[Snyk] Fix for 11 vulnerabilities

[takeratta]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bitsharesjs

The new version differs by 38 commits.

• a82df7b Update packages
• f510ca0 Update version
• e342448 Update bitsharesjs-ws
• 90728f0 Remove log, fix pruning test
• ea18547 Add the option of pruning identical operations in set_required_fees to reduce API load
• 4df23b4 Improve set_required_fees performance and fix some advanced operations fee setting issues
• cd955ea Update assert and add a trxbuilder test run script
• 632d9ad Return null key string in PublicKey fromString if input is null
• cab4552 Update bitsharesjs-ws and version
• 22f46b1 Udate bitsharesjs-ws
• 8ddd519 Update bitsharesjs-ws to 1.4.0
• 21d5180 Update version, fix owner.get undefined error
• f4c87bc Properly set non-existing accounts to null in the ChainStore, add tests for that
• 776684d Update version
• 63c6d6b Update GetObjectsByVoteIds, add test
• 2f73ff2 Add getAccountName method to resolve account names with get_full_account
• 7499c16 Don't use get_objects for account objects of non-subscribed accounts
• 943539b Make the set_subscribe_callback boolean an input paramater with default true
• 1a27ff7 Add fetchAllWorkers method to call get_all_workers
• dfa31e9 Fix a bug in how incoming proposals are added to account objects
• a450ae7 Update version
• 91dff89 Only force unsigned Longs for uint64 type
• ee0fa32 Add husky for pretty-quick precommit hook
• 78631ca Remove asset dynamic data object from asset object

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: react-hot-loader

The new version differs by 250 commits.

• b36b842 chore(release): 4.0.0
• 9ef4c35 Merge pull request Yellow Margin Calls In Order Books Are Confusing or Not Buyable bitshares/bitshares-ui#876 from gaearon/next
• 34077b7 docs(readme): update it
• 8da0c85 chore: fix merge master
• 2de4e58 fix: proper children reconcile for nested tags, fixes Window 10 wallet crashes bitshares/bitshares-ui#869 (make login mode changed only if the registration was completed #831 bitshares/bitshares-ui#871)
• 4b13ed1 Merge pull request Fix Issue #691 - Flash on Price Change bitshares/bitshares-ui#870 from oliviertassinari/patch-2
• a429374 Fix IE 11 issue
• a36c4d3 chore(release): 4.0.0-rc.0
• f7ca913 chore(release): 4.0.0-beta.23
• 284d573 chore: upgrade deps (Fix issue #861 - Correctly parse signed message bitshares/bitshares-ui#864)
• 0b7997f fix: transfer original prototype methods (Fix invalid signed message signature notice in English bitshares/bitshares-ui#859)
• ffe0035 fix: disable RHL when HMR is not activated (update gdex gateway service  bitshares/bitshares-ui#863)
• 572e803 Merge pull request [.25][HarukaMa] Failed signed message verification caused by space characters bitshares/bitshares-ui#861 from philipnilsson/patch-1
• 1a06535 Add null check
• 8fa1d42 fix: fix various bugs (Change Gray Tab Colors in Explore Section bitshares/bitshares-ui#857)
• 99da77b chore(release): 4.0.0-beta.22
• daf044c chore: make CI stop on error (Fix Issue #733 - Openorder Asset Details bitshares/bitshares-ui#853)
• 963677f fix: fix reconciler warnings (Request password before backup .bin file bitshares/bitshares-ui#852)
• 7580552 feat: ship flat bundles (Fix Issue #807 - Accounts Tab Settings bitshares/bitshares-ui#844)
• bf519d4 chore(changelog): update
• 577335c v4.0.0-beta.21
• 9bb8251 fix: fix proxy adapter (Missing balance "quicklook" function bitshares/bitshares-ui#842)
• d29f484 chore(changelog): update
• 8cd1272 v4.0.0-beta.20

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution