[Snyk] Fix for 3 vulnerabilities

[terrorizer1980]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-image

The new version differs by 55 commits.

• f2cc810 6.3.0
• 9371d80 chore: add files field
• 903000e chore(deps): update dependencies
• 88ecb0f chore(deps): update dependencies
• 4e5bf8c refactor: use p-event to deprecate test.cb()
• 542b78d build(deps-dev): bump xo from 0.44.0 to 0.45.0
• 41d4316 test: tweak CI
• 4e1e143 docs: fix badge url
• 8fd2ac3 fix: fix lint issues
• 55560c8 chore(deps): update dependencies
• afd9121 refactor: use native ESM
• 71c04a3 Upgrade to GitHub-native Dependabot
• 764fd72 chore(deps): fix several dependencies
• 731b4e9 chore: update svgo
• 03f6276 chore: update lockfileVersion
• d7224a7 fix: fix lint issues
• 8171f51 build(deps-dev): bump xo from 0.36.1 to 0.37.1
• b7b83e1 build(deps): bump pretty-bytes from 5.4.1 to 5.5.0
• f84af02 build(deps-dev): bump ava from 3.14.0 to 3.15.0
• 7705905 chore(deps): update xo
• 9003c0b build(deps): [security] bump ini from 1.3.5 to 1.3.7
• ccfd32b build(deps-dev): bump ava from 3.13.0 to 3.14.0
• 17087e4 refactor: use GitHub Actions instead of Travis CI
• 5bb33de chore: drop Node.js 10 support

See the full diff

Package name: gulp-sourcemaps

The new version differs by 38 commits.

• 2bcfcbb 3.0.0
• d8bed0c Merge pull request Port over the docs that still make sense pypi/warehouse#373 from adrian3d/update/doc-gulp-4
• 5686db3 Merge pull request Don't use the browser cache when in development pypi/warehouse#380 from kennyr87/Use camo in development and restrict CSP img-src pypi/warehouse#378/upgrade-css
• 2c66b2c Depdenency: Upgrade css to v3.0.0
• 9a9289b Breaking: Drop Node <6 support & upgrade identity-map which uses changes CSS sourcemaps (Use Camo to alias HTTP images as HTTPS pypi/warehouse#376)
• 11d1e31 Update doc to gulp 4
• bd0aeb0 Docs: Temporarily point at phated/gulp-sourcemaps for AppVeyor badge
• 7e69e97 Build: Ensure tests pass on Windows
• 404eb5b Docs: Update badges
• 8a22ecc Scaffold: Convert repository to use gulp patterns (closes Automatically set version support classifiers when wheel file specifies such support pypi/warehouse#357) (Add install-dev-requirements.pip pypi/warehouse#367)
• 06cf0f0 2.6.5
• 8f68c5f Merge pull request requirements.txt pypi/warehouse#366 from gulp-sourcemaps/issue-363
• 178b1b7 issue-363: trying to get to 100% coverage again
• 3286f8f fixing older node code for es5
• 27e4c8b fixing linting errors
• 1de522e cleaning things up to get coverage up
• 01c802f issue-363: cleaned up commentFormatter code to handle css correctly on preExisting
• 5a99012 Use proper comment format for css with pre-existing comment.
• 492d937 2.6.4
• 6a037bf Merge pull request Give command to start postgres. pypi/warehouse#344 from gormac/master
• fcf64d8 Prevent update to source-map 0.7.0
• b97fe77 bump 2.6.3
• e75e0c2 readme typos
• 8774287 Merge pull request Long filenames break rendering pypi/warehouse#338 from ogvolkov/master

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request Bump types-redis from 4.2.6 to 4.3.1 pypi/warehouse#11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request Bump boto3-stubs from 1.24.9 to 1.24.10 pypi/warehouse#11603 from MayaWolf/master
• 76e8cbd Merge pull request Bump boto3 from 1.24.9 to 1.24.13 pypi/warehouse#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request Bump types-redis from 4.2.6 to 4.3.0 pypi/warehouse#11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request Bump types-pytz from 2021.3.8 to 2022.1.0 pypi/warehouse#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request Bump boto3 from 1.24.9 to 1.24.12 pypi/warehouse#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request Bump botocore from 1.27.9 to 1.27.10 pypi/warehouse#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request Bump boto3 from 1.24.9 to 1.24.11 pypi/warehouse#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request Bump babel from 2.10.2 to 2.10.3 pypi/warehouse#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request Bump types-redis from 4.2.6 to 4.2.7 pypi/warehouse#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request Bump botocore from 1.27.9 to 1.27.11 pypi/warehouse#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-stream

The new version differs by 77 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request [Snyk] Security upgrade webob from 1.8.7 to 1.8.8 #212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request [Snyk] Security upgrade gunicorn from 20.1.0 to 21.2.0 #214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request Use the new deterministic gzip support in whitenoie 0.12 pypi/warehouse#225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request Switch customer Powered-By middleware with werkzeug HeaderRewriterFix pypi/warehouse#235 from marekdedic/webpack-5
• ff485fe Merge pull request Allow larger PGP key ids pypi/warehouse#234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution