[Snyk] Fix for 12 vulnerabilities

[ratzzzster-dev]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-SWAGGERUIDIST-2314884	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 67 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Swagger tweeks nightscout/cgm-remote-monitor#860)
• e7525c9 test: nested url (Translate to Norwegian nightscout/cgm-remote-monitor#859)
• 7259faa test: css hacks (Dev nightscout/cgm-remote-monitor#858)
• 5e6034c feat: allow to filter import at-rules (0.8 beta2 nightscout/cgm-remote-monitor#857)
• 5e702e7 feat: allow filtering urls (Adding Swagger API docs + api improvements/fixes nightscout/cgm-remote-monitor#856)
• 9642aa5 test: css stuff (authentication always respond 200 nightscout/cgm-remote-monitor#855)
• 3338656 fix: reduce number of require for url (get rid of transistion durartions, less jumpy load nightscout/cgm-remote-monitor#854)
• 533abbe test: issue 636 (language translations2 nightscout/cgm-remote-monitor#853)
• 08c551c refactor: better warning on invalid url resolution (Some RO corrections nightscout/cgm-remote-monitor#852)
• b0aa159 test: issue Wip/iob cob nightscout/cgm-remote-monitor#589 (0.8 beta2 nightscout/cgm-remote-monitor#851)
• f599c70 fix: broken unucode characters (language translations nightscout/cgm-remote-monitor#850)
• 1e551f3 test: issue 286 (JS error: bower_components nightscout/cgm-remote-monitor#849)
• 419d27b docs: improve readme (Merge pull request #2 from nightscout/0.8-beta1 nightscout/cgm-remote-monitor#848)
• d94a698 refactor: webpack-default (RO translation corrections nightscout/cgm-remote-monitor#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Merge pull request #1 from nightscout/master nightscout/cgm-remote-monitor#845)
• 8a6ea10 refactor: postcss plugins (Merge pull request #3 from nightscout/0.8-beta1 nightscout/cgm-remote-monitor#844)
• fdcf687 fix: url resolving logic (0.8 beta1 nightscout/cgm-remote-monitor#843)
• 889dc7f feat: allow to disable css modules and disable their by default (don't check snooze times for announcements since they are a manual event nightscout/cgm-remote-monitor#842)
• ee2d253 test: importLoaders option (Update renderer.js nightscout/cgm-remote-monitor#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Wip/enhance rest api nightscout/cgm-remote-monitor#840)
• fe94ebc test: icss reserved keywords (Wip/npm tweaks nightscout/cgm-remote-monitor#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Translating Raw BG Info nightscout/cgm-remote-monitor#838)

See the full diff

Package name: d3

The new version differs by 86 commits.

• 1b8bada 7.0.0
• b98d63a update API
• 23b0212 Adopt type: module. (sync nightscout/cgm-remote-monitor#3506)
• 0f01226 Fix broken markdown for link
• 5149a2f 6.7.0
• a8ebbc5 update d3-time, d3-scale
• 31d73d1 6.6.2
• 1836b64 update d3-scale
• 76c92ca 6.6.1
• ff34b4c d3-array 2.12.1
• cff66a4 add space
• b62d444 fix a typo in API.md
• 607a60f 6.6.0
• 11aa552 update dependencies
• 37cd9bf 6.5.0
• 73110b9 d3-array 2.11
• 12336e3 6.4.0
• afd34bb update dependencies
• e9fee2c 6.3.1
• ec388d8 Update d3-array.
• a8baadf 6.3.0
• 4d3baf7 Update d3-array.
• 3c63660 6.2.0
• ffb43e6 Update d3-array, d3-scale.

See the full diff

Package name: jsdom

The new version differs by 22 commits.

• 4d26c67 Version 11.12.0
• d6688e5 Implement Element.prototype.closest()
• 9191218 Upgrade NWSAPI to v2.0.7
• 500a209 Change storageQuota to operate on code units, not bytes
• 23d67eb Add the storageQuota option
• b4db242 Remove unused form-data-symbols.js file
• 70fd739 Fix a few entries in the changelog
• eae1062 Upgrades cssstyle dependency to ^1.0.0
• 022c204 Update hosts in Travis configuration
• 2761d3c HashChangeEvent and PopStateEvent should no longer bubble
• f1270e7 Roll Web Platform Tests
• d6f8a97 Enable Blob-slice.html test in Node.js v10
• 3afbc0f Implement Web storage - localStorage, sessionStorage, StorageEvent
• 7b4db76 Handle Node.js v6 timeout in execution-timing tests
• a5a7785 Run failing tests to confirm their status
• a9d590a Enable tests which are passing now
• 102546e Upgrade NWSAPI to v2.0.3
• 45b77f5 Use `timeout` for all tests where it applies (Dev nightscout/cgm-remote-monitor#2256)
• 95dde4b Disable Blob-slice.html test in Node.js v10
• a92e098 Fix old API for input that is not a valid path
• 4488b7f Set new options for NWSAPI
• d8d1096 Update dependencies

See the full diff

Package name: socket.io

The new version differs by 73 commits.

• 1af3267 chore(release): 3.0.0
• 02951c4 chore(release): 3.0.0-rc4
• 54bf4a4 feat: emit an Error object upon middleware error
• aa7574f feat: serve msgpack bundle
• 64056d6 docs(examples): update TypeScript example
• cacad70 chore(release): 3.0.0-rc3
• d16c035 refactor: rename ERROR to CONNECT_ERROR
• 5c73733 feat: add support for catch-all listeners
• 129c641 feat: make Socket#join() and Socket#leave() synchronous
• 0d74f29 refactor(typings): export Socket class
• 7603da7 feat: remove prod dependency to socket.io-client
• a81b9f3 docs(examples): add example with TypeScript
• 20ea6bd docs(examples): add example with ES modules
• 0ce5b4c chore(release): 3.0.0-rc2
• 8a5db7f refactor: remove duplicate _sockets map
• 2a05042 refactor: add additional typings
• 91cd255 fix: close clients with no namespace
• 58b66f8 refactor: hide internal methods and properties
• 669592d feat: move binary detection back to the parser
• 2d2a31e chore: publish the wrapper.mjs file
• ebb0575 chore(release): 3.0.0-rc1
• c0d171f test: use the reconnect event of the Manager
• 9c7a48d test: use the complete export name
• 4bd5b23 feat: throw upon reserved event names

See the full diff

Package name: terser

The new version differs by 250 commits.

• 40674a4 update changelog, version
• d8cc569 backport fix to potential regexp DDOS
• 504b967 4.8.0
• 9f380dc update changelog
• 7dd0b9d update assumptions
• cfad907 Allow yield to be used as property key in generators.
• 283f44f Make class property assignment pure.
• ee965e8 Add numeric separators support (basic translation module nightscout/cgm-remote-monitor#725)
• ee6b8af 4.7.0
• 807f729 update changelog
• 2e0e6c2 audit fix
• 87f7e7f fix functional tests
• 9b11e3d update node version
• 2ddf987 fix: fix a bug in AST_Arrow.prototype._size (Adding plugin in env on server is not working because it's replaced by client settings in localStorage nightscout/cgm-remote-monitor#701)
• 149e580 consider property access of arguments object to be pure. Closes profilefunctions calculates time wrong nightscout/cgm-remote-monitor#687
• 2a25f3f ensure `const` declarations values are replaced with something, since `const` must have a value.
• 056623c 4.6.13
• b0e3686 update changelog
• 8d8200c fix set an ar2 property, use that to add an extra line to push messages nightscout/cgm-remote-monitor#678. when optimizing object properties, Terser should take care to not create incompatible identifiers
• 29e6d1b fix more of Devbranch  nightscout/cgm-remote-monitor#525
• 4f161d7 4.6.12
• 3729fae lint
• ea01f7d update changelog
• 7fda1de further fix the equivalent-to fix

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn