[Snyk] Fix for 8 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
• 5103ee7 Docs: Add Brackets integration (#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
• 2824d43 Docs: fix comment placement in a code example (#10799)
• 10690b7 Upgrade: devdeps and deps to latest (#10622)
• 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (#10764)
• a857cd9 5.4.0
• 8dee250 Build: changelog update for 5.4.0
• a70909f Docs: Add jscs-dev.github.io links (#10771)
• 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
• 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
• 985567d Chore: rm unused dep string.prototype.matchall (#10756)
• f3d8454 Update: Improve no-extra-parens error message (#10748)
• 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
• 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
• 137140f Chore: use eslintrc overrides (#10677)
• 2af6f4f 5.3.0
• 11e70c7 Build: changelog update for 5.3.0
• dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
• 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: grunt

The new version differs by 29 commits.

• 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
• ee70306 Merge pull request #1697 from philz/1696
• 05c0634 Merge pull request #1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request #1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link
• d5cdac0 Merge pull request #1706 from gruntjs/tag-neew
• 4674c59 v1.1.0
• 6124409 Merge pull request #1705 from gruntjs/mkdirp-update
• 0a66968 Fix up Buffer usage
• 4bfa98e Support versions of node >= 8
• f1898eb Update to mkdirp ~1.0.3
• 7985b19 Avoiding infinite loop on very long command names.
• 75da17b HTTPS link to gruntjs.com (#1683)
• 5a0a02b support monorepo (relative path)
• 6795d31 Update js-yaml dependecy to ~3.13.1 (#1680)
• 66fc8fa support monorepo (test case)

See the full diff

Package name: grunt-contrib-compress

The new version differs by 14 commits.

• bd9fc8e v2.0.0
• b8565a9 Update Archiver (Save graphics created by draw widget cmv/cmv-app#232)
• f6815bf Update deps and remove nodeunit loading (Layer Control - Use icon for Layer menu instead of text link. cmv/cmv-app#231)
• b70c1d9 Update tests and dependencies (Layer Control - Add ability to group layers with toggle all layers for each group cmv/cmv-app#230)
• 5759edd Bump ini from 1.3.5 to 1.3.7 (Buffer, select and export cmv/cmv-app#228)
• 0603886 v1.6.0
• ea2bb69 Update deps ([Help] Exclude feature layers from TOC cmv/cmv-app#218)
• 1cfa1f1 update iltorb to 2.4.3 (Selecting a result in Find Widget zooms to and opens info window cmv/cmv-app#216)
• a8998ec 1.5.0
• e7cb371 Update changelog
• f6e95ab Add package lock (Adding a second field to the result of Find widget cmv/cmv-app#213)
• 050ae41 Updated iltorb to latest minor version for v1.* (Need help: creating a link in a popup that executes method in widget cmv/cmv-app#209)
• fd055e9 update tar to 4.4.8 (Is there a configuration setting to include zoom by selection, or does this need to be developed? cmv/cmv-app#211)
• b8ed0cc package.json: minimum node.js version is 4 since the Brotli patch.

See the full diff

Package name: grunt-contrib-cssmin

The new version differs by 11 commits.

• 3ff3635 v4.0.0.
• a62ac0e package.json: switch to the caret operator for clean-css
• f8b6a7b Adds "no rebase" test case.
• 5c05f6b Updates clean-css dependency to version 5.
• 83b0c2f Update all dependencies except clean-css
• e6dc6f8 Bump lodash from 4.17.15 to 4.17.19 (Disable popups for no information cmv/cmv-app#305)
• efa725b Bump underscore.string from 3.3.4 to 3.3.5 (Draw Widget: nls, icons, current mode label, stop, reset btns cmv/cmv-app#303)
• 6d57138 Merge pull request Identify Widget: nls support cmv/cmv-app#302 from gruntjs/dependabot/npm_and_yarn/lodash-4.17.15
• 866523c Bump lodash from 4.17.10 to 4.17.15
• 052b0cb v3.0.0.
• 142e850 Update all deps and require Node.js >= 6.

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 36 commits.

• a3f3f34 5.2.1
• 3c8d904 Update Readme
• 0850dcd update dependencies (Minor fixes to layerControl widget cmv/cmv-app#568)
• c27ad5f Bump minimist from 1.2.5 to 1.2.6 (Security & Loading cmv/cmv-app#567)
• 98b4c5f Fix documentation in relation to issue Sublayer opacity cmv/cmv-app#565 (Streets Basemap Initial View after changing mapStartBasemap cmv/cmv-app#566)
• 7228446 Bump minimist from 1.2.5 to 1.2.6 (Update to JS API 3.17 cmv/cmv-app#563)
• e410511 Update deps, v5.1.0 (Remove outdated resource proxy files. cmv/cmv-app#564)
• 2cb31be Update uglify-js to v3.15.2 (Feature layer displays on the top of the TOC cmv/cmv-app#562)
• 12ca0f2 Fix wording in README.md (Customising basemap cmv/cmv-app#560)
• 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (Tried to register widget with id==layerControl_parent but that id is already registered cmv/cmv-app#558)
• 0e4b1a0 Update uglify-js (Their are 2 combobox , 1st combobox is getting populated from mapservice, I want the 2nd combobox to be populated from the same mapservices based on the selection of 1st combobox cmv/cmv-app#557)
• 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (Export data in XML Format cmv/cmv-app#556)
• 4e83e45 Update UglifyJS to 3.13.3 (Print error cmv/cmv-app#554)
• 8674feb Bump ini from 1.3.5 to 1.3.8 (css files do not load using xstyle/css! in Chrome Beta, Dev, and Canary Channels cmv/cmv-app#552)
• 14b71da v5.0.0
• 9259448 Bump lodash from 4.17.11 to 4.17.19 (Streetview widget moves after maximize cmv/cmv-app#550)
• 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (Bookmark "Tried to register widget with id==bookmarks_widget but that id is already registered" cmv/cmv-app#551)
• b7bcde4 Delete .travis.yml
• cba2631 Delete appveyor.yml
• 3dc53f0 ini github workflow
• f65dbb9 v4.0.1. (including panes config in viewer.js breaks application. cmv/cmv-app#535)
• b33a071 upgrade devDependencies (currentBasemap should not be set prior to updating the basemap. cmv/cmv-app#536)
• 1e40037 upgrade to uglify-js 3.5.0 (Track Scale Range Handler for final destroy() cmv/cmv-app#534)
• 33724cd update links to uglifyJS documentation (Feature/resize floating title pane cmv/cmv-app#530)

See the full diff

Package name: grunt-contrib-watch

The new version differs by 4 commits.

• 3b7ddf4 v1.1.0
• 72b1214 Updating dependencies, async, lodash and tiny-lr
• 5adb27c Merge pull request Removes unused images cmv/cmv-app#543 from digitalbazaar/master
• f07311b Update tiny-lr dependency to 1.x

See the full diff

Package name: grunt-eslint

The new version differs by 11 commits.

• f30dd97 21.0.0
• 476f21e Update eslint to ^5.0.0 (added checkboxes to Directions widget using current location ast start/stop points cmv/cmv-app#158)
• e1d6368 Require Node.js 6 and Grunt 1
• f7a2a05 20.2.0
• 1154917 Add `failOnError` option (Possible Enhancement Opportunity cmv/cmv-app#154)
• 1d97ae7 20.1.0
• 7cb3039 Meta tweaks
• d3746ac Use to latest Chalk (Consume custom basemaps from agol organization account cmv/cmv-app#151)
• fdbd6b0 20.0.0
• 79d5e1f Update to ESLint 4 (Feature/map right click menu cmv/cmv-app#143)
• eab8924 Add Node.js 8 to Travis CI test matrix (Feature/new geocoder widget cmv/cmv-app#144)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Poisoning
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn