[Snyk] Fix for 1 vulnerabilities

[rfxn]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-sass

The new version differs by 164 commits.

• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
• 06f3ab4 Update TROUBLESHOOTING.md
• c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
• 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
• a2a3a78 chore: Bump dependabot limit
• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API

See the full diff

Package name: semver

The new version differs by 207 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (Backtester error DeviaVir/zenbot#566)
• 5c8efbc fix: preserve build in raw after inc (CCI SRSI DeviaVir/zenbot#565)
• 717534e fix: better handling of whitespace (Merge pull request #1 from carlos8f/master DeviaVir/zenbot#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (Auto_backtester documentation? DeviaVir/zenbot#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (Interactive CUI update DeviaVir/zenbot#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (Create raspberrypi.md DeviaVir/zenbot#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (bittrex error DeviaVir/zenbot#552)
• 503a4e5 feat: allow identifierBase to be false (merge DeviaVir/zenbot#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (Data from different markets DeviaVir/zenbot#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (mongo error DeviaVir/zenbot#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (Bitfinex Credentials not working DeviaVir/zenbot#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (check order liquidity before executing DeviaVir/zenbot#538)
• aa516b5 fix: faster parse options (Add a bit more data and reformat the balance command DeviaVir/zenbot#535)
• 61e6ea1 fix: faster cache key factory for range (Make "post_only" orders and option in the config file DeviaVir/zenbot#536)
• f8b8b61 fix: optimistic parse (How i connet more Accounts DeviaVir/zenbot#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (Using trainings data DeviaVir/zenbot#533)
• 3f222b1 fix: reuse comparators on subset (Making post_only an option DeviaVir/zenbot#537)
• 113f513 feat: identifierBase parameter for .inc (The robo kitten patch DeviaVir/zenbot#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (Constant Bug in Genetic Backtester DeviaVir/zenbot#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (Darwin - %age and ETA's during backtesting, as well as mid-generation resuming DeviaVir/zenbot#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (Stop loss trigger granularity DeviaVir/zenbot#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Fix for 400 bad request from Binance DeviaVir/zenbot#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Bug in darwin.js DeviaVir/zenbot#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (binance 400 bad request during backfill and trading DeviaVir/zenbot#1254)
• a7cba2f chore: project maintanance and typescript fix (strategy dema inconsistent noise_level_pct? DeviaVir/zenbot#1247)
• 7748472 chore: ignore package-lock.json and remove its references (Telegrams Notifical is not work  DeviaVir/zenbot#1252)
• a014aa7 docs: fix supported arguments & commands link in README (IFTTT notifical DeviaVir/zenbot#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (Filter failure: MIN_NOTIONAL DeviaVir/zenbot#1238)
• 6cc6a49 chore: post refactor CLI (Bitfinex: avoid crash when getOrder is called and no order is found. DeviaVir/zenbot#1237)
• 358651e chore: move cli under lerna package (Question on odd coloring on currency output. DeviaVir/zenbot#1225)
• 2dc495a fix(init): fix webpack config scaffold (Intermittent crashing when using Bittrex DeviaVir/zenbot#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (buy_pct = 100% error DeviaVir/zenbot#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (Define products.json format DeviaVir/zenbot#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (Fix genetic backtester parameter lists DeviaVir/zenbot#1234)
• 35d1381 tests(generator): enable init generator test (fix(package): update style-loader to version 0.20.1 DeviaVir/zenbot#1233)
• 66cdcb6 chore(generator): remove transpiled tests (Huge bollinger upper/lower bound pct understanding DeviaVir/zenbot#1229)
• f29a170 fix(init): fix the invalid package name (Update CEXIO products.json DeviaVir/zenbot#1228)
• 8c3a66d chore(cli): updated changelog of v3 (Update strategy param docs DeviaVir/zenbot#1224)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)