[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • app/angular/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 9 commits.

• 43179a8 chore(release): 1.0.0
• 3d53968 Merge remote-tracking branch 'origin/master'
• 240db53 version 1.0 (Migrate Storybook to monorepo storybookjs/storybook#742)
• 1b7acf7 Merge remote-tracking branch 'origin/master'
• 1703721 docs(README): add more context to `localIdentName` (add support for all devServer options storybookjs/storybook#711)
• 1c51265 docs(README): fix malformed emoji (Custom babel config loading does not work storybookjs/storybook#701)
• 50f8ec0 Merge remote-tracking branch 'origin/master'
• 07444ad tests: css custom variables (Easier way of adding a font? storybookjs/storybook#709)
• 3de8aa7 tests: css custom variables (Easier way of adding a font? storybookjs/storybook#709)

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: json5

The new version differs by 91 commits.

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add __proto__ to objects and arrays
• 072eb40 1.0.1
• e7bdcd1 Update CHANGELOG for v1.0.1
• 342d575 Remove package.json5 file
• 0336c9c Fix unclosed object and array bug
• 25929ab Fix typo in API documentation
• 607c18f Readme: fix typo in attribution. [skip ci]
• 1d64ece 1.0.0
• ef1f94a Fix headings in README
• 1c5d18d Remove remnant in README
• d904cd6 Update dependencies
• 156ae20 Add contributing guidelines
• f920edc Update CHANGELOG for v1.0
• 4c7fbd2 Update README for v1.0
• 5cbd656 Update copyright year
• 1d1c92d Explain STDIN and STDOUT using in CLI
• a95ec35 Update package.json5 with coverage integration
• f60448e Integrate Coveralls
• d17173c 1.0.0-beta.4
• d828908 Fix and ensure signed numbers are parsed properly
• dc2cfbc Make all tests run
• ad03a13 Test on Node v9

See the full diff

Package name: markdown-loader

The new version differs by 44 commits.

• 2bd1d24 7.0.0
• 01a63ae Update marked@4.0.12
• 31e153c Merge pull request [Snyk] Fix for 1 vulnerable dependencies #78 from Yash-Singh1/patch-1
• a8a32bd Don't return, export
• 447c5b7 6.0.0
• db637b9 5.2.0
• 745671c Merge pull request [Snyk] Fix for 1 vulnerable dependencies #63 from ethancrook99/master
• e9e5f26 Removed node 6 from travis.yml (not supported by some dependencies)
• 513f98b re-generated package-lock
• ea6635c Updated package-lock.json
• 6e2e0ad Updated dependency on html-loader to 1.3.0
• 8126005 Add LICENSE
• 9cae0d4 Update deps of example
• bfa9087 5.1.0
• 3ba52af Update dependencies
• b6b35eb Merge pull request [Snyk] Fix for 2 vulnerable dependencies #51 from jkinkead/fix_npm_audit
• be6e2c2 Update dependencies to fix audit breakage.
• dccbdd5 5.0.0
• e8d693d Update changelog
• 9525c4d Simplify exmaple
• f798cd8 Refactor tests using ava snapshot tests
• 799ffe8 Update dependencies
• d50b37f Merge pull request [Snyk] Fix for 3 vulnerable dependencies #48 from tmorehouse/patch-1
• 4e15df9 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #45 from styfle/patch-2

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` ([Snyk] Fix for 1 vulnerable dependencies #87)
• 636ebed feat: add `fallback` option ([Snyk] Fix for 1 vulnerable dependencies #88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) ([Snyk] Fix for 1 vulnerable dependencies #89)
• 2de70bb docs(README): fix typo in example ([Snyk] Fix for 1 vulnerable dependencies #81)
• ced5990 feat(index): add options validation (`schema-utils`) ([Snyk] Fix for 1 vulnerable dependencies #78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request Migrate webpack configuration in 5.x storybookjs/storybook#6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request Addon-info doesn't work with Vue jsx components storybookjs/storybook#6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request A11y design enhancements storybookjs/storybook#6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request Storybook does not work with RN0.59.+ storybookjs/storybook#6452 from webpack/update_acorn
• 9179980 Merge pull request FIX viewmode being hard-coded making custom addons of type TAB impossible storybookjs/storybook#6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request Viewport addon has unnecessary scrollbar when dimension is set to 100% storybookjs/storybook#6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request Emit event on updating background storybookjs/storybook#6561 from joshunger/patch-1
• 6e175bc Merge pull request Fix react-native preview only ui storybookjs/storybook#6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request Expose method to stop in standalone dev server storybookjs/storybook#6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request Clicking knobs button doesn't work storybookjs/storybook#6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution