[Snyk] Fix for 22 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/app/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: airtable

The new version differs by 98 commits.

• aead7b0 Fix bug with release scripts and git status
• 217cd20 airtable.js: add newline to end of package.json
• e7d7c07 Fix deploy_part_2_do_deploy master prerelease check
• 411296f Release Airtable.js v0.9.0
• 212d99a Remove Promise Polyfill
• df8a0e6 Add parse json body to response object
• 81fc8f3 Preserve error handling behavior for bodyless err
• e75f09b Add test to handle errors with empty bodies
• 0be07ab Preserve behavior from request library
• 8ef7814 Add test for requests with empty bodies
• b4b878f Add additional spelling fix in README.md
• ba1881f Fix grammer in README
• e87ed66 Minor fixes from review
• d75454b Add polyfills for older browser versions
• b9e8bef Add docs to README about requirements
• 939eda0 Ensure airtable.js browser build works
• c133215 Replace second use of requests module
• dc9c094 Ensure fetch works in node 8
• 40e89ff Add test of timeout abort
• 4ff6ac8 Rebuild the test/test_files/airtable.browser.js
• fbbdeaa Add back timeout to request
• c784122 Replace deprecated request library with node-fetch
• 5da4872 Add test of retry if hitting rate limit
• a2f4967 Add test for custom user agent header if browser

See the full diff

Package name: babel-jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: babel-plugin-codegen

The new version differs by 2 commits.

• 1b17619 feat: drop direct babel dependency + allowing dynamicImport, objectRestSpread ([Snyk] Security upgrade lodash from 4.17.11 to 4.17.21 #12)
• 29c7b51 chore: upgrade deps

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (fix: add vendor prefix for file tab styling codesandbox/codesandbox-client#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (Reset isForkingSandbox on error codesandbox/codesandbox-client#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Fix(homepage): Second picked sandbox doesn't open in explore codesandbox/codesandbox-client#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Error: "Invalid regular expression... Range out of order in character class" codesandbox/codesandbox-client#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Update prettier to 16.6.4 codesandbox/codesandbox-client#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (Stock vue template has a Babel error codesandbox/codesandbox-client#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Storybook codesandbox/codesandbox-client#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Search Improvements codesandbox/codesandbox-client#1609)

See the full diff

Package name: gulp-postcss

The new version differs by 15 commits.

• 9166fdb Release 7.0.1
• 0af46f5 Merge pull request [Snyk] Security upgrade nginx from 1.16.1-alpine to 1.22-alpine #137 from ohbarye/drop-dependency-on-gulp-util
• 6f15b51 Drop dependency on gulp-util
• 3a1d0df Merge pull request [Snyk] Fix for 1 vulnerabilities #126 from gucong3000/coverage
• 2748681 fix eslint error, add test case
• 355d90b add coverage report
• 2cb352f Release 7.0.0
• 8dd0235 Merge pull request [Snyk] Security upgrade jest from 24.9.0 to 25.0.0 #116 from postcss/postcss60
• 18e31d8 Use PostCSS 6.0 and drop node 0.12
• 96f6d24 Merge pull request [Snyk] Security upgrade socket.io-client from 2.3.0 to 2.4.0 #113 from gucong3000/eslint
• 7c5e513 npm install --save-dev mocha@3.3.0 sinon@2.2.0
• 2b319cb fix broke tests for node 0.12
• 4201543 add `eslint`
• dd03625 Merge pull request [Snyk] Security upgrade mocha from 3.5.3 to 4.0.0 #112 from jorrit/patch-1
• 28e20ef Cleanup NPM package

See the full diff

Package name: gulp-rev

The new version differs by 21 commits.

• bb3a3fd 8.1.1
• e46406b Replace gulp-util with smaller modules ([Snyk] Fix for 1 vulnerabilities #237)
• 6c9bcac Remove Code Sponsor
• fe0c551 8.1.0
• 47ffbe0 Bump `rev-path`
• fc74b5b Try out Code Sponsor
• cdf63fa Pass resolved, absolute paths to relPath() ([Snyk] Security upgrade mocha from 5.2.0 to 9.2.2 #220) ([Snyk] Security upgrade mocha from 6.0.2 to 9.2.2 #222)
• 567c340 Update readme.md ([Snyk] Security upgrade nginx from 1.16.1-alpine to 1.23.2-alpine #224)
• 898dffc 8.0.0
• d290ff8 Meta tweaks
• a89f0df Make tests independent of platform specific path separator ([Snyk] Security upgrade mocha from 2.5.3 to 3.0.0 #219) ([Snyk] Security upgrade nginx from 1.16.1-alpine to 1.22.1-alpine #221)
• 71a0377 Add a note about non-deterministic streams order ([Snyk] Security upgrade mocha from 5.2.0 to 9.2.2 #213)
• f5ee9ee Meta tweaks
• 731be70 Move list of maintainers into the readme for visibility
• 192a075 Meta tweaks
• 7acdb13 Move tests from Mocha to AVA ([Snyk] Security upgrade mocha from 5.2.0 to 9.2.2 #212)
• 82c185c More realistic example ([Snyk] Security upgrade mocha from 5.2.0 to 10.1.0 #203)
• 02fbeba add XO badge
• 8686e62 [breaking] ES2015ify and require Node.js 4
• ed53cef meta tweaks
• 17d6bb4 docs: change number of approaches ([Snyk] Security upgrade mocha from 5.2.0 to 10.1.0 #196)

See the full diff

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option ([Snyk] Security upgrade tsdx from 0.6.1 to 0.10.1 #265)
• 8c73761 feat: `preprocessor` option ([Snyk] Security upgrade airtable from 0.5.10 to 0.7.2 #263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update ([Snyk] Security upgrade @storybook/react from 5.3.21 to 6.4.13 #260)
• 9835bde feat: supports `link:href` attribute for css ([pull] master from codesandbox:master #258)
• 7af2eff refactor: improve schema ([Snyk] Security upgrade karma from 3.0.0 to 5.0.8 #257)
• 98412f9 docs: `filter` sources ([Snyk] Fix for 3 vulnerabilities #256)
• ff0f44c feat: implement the `filter` option for filtering some of sources ([Snyk] Security upgrade @storybook/react from 5.3.21 to 6.4.13 #255)
• 1c24662 refactor: move the `root` option under the `attributes` option ([Snyk] Fix for 98 vulnerabilities #254)
• 888b8fe docs: add footnote for `-attributes` ([Snyk] Fix for 7 vulnerabilities #252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags ([Snyk] Security upgrade axios from 0.19.2 to 0.21.3 #253)
• 9e5ce56 perf: improve source parse ([Snyk] Security upgrade chromatic from 4.0.3 to 5.6.1 #251)
• c9c8dad refactor: improve source parse ([Snyk] Security upgrade axios from 0.19.2 to 0.21.3 #250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources ([Snyk] Security upgrade karma from 3.0.0 to 5.0.8 #247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters ([Snyk] Fix for 1 vulnerabilities #244)
• 24b0427 fix: parser tags and attributes according spec ([Snyk] Fix for 1 vulnerabilities #243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: jest-each

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (#8850)
• 7594141 chore: upgrade to eslint@6 (#8855)
• b33ce0d chore: upgrade to micromatch v4 (#8852)
• d6ff72a chore: add node 12 to CI (fix: notification bubble codesandbox/codesandbox-client#8411)
• 7e9b4ea chore: upgrade jsdom (#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (feat: add codeium in featured templates codesandbox/codesandbox-client#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
• d523fa8 bug.md: highlights placeholder should be removed (#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (fix: show upgrade button only for admins  codesandbox/codesandbox-client#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
• 012472b fix(docs): Update broken links in docs. (#8847)
• ee2bea1 chore: sort member in imports (#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
• e76c7da docs: update matchMedia methods (#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Package name: jest-image-snapshot

The new version differs by 201 commits.

• 8a37453 chore(release): 6.0.0 [skip ci]
• 79e53fc chore(jest)!: add support for jest v29 ([Snyk] Security upgrade overmind-devtools from 26.0.2 to 29.0.0 #309)
• 916e76f chore(deps): bump chalk from `^1.1.3` to `^4.0.0` ([Snyk] Security upgrade overmind-devtools from 26.0.2 to 29.0.0 #310)
• 52785d7 chore(release): 5.2.0 [skip ci]
• 775ac0a feat: remove snap suffix if use custom identifier ([Snyk] Security upgrade simple-git from 2.48.0 to 3.3.0 #305)
• 1f4be75 chore(release): 5.1.1 [skip ci]
• 6cfa90a chore(dist): remove images from install bundle ([Snyk] Security upgrade overmind-devtools from 26.0.2 to 29.0.0 #307)
• cd4fa73 fix(diff-snapshot): make recievedDir optional ([Snyk] Security upgrade simple-git from 2.48.0 to 3.5.0 #306)
• 63dc4b5 chore(release): 5.1.0 [skip ci]
• cfb81c9 feat: allow storing received screenshot on failure ([Snyk] Fix for 1 vulnerabilities #298)
• c86f75e chore(release): 5.0.0 [skip ci]
• a902a5b chore(jest): upgrade v28
• 435e7e0 chore(deps): bump minimist from 1.2.5 to 1.2.6
• 0ee5c51 chore(deps): bump npm-user-validate from 1.0.0 to 1.0.1 ([Snyk] Security upgrade mocha-junit-reporter from 1.23.3 to 2.1.1 #287)
• bac6125 chore(deps): bump ssri from 6.0.1 to 6.0.2 ([Snyk] Security upgrade @semantic-release/git from 7.0.6 to 7.0.10 #288)
• 1998e8f chore(deps): bump tar from 4.4.13 to 4.4.19
• d700d41 chore(labeler): fix globbing ([Snyk] Fix for 1 vulnerabilities #295)
• c61fa2e chore(labeler): update labeler to proper usage ([Snyk] Fix for 1 vulnerabilities #291)
• 0a98a74 chore(deps): bump node-fetch from 2.6.1 to 2.6.7 ([Snyk] Security upgrade eslint-import-resolver-webpack from 0.8.4 to 0.13.1 #290)
• 6010033 chore(labeler): adding label work flows ([Snyk] Security upgrade socket.io-client from 2.3.0 to 2.4.0 #286)
• 3c7823b chore(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• f343089 chore(deps): bump y18n from 4.0.0 to 4.0.3 ([Snyk] Security upgrade react-dev-utils from 3.1.1 to 7.0.2 #282)
• a69d11a chore(deps): bump tmpl from 1.0.4 to 1.0.5 ([Snyk] Fix for 5 vulnerabilities #280)
• 55bbe7b chore(deps): bump path-parse from 1.0.6 to 1.0.7 ([Snyk] Fix for 1 vulnerabilities #278)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (How to make a sandbox from scratch? codesandbox/codesandbox-client#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (the new Create React APP Release 2.1 does not work with typecript codesandbox/codesandbox-client#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (Truly vanilla project template codesandbox/codesandbox-client#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Add Expand/Collapse to Tests codesandbox/codesandbox-client#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Test codesandbox/codesandbox-client#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (Add sandbox configuration to change default opened file codesandbox/codesandbox-client#1254)
• a7cba2f chore: project maintanance and typescript fix (Listing sandboxes linked to the users Github on their Dashboard codesandbox/codesandbox-client#1247)
• 7748472 chore: ignore package-lock.json and remove its references (Adds Palenight Theme codesandbox/codesandbox-client#1252)
• a014aa7 docs: fix supported arguments & commands link in README (Gatsby Starter Sandbox shows 502 codesandbox/codesandbox-client#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (Scss file resolution error - Error: Could not find /node_modules/terra-mixins codesandbox/codesandbox-client#1238)
• 6cc6a49 chore: post refactor CLI (Container loading screen improvements codesandbox/codesandbox-client#1237)
• 358651e chore: move cli under lerna package (Feature/add console filters codesandbox/codesandbox-client#1225)
• 2dc495a fix(init): fix webpack config scaffold (@import rule codesandbox/codesandbox-client#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (How do I change jest unit test timeout ? codesandbox/codesandbox-client#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (Added alert when saving frozen sandbox codesandbox/codesandbox-client#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (Fix showing "Connection Trouble" warning after fork codesandbox/codesandbox-client#1234)
• 35d1381 tests(generator): enable init generator test (Only a max of 200 modules is allowed in a sandbox codesandbox/codesandbox-client#1233)
• 66cdcb6 chore(generator): remove transpiled tests (Your card was declined. codesandbox/codesandbox-client#1229)
• f29a170 fix(init): fix the invalid package name (Use ref on host component codesandbox/codesandbox-client#1228)
• 8c3a66d chore(cli): updated changelog of v3 (Frozen Github authentication codesandbox/codesandbox-client#1224)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (Do not translate if translation was not requested but the user codesandbox/codesandbox-client#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (Stuck at Creating Repository codesandbox/codesandbox-client#3675)
• 1768d6b fix: initial reloading for lazy compilation (Add FAQ to docs codesandbox/codesandbox-client#3662)
• 4f5bab1 docs: improve examples (Sandbox crashed, asked me to report it. codesandbox/codesandbox-client#3672)
• f2d87fb fix: improve https CLI output (New modals codesandbox/codesandbox-client#3673)
• 0277c5e chore: remove redundant console statements (access sheet: use menu component + add share to nav codesandbox/codesandbox-client#3671)
• 16fcdbc docs: add `ipc` example (CodeSandbox crashed on log-in codesandbox/codesandbox-client#3667)
• 8915fb8 test: add e2e tests for built in routes (Error after login with github codesandbox/codesandbox-client#3669)
• 4d1cbe1 docs: ask `version` information in issue template ([Share/Embed] Multiple modules not supported in link to sandbox (only embed) codesandbox/codesandbox-client#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (codesandbox.io is not working when third party cookies are disabled codesandbox/codesandbox-client#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (Add edit to comments codesandbox/codesandbox-client#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (fix update comments codesandbox/codesandbox-client#3660)
• d8bdd03 test: fix stability (Fix dependency picker hidden behind text codesandbox/codesandbox-client#3661)
• 22b1414 refactor: remove `killable` (hello work codesandbox/codesandbox-client#3657)
• 75bafbf test: add e2e tests for module federation (UI improvements for comments codesandbox/codesandbox-client#3658)
• 493ccbd chore(deps): update `ws` (Fix typecheck error codesandbox/codesandbox-client#3652)
• ae8c523 test: add e2e test for universal compiler (Suspend on logging in. codesandbox/codesandbox-client#3656)
• f94b84f chore(deps): update (vue binding property src not working codesandbox/codesandbox-client#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (Bug on application running in browser tab on page load  codesandbox/codesandbox-client#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (Can't share csb.app links to facebook codesandbox/codesandbox-client#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (Better markdown replies codesandbox/codesandbox-client#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"850ff4a8-02fa-49f4-98da-75fd294a618f","prPublicId":"850ff4a8-02fa-49f4-98da-75fd294a618f","dependencies":[{"name":"@graphql-codegen/cli","from":"1.21.8","to":"2.8.0"},{"name":"airtable","from":"0.5.10","to":"0.9.0"},{"name":"babel-jest","from":"24.9.0","to":"27.0.0"},{"name":"babel-plugin-codegen","from":"1.3.0","to":"2.0.0"},{"name":"gulp","from":"3.9.1","to":"4.0.0"},{"name":"gulp-postcss","from":"6.4.0","to":"7.0.1"},{"name":"gulp-rev","from":"7.1.2","to":"8.1.1"},{"name":"html-loader","from":"0.5.5","to":"1.0.0"},{"name":"jest","from":"24.9.0","to":"27.0.0"},{"name":"jest-circus","from":"22.4.4","to":"24.0.0"},{"name":"jest-each","from":"24.9.0","to":"25.0.0"},{"name":"jest-image-snapshot","from":"1.0.1","to":"6.0.0"},{"name":"postcss-preset-env","from":"6.7.2","to":"7.0.0"},{"name":"preval.macro","from":"1.0.2","to":"2.0.0"},{"name":"react-error-overlay","from":"1.0.10","to":"3.0.0"},{"name":"webpack","from":"4.47.0","to":"5.0.0"},{"name":"webpack-cli","from":"3.3.12","to":"4.0.0"},{"name":"webpack-dev-server","from":"3.11.3","to":"4.0.0"},{"name":"workbox-webpack-plugin","from":"3.6.3","to":"6.0.0"}],"packageManager":"npm","projectPublicId":"ee999ac8-f463-40a0-8366-c44ed91f91f8","projectUrl":"https://app.snyk.io/org/adamlaska-eu8/project/ee999ac8-f463-40a0-8366-c44ed91f91f8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BABELTRAVERSE-5962463","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-HTMLMINIFIER-3091181","SNYK-JS-JSON5-3182856","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","npm:lodash:20180130","SNYK-JS-LODASHTEMPLATE-1088054","SNYK-JS-LOG4JS-2348757","SNYK-JS-MINIMATCH-1019388","SNYK-JS-MINIMATCH-3050818","npm:minimatch:20160620","SNYK-JS-POSTCSS-5926692","SNYK-JS-REQUEST-3361831","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNDERSCORE-1080984","SNYK-JS-UNSETVALUE-2400660"],"upgrade":["SNYK-JS-ANSIREGEX-15...

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
minimatch	4.2.3	None	+0	37.2 kB	isaacs
jest	27.5.1	eval	+58	7.12 MB	simenb
babel-jest	27.5.1	None	+7	4.12 MB	simenb
webpack-cli	4.10.0	environment	+8	434 kB	evilebottnawi
gulp	4.0.2	None	+32	649 kB	phated
webpack-dev-server	4.15.1	network, environment	+35	7.24 MB	evilebottnawi
preval.macro	1.0.2...2.0.0	None	+1/-2	33.4 kB	kentcdodds
airtable	0.5.10...0.9.0	network	+1/-1	345 kB	emma_airtable
workbox-webpack-plugin	3.6.3...6.6.1	None	+31/-21	8.33 MB	tropicadri
babel-plugin-codegen	1.3.0...2.0.0	None	+0/-1	25.6 kB	kentcdodds
@graphql-codegen/cli	1.21.8...2.16.5	filesystem, shell	+78/-23	12.5 MB	dotansimha
gulp-postcss	6.4.0...7.0.1	None	+0/-1	13.1 kB	unsoundscapes
html-loader	0.5.5...1.3.2	None	+0/-10	65.4 kB	evilebottnawi
jest-circus	22.4.4...24.9.0	None	+10/-3	4.31 MB	scotthovestadt
gulp-rev	7.1.2...8.1.1	None	+2/-3	18.7 kB	sindresorhus
postcss-preset-env	6.7.2...7.8.3	None	+43/-37	1.69 MB	alaguna
jest-image-snapshot	1.0.1...6.2.0	environment	+63/-65	8.22 MB	amexopensource

🚮 Removed packages: react-error-overlay@1.0.10