service monitoring function（服务监控功能） apache/dolphinscheduler#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (Front-end one-click deployment script supports ubuntu（前端一键部署脚本支持ubuntu） apache/dolphinscheduler#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (Project increase process definition statistics and running process instance statistics（ 项目增加流程定义统计和运行流程实例统计） apache/dolphinscheduler#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (When the scheduled task is resumed across days, the time parameter is incorrect.（跨天恢复执行定时任务时，时间参数不对） apache/dolphinscheduler#379)

See the full diff

Package name: uglifyjs-webpack-plugin

The new version differs by 1 commits.

• 266bb1c chore(release): 2.0.0

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` ([Snyk] Fix for 1 vulnerabilities #87)
• 636ebed feat: add `fallback` option ([Snyk] Security upgrade org.apache.hadoop:hadoop-client from 2.7.3 to 3.3.0 #88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) ([Snyk] Fix for 4 vulnerabilities #89)
• 2de70bb docs(README): fix typo in example ([Snyk] Security upgrade webpack from 3.12.0 to 4.0.0 #81)
• ced5990 feat(index): add options validation (`schema-utils`) ([Snyk] Security upgrade copy-webpack-plugin from 4.6.0 to 6.0.0 #78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request [Feature][UI Next] Add e2e to security token manage page. apache/dolphinscheduler#8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request [Bug][API] fix ProcessDefinition update error #8334  apache/dolphinscheduler#8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request [Bug][API] fix ProcessDefinition update error #8334 apache/dolphinscheduler#8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context