[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 22ff6f3 4.18.2
• 817b84b Build: changelog update for 4.18.2
• 6b71fd0 Fix: [email protected], because 4.0.3 needs "ajv": "^6.0.1" (#10022)
• 3c697de Chore: fix incorrect comment about linter.verify return value (#10030)
• 9df8653 Chore: refactor parser-loading out of linter.verify (#10028)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019)
• e4f52ce Chore: Simplify dataflow in linter.verify (#10020)
• 33177cd Chore: make library files non-executable (#10021)
• 558ccba Chore: refactor directive comment processing (#10007)
• 18e15d9 Chore: avoid useless catch clauses that just rethrow errors (#10010)
• a1c3759 Chore: refactor populating configs with defaults in linter (#10006)
• aea07dc Fix: Make max-len ignoreStrings ignore JSXText (fixes #9954) (#9985)
• 8c237d8 4.18.1
• 537b5c3 Build: changelog update for 4.18.1
• f417506 Fix: ensure no-await-in-loop reports the correct node (fixes #9992) (#9993)
• 3e99363 Docs: Fixed typo in key-spacing rule doc (#9987)
• 7c2cd70 Docs: deprecate experimentalObjectRestSpread (#9986)
• 883a2a2 4.18.0
• 89d55ca Build: changelog update for 4.18.0
• 70f22f3 Chore: Apply memoization to config creation within glob utils (#9944)
• 0e4ae22 Update: fix indent bug with binary operators/ignoredNodes (fixes #9882) (#9951)
• 47ac478 Update: add named imports and exports for object-curly-newline (#9876)
• e8efdd0 Fix: support Rest/Spread Properties (fixes #9885) (#9943)
• f012b8c Fix: support Async iteration (fixes #9891) (#9957)

See the full diff

Package name: url-loader

The new version differs by 32 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (Create ادمن فيوري ابو ليوس @G_S_B2 TelegramMessenger/bodymovin-extension#87)
• 636ebed feat: add `fallback` option (Create Based-plug TelegramMessenger/bodymovin-extension#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (Create Haunter TelegramMessenger/bodymovin-extension#89)
• 2de70bb docs(README): fix typo in example (Create 𝐀|𝐀 TelegramMessenger/bodymovin-extension#81)
• ced5990 feat(index): add options validation (`schema-utils`) (Create nhnhnhnh TelegramMessenger/bodymovin-extension#78)
• 5574ed3 chore(release): 0.5.9
• 71b2250 chore: Add changelog
• 88a5f5a chore(pacakge): Add release tooling
• 99b935f docs(README): standardize (Create Simuran TelegramMessenger/bodymovin-extension#77)
• e9496b9 fix: `String` not being `base64` encoded (KoCreate Fp TelegramMessenger/bodymovin-extension#67)
• 020c2a8 fix: don't default to `0` (`options.limit`) (йоу TelegramMessenger/bodymovin-extension#74)
• 9356a81 docs(README): fix typesetting, add links (Create Tgs TelegramMessenger/bodymovin-extension#75)
• de61cbd docs(README): link to webpack 2 docs (TGS TelegramMessenger/bodymovin-extension#72)
• fae96d7 chore(release): url-loader v0.5.8
• 2452768 Merge pull request Create Кфг TelegramMessenger/bodymovin-extension#62 from ryani33/fix-deprecated-warning
• 841c6c8 fix deprecated warning
• 75fab90 docs(readme): update maintainers to admin team
• 8fd2f35 Merge pull request Create Собака TelegramMessenger/bodymovin-extension#58 from simon04/master
• 0a292a0 Remove license link
• adb13b2 Merge pull request Create Oooool TelegramMessenger/bodymovin-extension#57 from d3viant0ne/d3viant0ne-DocUpdatesForFinal
• 637f00a chore(readme): Update to webpack standard format

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 298341f chore(release): 2.11.4
• c42d0da fix: check origin header for websocket connection (#1626)
• 2be7196 chore: update dependencies in V2 branch, fix compatibility with Node 10 (#1715)
• 7cdfb74 2.11.3
• b71137e Increase sockjs-client version for security fix
• f33be5b 2.11.2
• dd32166 Fix support for DynamicEntryPlugin (#1319)
• ab4eeb0 Fix page not reloading after fixing first error on page (#1317)
• 83c1625 2.11.1
• 3aa15aa Merge pull request #1273 from yyx990803/master
• b78e249 fix: pin strip-ansi to 3.x for ES5 compat
• 8c1ed7a 2.11.0
• b0fa5f6 Merge pull request #1270 from yyx990803/client-refactor
• 676d590 revert to prepublish (fix ci)
• 449494f cleanup client build setup
• 6689cb8 adding test for dependency lock-down
• 3e220fe 2.10.1
• aaf7fce rollback yargs to 6.6.0
• ca8b5aa 2.10.0 (#1258)
• 17355f0 transpile client bundles with babel (#1242)
• ce30460 rolling back webpack-dev-midddleware 2.0, as it's node6+
• 00e8500 updating deps and patching as necessary
• 082ddae maint only mode
• c9c61f2 fix(package): Increase minimum `marked` version for ReDos vuln (#1255)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)