[Snyk] Fix for 1 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/subproviders/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nyc

The new version differs by 173 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (Cannot install 0x-monorepo with yarn 0xProject/0x-monorepo#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn (Update wsrun to the latest version 🚀 0xProject/0x-monorepo#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports ([instant] fix provided orders 0xProject/0x-monorepo#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases ([bug] Error: Contract call failed (returned null) 0xProject/0x-monorepo#1240)
• f3c9e6c chore: Temporarily pin test-exclude ([instant] Handle privacy mode in wallets 0xProject/0x-monorepo#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. ([instant] Request account address and balance at mount 0xProject/0x-monorepo#1232)
• 7307626 chore: Remove cp-file module ([instant] Dropdown Component Skeleton 0xProject/0x-monorepo#1230)
• dfd629d fix: Better error handling for main execution, reporting ([instant] Dismissible overlay for mobile errors 0xProject/0x-monorepo#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir ([instant] Viewport specific errors 0xProject/0x-monorepo#1228)
• a1dee03 chore: Update yargs (Implement MultiAssetProxy 0xProject/0x-monorepo#1224)
• 8078a79 chore: Fix 404 in README.md. ([instant] Prevent CSS leakage 0xProject/0x-monorepo#1220)
• 7a02cb7 chore: Add enterprise language ([asset-buyer] Lower default expiryBuffer from 5 minutes to 2 minutes 0xProject/0x-monorepo#1217)
• ea94c7f chore: Remove unused functions (validateOrderFillableOrThrowAsync swallows errors and returns incorrect RevertReason 0xProject/0x-monorepo#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README ([instant] Add Select Token mode, animation abstractions, and basic token selection panel 0xProject/0x-monorepo#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files ([order_utils.py] is_signature_valid, via Exchange contract 0xProject/0x-monorepo#1216)
• f890360 docs: Fix URL to default excludes in README.md (npm install 0x.js delivers a broken 0x.js (node) 0xProject/0x-monorepo#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps ([website] Prepare website for breaking MetaMask change for EIP 1102 0xProject/0x-monorepo#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers ([instant] Gas price estimate 0xProject/0x-monorepo#1198)
• cc77e13 chore: Add `use strict` to all except fixtures ([instant] Add REP to assetMetaDataMap and add it to provided orders 0xProject/0x-monorepo#1197)
• bcbe1df chore: Update dependencies ([instant] Add default gasPrice of 6 gwei to transactions 0xProject/0x-monorepo#1196)
• 2735ee2 chore: 100% coverage (@0x/subproviders Doesn't Work With Angular 6 When Doing Production Builds For Client or Server 0xProject/0x-monorepo#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup ([instant] Disable input when processing 0xProject/0x-monorepo#1194)

See the full diff

Package name: typedoc

The new version differs by 250 commits.

• bde0b6a chore: Bump version to 0.21.0
• 83a7eef chore: Sort thanks in changelog
• 371e035 chore: Upgrade dependencies
• a618f20 Merge remote-tracking branch 'origin/master' into beta
• 6b69252 chore: Bump version to 0.20.37
• 0e8d429 fix: Pin `marked` dependency to 2.0.x (Allow using Web3Factory in-process Ganache with existing snapshot 0xProject/0x-monorepo#1602)
• 90cd4a0 chore: Bump version to 0.21.0-beta.4
• 6789331 chore: Remove outdated note in readme
• 1b1cd14 fix: Correctly handle comments on function type aliases
• 1dc5659 fix: Setters should always have a `void` return type
• d9e66b2 chore: Bump version to 0.21.0-beta.3
• 3f39508 fix: Resolve paths in option files according to the config directory
• 858b231 chore: Refactor tests to reduce runtime
• ec18bb0 Revert "feat: Add disableAliases option (Add transactionHashUtils to order-utils package 0xProject/0x-monorepo#1576)"
• 6d215df feat: Improve monorepos by adding support for TS entry points (Sol-compiler bug fixes 0xProject/0x-monorepo#1596)
• f95e456 chore: Bump version to 0.21.0-beta.2
• e142f00 chore: Fix lint
• 9f56423 chore: Fix lint
• 269cf08 chore: Move package tests into TD repo
• 15c0552 feat: Support for monorepos
• 2c2b91b chore: Bump beta version
• 9e94e5c chore: Fix tests when compiling with strict=false
• b2165d3 chore: Upgrade beta version
• 5a6a125 chore: Upgrade prettier

See the full diff

Package name: web3-provider-engine

The new version differs by 71 commits.

• 8886a30 15.0.1
• 7bb1c5f Merge pull request [Snyk] Fix for 17 vulnerabilities #318 from rekmarks/node-10
• fc922b6 deps - git branch to published versions
• 734e37d update packages, node-10
• 5f7acf6 15.0.0
• eeefd6f subp - fetch - use eth-json-rpc-middleware/fetch
• c1b1ff0 deps - update eth-json-rpc-filters for fixes
• 8706748 subp - subscriptions - use eth-json-rpc-filters implementation and auto-forward notifications
• 717ac2e subp - json-rpc-engine-middleware - fix for next with no handler
• a17a32f eth-block-tracker@4 + cache/inflight from eth-json-rpc-middleware
• 24e4f18 14.2.0
• bb3b5ff readme - remove old rpc method support notes
• f993b3f Merge pull request [Snyk] Fix for 2 vulnerabilities #290 from pospi/master
• d36be27 Merge branch 'master' into master
• 20eeb02 Merge pull request [Snyk] Security upgrade @0x/mesh-rpc-client from 7.0.4-beta-0xv3 to 8.1.0 #287 from noelyoo/safe-buffer
• dedbae4 Merge pull request [Snyk] Fix for 24 vulnerabilities #297 from slyfox42/master
• 7bca922 Merge pull request [Snyk] Security upgrade web3-provider-engine from 14.0.6 to 16.0.6 #299 from anxolin/handle-testrpc-revert
• 9a3b3d4 Merge pull request [Snyk] Fix for 5 vulnerabilities #293 from BitskiCo/fix/kovan-subscriptions
• daa0cfe Merge pull request [Snyk] Security upgrade @0x/base-contract from 6.5.0 to 7.0.0 #295 from axic/wallet-comparison
• cd0efdb Merge pull request [Snyk] Fix for 17 vulnerabilities #302 from radotzki/pr/gas-options
• f1d33a1 feat/hooked-wallet customize gas + estimateGas
• e90af04 lint - lint fixes + include lint in tests
• ab4506f Merge branch 'master' of github.com:MetaMask/provider-engine
• f5b838a Merge pull request [Snyk] Fix for 1 vulnerabilities #250 from mvayngrib/lint

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request #11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request #11690 from webpack/bugfix/11673
• 234373e Merge pull request #11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request #11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request #11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request #11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request #11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request #11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
@types/depcheck	0.6.0	None	+0	4.28 kB	types
types-bn	0.0.1	None	+0	39.4 kB	ukstv
@balancer-labs/sor	0.3.2	eval, environment	+4	5.88 MB	mikeraymcdonald
nyc	15.1.0	environment	+74	6.71 MB	coreyfarrell
@types/require-from-string	1.2.0	None	+0	3.28 kB	types
@types/nock	10.0.3	None	+2	1.1 MB	types
@types/prettier	1.15.2	None	+0	17.9 kB	types
rimraf	2.6.2	None	+0	15.1 kB	isaacs
solidity-parser-antlr	0.4.11	None	+0	901 kB	federicobond
jest	24.9.0	None	+8	342 kB	scotthovestadt
babel-plugin-transform-object-assign	6.22.0	None	+0	2.91 kB	hzoo
@types/uuid	3.4.3	None	+2	1.1 MB	types
ethereumjs-vm	4.0.0	None	+10	11.5 MB	holgerd77
@0x/order-utils	10.4.28	None	+112	15.4 MB	dorothy-zbornak
hdkey	0.7.1	None	+0	23.5 kB	jprichardson
lerna	3.4.3	None	+20	6 MB	evocateur
@0x/orderbook	2.2.7	None	+25	7.71 MB	xianny
istanbul	0.4.5	filesystem, environment	+2	393 kB	gotwarlost
@0x/contracts-utils	4.8.52	None	+90	14 MB	tobernguyen
moment	2.21.0	None	+0	2.54 MB	marwahaha
@0x/contracts-zero-ex	0.2.0	None	+64	21.6 MB	xianny
polished	1.9.2	None	+0	2.36 MB	bhough
tslint-eslint-rules	5.4.0	None	+2	847 kB	jmlopez-rod
shx	0.2.2	None	+50	7.1 MB	nfischer
@ledgerhq/hw-transport-node-hid	4.7.6	None	+2	120 kB	lohek
websocket	1.0.29	None	+12	715 kB	theturtle32
web3-provider-engine	15.0.1	None	+31	8.07 MB	kumavis
babel-preset-env	1.7.0	None	+2	108 kB	existentialism
js-sha3	0.7.0	None	+0	48 kB	emn178
typedoc	0.21.10	eval, network, shell	+10	78.7 MB	gerrit0
typescript	4.4.4	None	+0	62.7 MB	typescript-bot