[Snyk] Fix for 37 vulnerabilities

[UbuntuEvangelist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (Update chardet to 3.0.3 pypi/warehouse#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (Update google-auth to 0.9.0 pypi/warehouse#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Update setuptools to 34.0.3 pypi/warehouse#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Update transaction to 2.1.1 pypi/warehouse#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Update setuptools to 34.0.2 pypi/warehouse#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (Update elasticsearch dsl 5.0.0 to 5.1.0 pypi/warehouse#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Bump theme to 1.37 pypi/warehouse#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Update needle to 0.4 pypi/warehouse#1609)

See the full diff

Package name: gulp-image

The new version differs by 134 commits.

• f2cc810 6.3.0
• 9371d80 chore: add files field
• 903000e chore(deps): update dependencies
• 88ecb0f chore(deps): update dependencies
• 4e5bf8c refactor: use p-event to deprecate test.cb()
• 542b78d build(deps-dev): bump xo from 0.44.0 to 0.45.0
• 41d4316 test: tweak CI
• 4e1e143 docs: fix badge url
• 8fd2ac3 fix: fix lint issues
• 55560c8 chore(deps): update dependencies
• afd9121 refactor: use native ESM
• 71c04a3 Upgrade to GitHub-native Dependabot
• 764fd72 chore(deps): fix several dependencies
• 731b4e9 chore: update svgo
• 03f6276 chore: update lockfileVersion
• d7224a7 fix: fix lint issues
• 8171f51 build(deps-dev): bump xo from 0.36.1 to 0.37.1
• b7b83e1 build(deps): bump pretty-bytes from 5.4.1 to 5.5.0
• f84af02 build(deps-dev): bump ava from 3.14.0 to 3.15.0
• 7705905 chore(deps): update xo
• 9003c0b build(deps): [security] bump ini from 1.3.5 to 1.3.7
• ccfd32b build(deps-dev): bump ava from 3.13.0 to 3.14.0
• 17087e4 refactor: use GitHub Actions instead of Travis CI
• 5bb33de chore: drop Node.js 10 support

See the full diff

Package name: gulp-rev-all

The new version differs by 4 commits.

• 7a37fb0 Release v0.9.8
• 1eaf320 Merge pull request Added stuff, need to figure out how to alter the ENUM pypi/warehouse#183 from demurgos/issue-182
• 7ec8f04 Drop dependency on deprecated `gulp-util`
• bd241e8 Add keywords

See the full diff

Package name: gulp-sass

The new version differs by 42 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (Fix CSS errors pypi/warehouse#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (Enable "forever" caching of static assets pypi/warehouse#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (Remove generated files & Misc fixes pypi/warehouse#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options
• 0b3c7e7 4.0.1
• daca90d Merge pull request Support package upload with a SHA-256 checksum pypi/warehouse#681 from DKvistgaard/master
• 71471c2 Declaring logError as function instead of arrow function.
• 450a7b8 4.0.0
• e9b1fe8 Fix node versions in appveyor.yml
• 44be409 Merge pull request Only strip headers on edge nodes, not on shield nodes. pypi/warehouse#667 from dlmanning/next
• 7656eff Adopt airbnb eslint preset
• 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
• 9fa817b Bump gulp-sourcemaps@^2.6.4

See the full diff

Package name: gulp-sequence

The new version differs by 1 commits.

• c2067a8 update dependencies, remove gulp-util, as [Snyk] Security upgrade webpack from 2.1.0-beta.27 to 3.11.0 #12

See the full diff

Package name: gulp-watch

The new version differs by 7 commits.

• 80cd83e 5.0.1
• 6fe8912 Replace deprecated gulp-util (Don't recurse into the docs directory looking for tests pypi/warehouse#303)
• 959128a 5.0.0
• 9208d48 Bump chokidar to ^2.0.0
• 02bd06d Update to newest vinyl for gulp 4 support (migrating package insert/update methods from pypi  pypi/warehouse#296)
• 4ced696 Add Node.js 9 and increase timeout to 5 secs
• aa8146f Remove unsupported versions of Node.js

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request Bump types-redis from 4.2.6 to 4.3.1 pypi/warehouse#11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request Bump boto3-stubs from 1.24.9 to 1.24.10 pypi/warehouse#11603 from MayaWolf/master
• 76e8cbd Merge pull request Bump boto3 from 1.24.9 to 1.24.13 pypi/warehouse#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request Bump types-redis from 4.2.6 to 4.3.0 pypi/warehouse#11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request Bump types-pytz from 2021.3.8 to 2022.1.0 pypi/warehouse#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request Bump boto3 from 1.24.9 to 1.24.12 pypi/warehouse#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request Bump botocore from 1.27.9 to 1.27.10 pypi/warehouse#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request Bump boto3 from 1.24.9 to 1.24.11 pypi/warehouse#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request Bump babel from 2.10.2 to 2.10.3 pypi/warehouse#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request Bump types-redis from 4.2.6 to 4.2.7 pypi/warehouse#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request Bump botocore from 1.27.9 to 1.27.11 pypi/warehouse#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-stream

The new version differs by 30 commits.

• 7aa049a v4.0.1
• 5b92d84 Update copyright year
• 0859da6 Updating deps
• 8bb72bc Merge pull request Return a 0 download count when there are no packages pypi/warehouse#176 from demurgos/issue-175
• c94ad9c Drop dependency on deprecated `gulp-util`
• 38445b1 Remove node 0.10 and add latest node version
• b445690 v4.0.0
• 69ee9e0 Last of the manual release history
• d327ac7 Test on more travis versions
• eca18b1 Merge branch 'master' of github.com:shama/webpack-stream
• 6ec5dcf Merge pull request Add Deployment Documentation pypi/warehouse#155 from sirlancelot/patch/update-dependencies
• 59b734a Update backwards compat deps to latest
• 711fd52 Merge branch 'master' of github.com:shama/webpack-stream
• ab27f87 Merge pull request Move from /~username/ to /user/username/ pypi/warehouse#129 from renaesop/master
• 5f76f26 Merge pull request Remove the plural from the url pypi/warehouse#123 from Simek/patch-1
• 0743db0 Merge pull request Setup the Contributing documentation in Sphinx pypi/warehouse#140 from logicrebel/peetersdiet-readme-multi-compiler
• 7121ea1 Merge pull request Legacy xml rpc pypi/warehouse#143 from FrancescElies/patch-1
• 1d90268 Update copyright year
• ad685b7 Merge pull request Ensure that a maintainer account only shows up once in the list pypi/warehouse#137 from renminghao/master
• 25b953b Merge pull request Warehouse Home page pypi/warehouse#126 from jeroennoten/patch-1
• 2e35808 Fix lint warning
• 096119b Add Webpack to devDependencies; fix tests
• 2f5009c Update dependencies
• 6d1cb17 Move Webpack out of dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn