[Snyk] Fix for 63 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-1016937	No	Proof of Concept
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-569611	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-DOIUSE-1037304	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-JSONPOINTER-598804	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	714/1000 Why? Has a fix available, CVSS 10	Cross-site Scripting (XSS) SNYK-JS-REMARKHTML-1583433	No	No Known Exploit
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-460283	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	524/1000 Why? Has a fix available, CVSS 6.2	Regular Expression Denial of Service (ReDoS) npm:brace-expansion:20170302	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	571/1000 Why? Mature exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:is-my-json-valid:20180214	No	Mature
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	No	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	No	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: codemirror

The new version differs by 250 commits.

• 23b7a99 Add WebAssembly to meta
• 212bafa [stylus mode] Recognize "url-prefix" token properly
• 9885241 [javascript mode] Don't indent in template strings
• 9caacec [sparql mode] Improve parsing of IRI atoms
• 55d0333 [javascript mode] Fix potentially-exponential regexp
• cdb228a Fix horizontal scrolling-into-view with non-fixed gutters
• 1cb6de2 Fix doc/releases.html copy-paste mistake
• 719a912 Fixes Update wasmparser dep: allows to index end of function by offset. firefox-devtools/debugger#6402. Adds option to turn off highlighting of non-standard CSS properties
• 8bc57f7 Remove link to gitter room
• fdc2de3 [tern demo] Use unpkg, now that the URL structure of ternjs.net changed
• 58c5534 Fixes [Symbols] should recognize React.Component as a parent class firefox-devtools/debugger#6331. Backticks are stripped from SQL query words before comparison
• f3dde7c [julia mode] Fix infinite recursion
• 1c60749 Mark version 5.58.1
• ca046d7 [placeholder addon] Fix composition handling
• c74a1ca Fix use of ES6 in addon
• 76590dc Mark version 5.58.0
• 7b63084 Update placeholder visibility during composition
• 66a96a5 Set the readonly attribute on the hidden textarea when the editor is read-only
• 376c0d9 [lint addon] Put error CSS after warning
• 18aa69e [lint addon] Use separate CSS classes for common lint styles
• db719a2 Fix drawing of marked text with only attributes
• b6da8bf Add vim emulation support for `gn` and `gN`.
• fd2e322 Suppress focus outline for scrollbar elements
• 2250b4a Fix bug causing a deleted editor to continue believing it had focus

See the full diff

Package name: documentation

The new version differs by 250 commits.

• bc4f510 chore(release): 13.2.2
• f4a46b1 deps: update remark on last version fixed Make sourcemapped location resolve forward instead of back (fixes #1252) firefox-devtools/debugger#1349 (Start "Reveal in Tree" firefox-devtools/debugger#1370)
• f2fa522 refactor: switch off position for remark, it is reduce size of tests and check on position (Fix source tree leak firefox-devtools/debugger#1369)
• 061b906 deps: remove deps which already in stage 4
• 3babb4a deps: udpate remark and remove babel-eslint parser
• 5d8d450 fix: @ see tags incorrectly formatted in markdown ouput fixed [Source Tree] show first root firefox-devtools/debugger#1337
• 2d9f28a deps: remove deps which already in stage 4
• 89fd188 docs: Include --github flag in README ([Prefs] the prefs shim is not working with local storage firefox-devtools/debugger#1364)
• 70ad529 chore(release): 13.2.1
• c3e85eb deps: Highlight.js deprecations Vertical layout - add firefox support. firefox-devtools/debugger#1365 fixed ([Windows] F10 opens Menu instead of "Stepping Over" firefox-devtools/debugger#1367)
• c6c64ea chore(release): 13.2.0
• d449e7c feat: Support import.meta
• 6f01ad2 docs: added content about an alternative way to establish style. ([Toolbox] Format lint run firefox-devtools/debugger#1356)
• 3cbe75d chore(release): 13.1.1
• d775612 deps: Update highlight.js. (update local development firefox-devtools/debugger#1348)
• 780a8a1 Dependency update bumps ([POC] show the reason why the debugger is paused firefox-devtools/debugger#1345)
• 00b3478 docs: Add TypeScript usage example (Update fuzzaldrin-plus to version 0.4.1 🚀 firefox-devtools/debugger#1343)
• 24bbfd4 chore(release): 13.1.0
• dd71624 deps: Update babel dependencies and module-deps-sortable
• bc3233f feat: Add event members to md output ([Source Tabs] context menu copy source url + view source  firefox-devtools/debugger#1336)
• a366d95 chore(release): 13.0.2
• 325bfad deps: Update yargs dependency.
• a8b6ce1 fix: Additional safety around detecting functions in HTML output
• 78c6a5a chore(release): 13.0.1

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 22ff6f3 4.18.2
• 817b84b Build: changelog update for 4.18.2
• 6b71fd0 Fix: table@4.0.2, because 4.0.3 needs "ajv": "^6.0.1" (#10022)
• 3c697de Chore: fix incorrect comment about linter.verify return value (#10030)
• 9df8653 Chore: refactor parser-loading out of linter.verify (#10028)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)
• e4f52ce Chore: Simplify dataflow in linter.verify (#10020)
• 33177cd Chore: make library files non-executable (#10021)
• 558ccba Chore: refactor directive comment processing (#10007)
• 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010)
• a1c3759 Chore: refactor populating configs with defaults in linter (#10006)
• aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985)
• 8c237d8 4.18.1
• 537b5c3 Build: changelog update for 4.18.1
• f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993)
• 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987)
• 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986)
• 883a2a2 4.18.0
• 89d55ca Build: changelog update for 4.18.0
• 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944)
• 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951)
• 47ac478 Update: add named imports and exports for object-curly-newline (#9876)
• e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943)
• f012b8c Fix: support Async iteration (fixes #9891) (#9957)

See the full diff

Package name: firefox-profile

The new version differs by 70 commits.

• 604f8da Update dependencies + version bump
• e3a6328 fix: remove deprecated jetpack-id dependency (Update Circle CI firefox version firefox-devtools/debugger#119)
• 940bedb Bump ini from 1.3.5 to 1.3.6 (Refactor Sources firefox-devtools/debugger#114)
• 3429330 Drop `async` (Add proper states for debugging command buttons firefox-devtools/debugger#116)
• 60c1f61 Drop lodash (Improve mocha testing firefox-devtools/debugger#115)
• cd63285 Merge pull request Refreshing the debugger fails to detatch  firefox-devtools/debugger#113 from saadtazi/archiver-upgrade
• 4bdc619 update changelog and bump major
• b6322a5 remove "broken" tests
• 5bcd9bd some packages update
• e8534d5 prettier updates
• 2bd8e21 update archiver to v5.0
• 7aae99a Merge pull request Investigate Tree View Component firefox-devtools/debugger#103 from saadtazi/dependabot/npm_and_yarn/stringstream-0.0.6
• 8713d0f Merge pull request Fix Storybook firefox-devtools/debugger#108 from saadtazi/dependabot/npm_and_yarn/minimist-1.2.3
• dbc296d Merge pull request Update dependencies firefox-devtools/debugger#109 from saadtazi/dependabot/npm_and_yarn/websocket-extensions-0.1.4
• a103206 Merge pull request Add Logging and Assertions in dev mode firefox-devtools/debugger#111 from saadtazi/drop-nodejs-support-v6-v8
• f93d56b no more coveralls... to old :-(
• 635542e drop support for nodejs 6 & 8. test 10, 12 & 14.
• 71c3bcb Bump stringstream from 0.0.5 to 0.0.6
• 55956ef Merge pull request Replace queries with selectors firefox-devtools/debugger#110 from saadtazi/dependabot/npm_and_yarn/lodash-4.17.19
• bc55584 Bump lodash from 4.17.15 to 4.17.19
• a1e55e3 Bump websocket-extensions from 0.1.3 to 0.1.4
• a80195d Bump minimist from 1.2.0 to 1.2.3
• 8c1b45f v2.0.0
• e2ce1fc Merge pull request move build directory to public to consolidate static assets firefox-devtools/debugger#107 from Photonios/browser-specific-settings

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (Fixup Tab CSS firefox-devtools/debugger#4026)
• 3f7b987 uncaughtException: report more than one exception per test ([workers] open a new toolbox firefox-devtools/debugger#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (Long Watch Expressions Are Covered by Scrollbar firefox-devtools/debugger#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes [Blackbox] dedicated UI firefox-devtools/debugger#4035 ([Editor] <alt>click on an empty gutter should continue to here firefox-devtools/debugger#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (Update to devtools-reps 0.13.0 firefox-devtools/debugger#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events ([WatchExpressions] Test expanding an expression firefox-devtools/debugger#4025)
• 9650d3f add OpenJS Foundation logo to website (Use a source cache in parser worker. firefox-devtools/debugger#4008)
• f04b81d Adopt the OpenJSF Code of Conduct ([Breakpoints] become impossible to remove firefox-devtools/debugger#3971)
• aca8895 Add link checking to docs build step (Weird Tree Highlighting / Overflow firefox-devtools/debugger#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 ([Mochitests] Update the docker CI image firefox-devtools/debugger#3986)
• 18ad1c1 treat '--require esm' as Node option ([PrettyPrint] show a progress indicator  firefox-devtools/debugger#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (Preview popup takes 1+ sec on a large codebase firefox-devtools/debugger#3984)
• ad4860e Remove extraGlobals() (Copy function firefox-devtools/debugger#3970)
• b269ad0 Clarify effect of .skip() (Chrome Debugging firefox-devtools/debugger#3947)
• 1e6cf3b Add Matomo to website ([Breakpoints] setting a condition should enable a breakpoint firefox-devtools/debugger#3765)
• 91b3a54 fix style on mochajs.org ([mochi] search-project mochi test keeps timing out firefox-devtools/debugger#3886)

See the full diff

Package name: mocha-circleci-reporter

The new version differs by 5 commits.

• 961ded9 version: Bump
• c8cfa0a Merge pull request Remove Firefox Dependency firefox-devtools/debugger#6 from jall/master
• d892bd7 Fix test failures from v5 upgrade
• 809edff Update Travis Node versions
• f100c76 Update dependencies to remove vulnerablities

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 060310c 14.0.0
• ff4a1ef Prepare CHANGELOG
• 8d2f6e1 Bump postcss (Disabled forward/backward stepping for a single history item firefox-devtools/debugger#5619)
• f552608 Merge pull request Update selectLocation to do less work with regard to pretty print firefox-devtools/debugger#5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
• 7ed17ad Bump husky from 7.0.2 to 7.0.4
• 4d9f75e Merge pull request 3/6 update firefox-devtools/debugger#5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
• bc9dd0b Bump jest from 27.2.5 to 27.3.1
• 82e2507 Merge pull request Update timeout in browser_dbg-babel.js (sync m-c bug 1440102) firefox-devtools/debugger#5604 from stylelint/v14
• 16d259f Update CHANGELOG.md
• 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (Change PR template for issue clarification firefox-devtools/debugger#5613)
• 8dca498 Show more info in missing customSyntax warning (Prepush firefox-devtools/debugger#5611)
• 2eee0a9 Remove v14 CI triggers (Bump node engine firefox-devtools/debugger#5610)
• 12f8081 14.0.0-0
• 5dd7ec1 Prepare 14.0.0
• 67313a3 Add support for `extends` in `overrides` config ([Breakpoints] show breakpoint on hover firefox-devtools/debugger#5603)
• b6fd2fc Document no need for postcss-html maintainer ([Stepping] Speed up stepping over await calls firefox-devtools/debugger#5602)
• bf28025 Recommend using shared configs ([SourceMaps] update to source-map to 0.7.2 firefox-devtools/debugger#5598)
• 07118d6 Update CHANGELOG.md
• 367142a Change `ignoreFiles` to be extendable ([Stepping] Can't step over upper in call stack firefox-devtools/debugger#5596)
• 1b4162f Fix conflicts in dependabot
• 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (Time travel ui tweaks firefox-devtools/debugger#5601)
• 1f32094 Bump typescript from 4.4.3 to 4.4.4 (Revert using Flow to type context firefox-devtools/debugger#5599)
• 88b9575 Revise contributors section of README ([Stepping] Re-enable babel-stepping test firefox-devtools/debugger#5585)
• e38da70 Use problem rather than violation in docs and types ([Parser] Stop using babel-traverse firefox-devtools/debugger#5592)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request [SourceMaps]  "TypeError: sourceMaps is null" in browser console firefox-devtools/debugger#5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request [QuickOpen] go to line shows matching files firefox-devtools/debugger#5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request Export source utils firefox-devtools/debugger#5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request [QuickOpen] All the results are shown firefox-devtools/debugger#5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request [CallStack] clicking the selected frame does not jump firefox-devtools/debugger#5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request Upgrade flow to 63.1 firefox-devtools/debugger#5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request [SourceTree]  up-arrow or down-arrow is off by a bit firefox-devtools/debugger#5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request Add the services argument firefox-devtools/debugger#5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request 4597 - [Breakpoints] Extract Context menu firefox-devtools/debugger#5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic