[Snyk] Fix for 13 vulnerabilities

[nitro404]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-htmlhint

The new version differs by 25 commits.

• 5c1fa82 4.0.2
• b110f1d Update test.yml
• aae25ee Switch to github actions
• 6b45842 Create test.yml
• 5315942 Bump htmlhint & add htmlhint as peerDependency
• a95c3d2 Bump path-parse from 1.0.6 to 1.0.7 (#66)
• 9e08834 Bump normalize-url from 4.5.0 to 4.5.1 (#65)
• 68ad4a3 Bump trim-newlines from 3.0.0 to 3.0.1 (#64)
• 8e32c25 Bump hosted-git-info from 2.8.5 to 2.8.9 (#63)
• 51c8c3f 4.0.1
• 2d1a389 Bump dependencies
• 946d4b3 Bump lodash from 4.17.20 to 4.17.21 (#62)
• a5b1de7 fix .htmlhintrc file path (#61)
• 13d0dbe Bump y18n from 4.0.0 to 4.0.1 (#60)
• cd57759 Bump elliptic from 6.5.3 to 6.5.4 ([Snyk] Security upgrade gulp-sass from 4.0.2 to 5.0.0 #59)
• b9964b3 4.0.0
• d3abbde Drops node 8 support
• 6a8609f Adds node 14 to test matrix
• e2739de Bump dependencies
• da2c5a9 Bump dot-prop from 4.2.0 to 4.2.1 ([Snyk] Security upgrade gulp-sass from 4.0.2 to 5.0.0 #57)
• aa245ec Bump lodash from 4.17.15 to 4.17.20 ([Snyk] Fix for 23 vulnerabilities #58)
• 4fec526 Bump ini from 1.3.5 to 1.3.8 ([Snyk] Fix for 1 vulnerabilities #56)
• 4e54cc6 3.0.1
• cce0401 Bump dependencies

See the full diff

Package name: gulp-less

The new version differs by 5 commits.

• 9d9e96f chore: update deps, publish v5
• ea13d8a Merge pull request #313 from MisterLuffy/master
• 7ce4b9b feat: support less v4
• 1a9d694 Merge pull request #314 from stamminator/master
• b1a3e18 Update .travis.yml

See the full diff

Package name: gulp-sass

The new version differs by 8 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (#5160)
• eb93d92 fix corner case in `awaits` (#5158)
• a0250ec fix corner case in `dead_code` (#5154)
• 2580162 parse `let` as symbol names correctly (#5151)
• 32ae994 fix issues in tests flagged by LGTM (#5150)
• 03aec89 fix corner cases in `strings` & `templates` (#5147)
• faf0190 document ECMAScript quirks (#5148)
• c8b0f68 fix corner case in `merge_vars` (#5143)
• 87b9916 fix corner case in `inline` (#5141)
• 940887f fix corner case in `evaluate` (#5139)
• 0b2573c fix corner case in `templates` (#5137)
• 1575210 avoid potential RegExp denial-of-service (#5135)
• f766bab enhance `templates` (#5131)
• 436a293 enhance `dead_code` (#5130)
• 55418fd fix corner case in `rests` (#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (#5123)
• c3aef23 fix corner case in `reduce_vars` (#5121)
• db94d21 fix corner case in `side_effects` (#5118)
• 9634a9d fix corner cases in `optional_chains` (#5110)
• befb99b fix corner case in `inline` (#5115)
• 02eb8ba fix corner case in `collapse_vars` (#5113)
• c09f63a fix corner case in `rests` (#5109)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn