[Snyk] Fix for 2 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • grid-packages/ag-grid-docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 137 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: jest

The new version differs by 250 commits.

• 75006e4 v29.0.0
• 7c82a9f chore: update jest-watch-typeahead again
• 352ff29 chore: update changelog for release
• 33ad8c3 docs: Jest 29 blog post (#13103)
• dda77e5 docs: collapse 28.0 and 28.1 docs (#13104)
• c0dc84c chore: update jest-watch-typeahead
• 05f6217 fix: support deep CJS re-exports when using ESM (#13170)
• 490fd88 chore: update yarn (#13169)
• 98936a2 docs: Update Enzyme links to use new URL (#13166)
• 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (#12443)
• ae2bed7 chore: tweak regex used in e2e tests (#13129)
• 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (#13115)
• fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (#13156)
• 075b489 fix: ignore `EISDIR` when resolving symlinks (#13157)
• 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (#13155)
• 4def94b v29.0.0-alpha.6
• 0f00d4e fix: replace non-CLI `rimraf` usage (#13151)
• 6a90a2c fix: Allow updating inline snapshots when test includes JSX (#12760)
• 983274a feat: Let `babel` find config when updating inline snapshots (#13150)
• d2ff18a chore: make prettierPath optional in `SnapshotState` (#13149)
• 7d8d01c feat(circus): added each to failing tests (#13142)
• a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (#13141)
• 79b5e41 chore: get rid of peer dep warning in website
• 812763d chore: enable 'no-duplicate-imports' (#13138)

See the full diff

Package name: node-sass

The new version differs by 38 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (Error while executing setColumnState() ag-grid/ag-grid#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (hidden cells are not editable when grid has horizontal scroll ag-grid/ag-grid#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (ComboBox in Aggrid Cell ag-grid/ag-grid#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (cellStyle with text-decoration isn't parsed correctly and breaks ag-grid/ag-grid#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (AG-3222 Fix/reactnext renderer timeout ag-grid/ag-grid#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (increase timeout for MOUSEOUT_HIDE_TOOLTIP and DEFAULT to 30000 ag-grid/ag-grid#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (filter doesn't work with server side row model ag-grid/ag-grid#3149)
• e80d4af chore: Drop EOL Node 15 (onCellValueChanged validate data using FETCH call to server. ag-grid/ag-grid#3122)
• d753397 feat: Add Node 17 support (Using Enterprise version in a SaaS application with unknown number of servers ag-grid/ag-grid#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: protractor

The new version differs by 77 commits.

• 5d8da04 chore(release): version bump to 6.0.0 and update the changelog
• d777738 chore(tests): circleci - chrome 69 requires chromdriver to 2.44 (Delete .idea directory ag-grid/ag-grid#5182)
• 3d50b68 chore(deps): update based on npm audit
• e478ba8 chore(release): bump version to 6.0.1-beta
• 7054827 chore(types): fix types to use not @ types/selenium-webdriver (AG-6677 - Better null/undefined handling for scatter series charts. ag-grid/ag-grid#5127)
• 2e5c2e6 chore(jasmine): prevent random execution order in jasmine 3 (AG-6733 - Fix pivot column agg values ag-grid/ag-grid#5126)
• 8afc4e2 chore(release): release 6.0.0-beta and update the changelog
• 5fd711c chore(webdriver-manager): use webdriver-manager@13.0.0-beta
• 96ae17c deps(jasmine): upgrade jasmine 3.3 (fix peerDependencies ag-grid/ag-grid#5102)
• 68491dd chore(expectedConditions): update generic Function typings (AG-5629 - Delta sorting ag-grid/ag-grid#5101)
• cf43651 chore(debugprint): convert debugprint to TypeScript (Ag grid custom pagination option is missing ag-grid/ag-grid#5074)
• d213aa9 deps(selenium): upgrade to selenium 4 (AG-6666 - Fix charts SonarCloud high priority issues ag-grid/ag-grid#5095)
• 4672265 chore(browser): remove timing issues with restart and fork (this.cellComp is undefined in CellCtrl.createCellRendererParams with AgGridReact ag-grid/ag-grid#5085)
• b4dbcc2 chore(elementexplorer): remove explorer bin file (autoHeight + wrapText in print layout creates a redraw rows loop  ag-grid/ag-grid#5094)
• 7de6d85 docs(api): update examples to use async/await (Ag-Grid will not keep a custom component registered in Cell Renderer, rendered when scrolling the main window ag-grid/ag-grid#5081)
• 1b2036e typings(selenium): try out new version of typings (SSRM Expandable Pivot Column Groups ag-grid/ag-grid#5084)
• befb457 chore(bin): update webdriver-manager require to use the cli (AG-6119 - Fix Integrated Charts proxy override of cursor style unless necessary. ag-grid/ag-grid#5093)
• 509f1b2 deps(latest): upgrade to the gulp and typescript (AG-6674 - Fix sparklines label fontSize type ag-grid/ag-grid#5089)
• 2def202 deps(webdriver-manager): use replacement (Fix errors due to this.cellComp being undefined in refreshCell ag-grid/ag-grid#5088)
• 9d510db chore(test): remove jasmine addMatcher test (AG-4571 reset column ordering when new secondary columns are added ag-grid/ag-grid#5072)
• 6522e40 chore(cleanup): clean up imports and wdpromises (AG-2168 - Improved SSRM example ag-grid/ag-grid#5073)
• 3b8f263 chore(ignoreSynchornization): clean up to use waitForAngularEnabled (Charts API reference, theme reference and API explorer docs pages ag-grid/ag-grid#5071)
• ffa3519 chore(debugger): remove debugger and explore methods (AG-6654 - Charts API Explorer Caching + Visual Improvements ag-grid/ag-grid#5070)
• 0f7a38a chore(test): error tests fixed (AG-2168 - Remove SSRM example ag-grid/ag-grid#5069)

See the full diff

Package name: terser-webpack-plugin

The new version differs by 69 commits.

• e679881 chore(release): 5.0.0
• 937a314 docs: update
• 393f249 refactor: next
• a80213f ci: updated webpack versions ([Snyk] Fix for 1 vulnerabilities #332)
• 8ae4b80 chore(release): 4.2.3
• 041b392 fix: better minimizing `mjs` assets ([Snyk] Security upgrade @angular-devkit/build-angular from 0.803.29 to 13.0.0 #329)
• b9c694d fix: minify `cjs` assets ([Snyk] Security upgrade jest from 25.5.4 to 26.0.0 #328)
• f49e786 chore(release): 4.2.2
• a75dc8b fix: related asset info
• 4103571 chore(deps): update
• 0b537c6 test: fix ([Snyk] Fix for 1 vulnerabilities #318)
• 978793e chore(release): 4.2.1
• f5bd8f8 fix: compatibility with webpack@5
• 0e21d92 test: cache ([Snyk] Fix for 1 vulnerabilities #316)
• 5de108d refactor: remove unused code ([Snyk] Fix for 1 vulnerabilities #315)
• 5340814 fix: cache for extracted comments ([Snyk] Fix for 1 vulnerabilities #314)
• bbfa283 chore(deps): update ([Snyk] Fix for 1 vulnerabilities #313)
• 17303be chore(release): 4.2.0
• 4bd622c feat: pass the `terserOptions` to the `minify` option ([Snyk] Fix for 1 vulnerabilities #311)
• defde64 feat: improve caching
• 92f53b6 chore(deps): update
• c760c13 test: `realContentHash` ([Snyk] Fix for 1 vulnerabilities #304)
• 479d28b refactor: code ([Snyk] Fix for 1 vulnerabilities #303)
• 9d861d8 fix: use webpack.sources when it's available for webpack@5 ([Snyk] Fix for 1 vulnerabilities #301)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request #11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request #11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request #11690 from webpack/bugfix/11673
• 234373e Merge pull request #11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request #11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request #11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request #11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request #11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request #11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5aad1e7 chore(release): 4.8.0
• 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (In CrossFiltered Charts , the difference btw the filtered pie and unfiltered pie isn't very clear ag-grid/ag-grid#4368)
• 7920364 feat: export initialized socket client (Property enableBrowserTooltips not working for grid tables headers. ag-grid/ag-grid#4304)
• 4e7800e chore: update webpack (InnerRadiusOffset isn't working for integrated Charts when doughnut is used ag-grid/ag-grid#4367)
• fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (Aligned-Grid should synch up row grouping and sort order of columns between grids. ag-grid/ag-grid#4366)
• 67c080b chore(deps-dev): bump puppeteer from 13.5.1 to 13.5.2 (How to test onGridSizeChanged logic? ag-grid/ag-grid#4361)
• 56ec411 chore(deps): bump html-entities from 2.3.2 to 2.3.3 (Make text inside rowData bold ag-grid/ag-grid#4358)
• ca8a53a chore: update deps and fix audit (Is column's "hide" property suppose to not render column at all or make it invisible? ag-grid/ag-grid#4356)
• 501f6aa chore(deps-dev): bump @ babel/runtime
• 7d2b4f0 chore(deps-dev): bump @ babel/core
• 95e26fe test: add cases for `webSocketURL` with `server` option ("Toggle Select All Columns" in sideBar doesn't work as expected after upgrade to v25 ag-grid/ag-grid#4346)
• 84b4774 chore: migrate script for examples on `setupMiddlewares` option (Multiple custom input cell-editors, renderers with stopEditingWhenGridLosesFocus and single fullRow edit type ag-grid/ag-grid#4347)
• a7ccab1 chore: replace deprecated String.prototype.substr() ("Paste" does not work using Firefox browser (85.0.1 (64 bits)) ag-grid/ag-grid#4343)
• 1bf2614 chore(deps-dev): bump lint-staged from 12.3.6 to 12.3.7 (ag-grid documentation lists an event “animationQueueEmpty”. Does it not exist anymore? ag-grid/ag-grid#4344)
• 188497a chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 (Pivot Mode and domLayout="autoHeight" are incompatible ag-grid/ag-grid#4339)
• 7560a37 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.6 ([performance] React vertical scroll ag-grid/ag-grid#4341)
• dc2d6f7 chore(deps): bump http-proxy-middleware from 2.0.3 to 2.0.4 (Tooltip for integrated Charts  ag-grid/ag-grid#4333)
• 552e4ab chore(deps-dev): bump @ babel/runtime
• af3de07 chore(deps-dev): bump @ babel/core
• a80fa1f chore(deps): bump @ types/ws
• 457e1e5 chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 (Usual Rows can be full-width ag-grid/ag-grid#4334)
• b48ff7f chore(deps-dev): bump puppeteer from 13.5.0 to 13.5.1 (Columns Tool Panel not showing hidden columns in aligned grid ag-grid/ag-grid#4330)
• 3ce15d4 chore(deps-dev): bump puppeteer from 13.4.1 to 13.5.0 (Get rid of rectangle above the scrollbar ag-grid/ag-grid#4329)
• a892235 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (partial store and grouping ag-grid/ag-grid#4328)

See the full diff

Package name: webpack-stream

The new version differs by 60 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request [Snyk] Fix for 1 vulnerabilities #225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.803.29 to 13.3.10 #235 from marekdedic/webpack-5
• ff485fe Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[secure-code-warrior-for-github]

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior