[Snyk] Fix for 13 vulnerabilities

[sawp-d]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/PartsUnlimitedWebsite/package.json
  • src/PartsUnlimitedWebsite/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 34 commits.

• 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
• ee70306 Merge pull request #1697 from philz/1696
• 05c0634 Merge pull request #1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request #1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link
• d5cdac0 Merge pull request #1706 from gruntjs/tag-neew
• 4674c59 v1.1.0
• 6124409 Merge pull request #1705 from gruntjs/mkdirp-update
• 0a66968 Fix up Buffer usage
• 4bfa98e Support versions of node >= 8
• f1898eb Update to mkdirp ~1.0.3
• 7985b19 Avoiding infinite loop on very long command names.
• 75da17b HTTPS link to gruntjs.com (#1683)
• 5a0a02b support monorepo (relative path)
• 6795d31 Update js-yaml dependecy to ~3.13.1 (#1680)
• 66fc8fa support monorepo (test case)

See the full diff

Package name: grunt-contrib-concat

The new version differs by 8 commits.

• 9e0f72f 2.0.0
• de2b0e9 Merge pull request updated readme microsoft/PartsUnlimited#192 from gruntjs/release-2
• 2f2aeff Release docs
• 63a42a8 Merge pull request Python2.7 not found microsoft/PartsUnlimited#191 from gruntjs/update-deps-oct
• 4c4fab8 Update CI
• 71d6edd Update dependencies
• 9054b14 Merge pull request Any documentation on patterns / architecture of this site? microsoft/PartsUnlimited#176 from alexjking/fix-browserify-sourcemap-regex
• b1cf785 fix(sourcemap-regex): fix regex to match browserify sorucemap charset

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 60 commits.

• a3f3f34 5.2.1
• 3c8d904 Update Readme
• 0850dcd update dependencies (#568)
• c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
• 98b4c5f Fix documentation in relation to issue #565 (#566)
• 7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
• e410511 Update deps, v5.1.0 (#564)
• 2cb31be Update uglify-js to v3.15.2 (#562)
• 12ca0f2 Fix wording in README.md (#560)
• 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
• 0e4b1a0 Update uglify-js (#557)
• 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
• 4e83e45 Update UglifyJS to 3.13.3 (#554)
• 8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
• 14b71da v5.0.0
• 9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
• 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
• b7bcde4 Delete .travis.yml
• cba2631 Delete appveyor.yml
• 3dc53f0 ini github workflow
• f65dbb9 v4.0.1. (#535)
• b33a071 upgrade devDependencies (#536)
• 1e40037 upgrade to uglify-js 3.5.0 (#534)
• 33724cd update links to uglifyJS documentation (#530)

See the full diff

Package name: grunt-sass

The new version differs by 12 commits.

• 2b662db 3.0.0
• 64f6444 Add support for Dart Sass (Bump minimatch from 3.0.4 to 3.0.8 in /src/PartsUnlimitedWebsite microsoft/PartsUnlimited#283)
• 683ad07 Meta tweaks
• 12138d1 Fix linting
• 26c31c0 Require Node.js 8
• 276257e 2.1.0
• cfb6b53 Force the latest verison of node-sass
• b7087c6 Travis CI: Add Node.js 7 (fixed AB#142 microsoft/PartsUnlimited#270)
• e9187e2 Lock the XO dependency
• c0486d9 2.0.0
• ef34efe ⬆️ node-sass@4
• f8015a3 Make XO happy

See the full diff

Package name: node-sass

The new version differs by 140 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: update-notifier

The new version differs by 21 commits.

• 492c21e 2.3.0
• 3eaa793 Force bump `boxen` dependency
• 70b8248 package.json indentation
• 97d0b97 Add is-installed-globally for auto-detection (update documentation website microsoft/PartsUnlimited#114)
• 6008ccf Meta tweaks
• 6f2b074 Move to AVA for testing (Continuous Integration Build fails with node-gyp lib errors in Find-VS2017.cs microsoft/PartsUnlimited#121)
• 4bfb8b4 Update chalk to 2.0.1 (Fix Continuous Deployment doc errors microsoft/PartsUnlimited#117)
• adf7af0 2.2.0
• d032e12 Bail if notify is disabled (Merge pull request #1 from Microsoft/master microsoft/PartsUnlimited#110)
• 1055d57 Meta tweaks
• e2f9233 Add npm as »reference« (Fixing the Manage Items (StoreManager) link in the Admin drop down microsoft/PartsUnlimited#108)
• 86ca238 2.1.0
• 607d3c9 Add option to exclude `-g` argument from default update message (Missing image in HOL-Continuous-Deployment  microsoft/PartsUnlimited#105)
• d295cf3 2.0.0
• fda96b6 ES2015ify
• ac47d69 Improve readme
• f1de1bf Update dependencies
• 01fcd25 Bump minimum supported `node` version to `node@4`. (Fault Injection Service Fabric Hackathon (Intergen) microsoft/PartsUnlimited#102)
• e36671d 1.0.3
• d66245c Exit process on SIGINT (Feature Flag for an API (Intergen) microsoft/PartsUnlimited#98)
• 384e846 get tests passing on Travis CI with latest xo, etc (Feature Flag for a Mobile Solutions - From Scratch (Intergen) microsoft/PartsUnlimited#97)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 NULL Pointer Dereference
🦉 Uncontrolled Recursion
🦉 More lessons are available in Snyk Learn