[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/amplify-ui/package.json
  • packages/amplify-ui/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change
	Information Disclosure SNYK-JS-KINDOF-537849	Yes

Commit messages

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request Added icon unit tests and additional storybook aws-amplify/amplify-js#3988 from malstoun/bug/2664
• 260e413 Merge pull request Customising how authentication error messages are displayed aws-amplify/amplify-js#3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request Should subscribe be working for <Connect>? aws-amplify/amplify-js#3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request Storage.put should accept base64 strings aws-amplify/amplify-js#3977 from malstoun/bug/2664
• fc1a43b Merge pull request Disabled autocomplete when resetting password for new password field aws-amplify/amplify-js#3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request removing empty line aws-amplify/amplify-js#3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request Bump nokogiri from 1.8.2 to 1.10.4 in /docs aws-amplify/amplify-js#3969 from webpack/bugfix/issue-3964

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 298341f chore(release): 2.11.4
• c42d0da fix: check origin header for websocket connection (doc update: Directly go to Google/Facebook Login page and attributes verification aws-amplify/amplify-js#1626)
• 2be7196 chore: update dependencies in V2 branch, fix compatibility with Node 10 (user.completeNewPasswordChallenge is not a function aws-amplify/amplify-js#1715)
• 7cdfb74 2.11.3
• b71137e Increase sockjs-client version for security fix
• f33be5b 2.11.2
• dd32166 Fix support for DynamicEntryPlugin (Documentation interactions aws-amplify/amplify-js#1319)
• ab4eeb0 Fix page not reloading after fixing first error on page (amplify-js and ionic 3 Cannot find name 'Buffer'. aws-amplify/amplify-js#1317)
• 83c1625 2.11.1
• 3aa15aa Merge pull request AWSPinpointProvider - ensure credentials error : "cannot get guest credentials when mandatory signin enabled" aws-amplify/amplify-js#1273 from yyx990803/master
• b78e249 fix: pin strip-ansi to 3.x for ES5 compat
• 8c1ed7a 2.11.0
• b0fa5f6 Merge pull request Incorrect filepath when Importing AWSIoTProvider aws-amplify/amplify-js#1270 from yyx990803/client-refactor
• 676d590 revert to prepublish (fix ci)
• 449494f cleanup client build setup
• 6689cb8 adding test for dependency lock-down
• 3e220fe 2.10.1
• aaf7fce rollback yargs to 6.6.0
• ca8b5aa 2.10.0 (Option to Retrieve Social Profiles When Using withFederated Component from aws-amplify-react aws-amplify/amplify-js#1258)
• 17355f0 transpile client bundles with babel (pushnotification not found in '@aws-amplify/pushnotification' aws-amplify/amplify-js#1242)
• ce30460 rolling back webpack-dev-midddleware 2.0, as it's node6+
• 00e8500 updating deps and patching as necessary
• 082ddae maint only mode
• c9c61f2 fix(package): Increase minimum `marked` version for ReDos vuln (error dispatching auth event to LoginListener aws-amplify/amplify-js#1255)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic