[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: david

The new version differs by 14 commits.

• 73fc671 11.1.0
• 8497cae chore: update dependencies
• a198ada feat: ignore dependencies via globs (Does David-DM support regular git repositories? alanshaw/david-www#144)
• c29013f chore: update deps and README (olizilla is not alanshaw alanshaw/david-www#154)
• 008beaf Merge pull request if Bitbucket? alanshaw/david-www#146 from DanielRuf/chore/cache-node-modules
• d0a2e19 Merge branch 'master' into chore/cache-node-modules
• d180e8d Merge pull request add support/notifications for compromised modules alanshaw/david-www#147 from DanielRuf/chore/add-nodejs-8-10
• cc5db9f Merge pull request npm install --> npm ERR! Error: No compatible version found alanshaw/david-www#145 from DanielRuf/chore/clone-last-5-commits
• 9aeda4e chore: cache node_modules
• d4bf0e6 chore: clone last 5 commits
• db2c1f2 chore: add Node.js 8 and 10
• a3dd565 Remove hr
• 6485fcd Merge pull request Website returns error 503 alanshaw/david-www#138 from alanshaw/greenkeeper-standard-10.0.2
• 4680e0e chore(package): update standard to version 10.0.2

See the full diff

Package name: node-sass

The new version differs by 50 commits.

• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API
• 1f6df86 Replace lodash/assign in favor of the native Object.assign
• 522828a Remove workarounds for old Node.js versions
• 40e0f00 chore: Remove second NPM badge
• ab91bf6 chore: Remove Slack badge
• 6853a80 chore: Cleanup status badges
• fb1109c chore: Bump minimum engine version to v10
• d185440 chore: Add basic Node version support policy
• db25736 chore: Bump node-gyp to 7.1.0
• 2c5b110 chore: Bump cross-spawn to v7.0.3
• 38b9633 chore: Update Istanbul to NYC
• d63b5bf chore: Bump mocha to v8.1.3
• d0d8865 chore: Skip constructor tests on v14.6+
• ee3984d chore: Hoist test ESLint config
• feee448 chore: Remove disabled and recommended rules

See the full diff

Package name: npm

The new version differs by 250 commits.

• 5e426a7 5.6.0
• e1ab2d1 update AUTHORS
• 87cc9ed doc: update changelog for npm@5.6.0
• 7ae3c4c Revert tar@4.1.0
• 14f3be4 gentle-fs@2.0.1: fixes global force issues
• 114d518 pack: stop including mtime so tarball packing usually results in the same sha
• 39ba4aa tar@4.1.0
• 2906bc6 test: fix some standard failures
• a0be6ba pacote@7.0.2
• 829893d config: Switch to find-npm-prefix module
• 876f0c8 find-npm-prefix@1.0.1
• 5dfe1c9 test: shrinkwrap-_auth: ditch hock
• b80d650 pack/publish/install: fix git and tarball specs and checksum errors (#19163)
• 66d1828 config: expose "node-options" passthrough for lifecycle scripts
• 6003b41 npmrc: we can use ^ now‼
• 72cad8c copy-concurrently@1.0.5
• 798428b bin-links@1.1.0
• c930e98 npm-lifecycle@2.0.0
• 7793394 docs: Remove trailing white space from npm-access docs
• dbc7e5b doc: use valid JSON in example for bundledDependencies
• 8a0fe71 diff-trees: Fix package comparison when integrity is unavailable
• 391ebcc test: add-remote-git for new cache.add internals
• c3e1ec7 test: cleanup during setup of install-shrinkwrapped-git
• 2e2ac03 test: bearer-token-check standard fixes

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.