[Snyk] Fix for 18 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bourbon-neat

The new version differs by 86 commits.

• 7294933 Neat v2.0.0
• 6b35881 Update grid-media documentation
• 48e0456 Simplify the gradient style of grid-visual
• f2f3db6 Inherit undefined media grid properties from global neat-grid
• 6d0c04a Update _retrieve-neat-settings documentation
• 4f98916 Custom grids inherit from neat-grid prior to neat-grid-defaults defaults
• 73319ac Move the neat-grid-defaults to within retrieve-neat-setting
• d0c8409 Configure hound to ignore `///` comment style
• a5ef5cc Add version specification for node and sassdoc on ci
• 4e09bf1 Remove float from grid-collapse
• b2b7055 Remove old tests
• a3515c4 Fix stylesheets_directory path
• c79e80c Tweak releasing documentation
• c9c5456 Fix path
• 6ed83fa Fix typo
• ea010ff Update Readme
• 3380229 Update thoughtbot logo asset in readme
• 611afe1 Update tagline
• d483773 Update Readme
• 4f1d642 Update contrib styles
• 5a886be Update documentation
• dc3e9c3 Neat v2.0.0-beta.2
• dab3fb2 Remove node-sass from package dev dependencies
• b2cd4d0 Update Changelog order

See the full diff

Package name: copy-webpack-plugin

The new version differs by 31 commits.

• 64e60c2 chore(release): 6.0.0
• dd9ce50 test: coverage
• 29254e3 feat: implement the `directory` option for the `cacheTransform` option
• bebafcf refactor: code
• e3803ce feat: implement the `noErrorOnMissing` option (images within admonition boxes don't have 'margin-bottom' property readthedocs/sphinx_rtd_theme#475)
• 8e5bc1b chore(deps): update (How do I consistently add an extra CSS file to override the existing stylesheets readthedocs/sphinx_rtd_theme#474)
• 6b85c86 docs: improve (Fixed top navigation bar in mobile readthedocs/sphinx_rtd_theme#473)
• 3ef3f25 refactor: drop test option in favor transformPath (Only change current if a matching link is found readthedocs/sphinx_rtd_theme#472)
• 045f629 refactor: code (Add a couple of badge icons to readme readthedocs/sphinx_rtd_theme#471)
• 20c9ae5 docs: import documentation for the `from` option (Adding scrollbar into the sidebar readthedocs/sphinx_rtd_theme#468)
• bfb4f0e docs: improve the description for the `toType` option (Refactor HTML templates readthedocs/sphinx_rtd_theme#467)
• c0c9fa7 test: transform && transformPath (Add Sphinx Framework for PyPi readthedocs/sphinx_rtd_theme#470)
• 197b0d8 fix: asset size
• c176d7d feat: concurrency option (Fix error in setup entry points readthedocs/sphinx_rtd_theme#466)
• e5e410a refactor: code (Customization options for bitbucket, gitlab, and github are undocumented readthedocs/sphinx_rtd_theme#465)
• 0be6470 refactor: remove the `ignore` option in favor globOptions.ignore (Edit on Bitbucket - redirect straight into edit mode readthedocs/sphinx_rtd_theme#463)
• 6b07a63 refactor: code
• 42194f3 refactor: code (Toggling current ("on") item in sidebar changes height readthedocs/sphinx_rtd_theme#459)
• 1e2f3a1 test: refactor (Italian localization for RTD Theme readthedocs/sphinx_rtd_theme#458)
• a728675 chore: update globby
• 64b2e1a refactor: remove the global `context` option (Nested menu items are barely readable readthedocs/sphinx_rtd_theme#453)
• f6da280 refactor: rename the `cache` option to `cacheTransform` (Use explicit UTF8 encoding readthedocs/sphinx_rtd_theme#452)
• aedd2bd refactor: plugin options (setup.py causes encoding error (fix linked) readthedocs/sphinx_rtd_theme#451)
• 383ff9d refactor: 'from' option (Remove 'extra_css_files' readthedocs/sphinx_rtd_theme#450)

See the full diff

Package name: node-sass

The new version differs by 74 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 5 commits.

• 09d29b3 5.0.5
• d0a7da7 feat(deps): update dependencies (Markup for .. rubric:: readthedocs/sphinx_rtd_theme#154)
• 41d1e23 Redirect to css-minimizer-webpack-plugin for webpack 5 or above
• e9b84f1 5.0.4
• b3a3ada Update dependencies (Include "VERSIONS" readthedocs/sphinx_rtd_theme#133)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Cross-site Scripting (XSS)
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn