[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/carrier-mobile-ionic/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	No	Proof of Concept
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mpath

The new version differs by 15 commits.

• 634a0fa chore: release 0.8.4
• 89402d2 fix: throw error if `parts` contains an element that isn't a string or number
• 03c4efe chore: add basic SECURITY.md file
• ad7a023 chore: release 0.8.3
• f050c3a fix: use var instead of let/const for Node.js 4.x support
• e3bdd36 chore: release 0.8.2
• b09cebc chore: add lint
• ffed519 fix(stringToParts): fall back to legacy treatment for square brackets if square brackets contents aren't a number
• 095573c chore: release 0.8.1
• c507d2c fix(stringToParts): handle empty string and trailing dot the same way that `split()` does for backwards compat
• 484c22c chore: release 0.8.0
• b9ec839 feat: support square bracket indexing for `get()`, `set()`, `has()`, and `unset()`
• 99fea22 chore: release 0.7.0
• e2231e6 Merge pull request Update @angular/cli in group default to the latest version 🚀 #9 from AlexeyGrigorievBoost/component_json_removal
• c1ef66b Component.json removal

See the full diff

Package name: node-sass

The new version differs by 43 commits.

• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API
• 1f6df86 Replace lodash/assign in favor of the native Object.assign
• 522828a Remove workarounds for old Node.js versions
• 40e0f00 chore: Remove second NPM badge
• ab91bf6 chore: Remove Slack badge
• 6853a80 chore: Cleanup status badges
• fb1109c chore: Bump minimum engine version to v10
• d185440 chore: Add basic Node version support policy
• db25736 chore: Bump node-gyp to 7.1.0
• 2c5b110 chore: Bump cross-spawn to v7.0.3
• 38b9633 chore: Update Istanbul to NYC
• d63b5bf chore: Bump mocha to v8.1.3
• d0d8865 chore: Skip constructor tests on v14.6+
• ee3984d chore: Hoist test ESLint config
• feee448 chore: Remove disabled and recommended rules

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}