[Snyk] Fix for 28 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	703/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-imagemin

The new version differs by 4 commits.

• 2f7ecc9 8.0.0
• 1b4baf6 Require Node.js 12.20 and move to ESM
• ed39463 Move to GitHub Actions (#351)
• 8b40da0 Update readme lossless note (#346)

See the full diff

Package name: gulp-sourcemaps

The new version differs by 10 commits.

• 2bcfcbb 3.0.0
• d8bed0c Merge pull request #373 from adrian3d/update/doc-gulp-4
• 5686db3 Merge pull request #380 from kennyr87/gh-378/upgrade-css
• 2c66b2c Depdenency: Upgrade css to v3.0.0
• 9a9289b Breaking: Drop Node <6 support & upgrade identity-map which uses changes CSS sourcemaps (#376)
• 11d1e31 Update doc to gulp 4
• bd0aeb0 Docs: Temporarily point at phated/gulp-sourcemaps for AppVeyor badge
• 7e69e97 Build: Ensure tests pass on Windows
• 404eb5b Docs: Update badges
• 8a22ecc Scaffold: Convert repository to use gulp patterns (closes #357) (#367)

See the full diff

Package name: gulp-svg-sprite

The new version differs by 38 commits.

• c8d4285 2.0.0
• 7e95eda Update svg-sprite to v2.0.0 (Netlify large media forestryio/forestry.io#130)
• b52808a Bump terser from 5.14.1 to 5.14.2
• 3f3ef8d Update CI from upstream
• 2ddb47e Update dependencies
• 063d995 CI: add Node.js 18 (Clarify context of what "config" file to use forestryio/forestry.io#128)
• 878cd67 Merge pull request Update datetime.md forestryio/forestry.io#126 from svg-sprite/dependabot/github_actions/actions/upload-artifact-3
• 7202bce Bump actions/upload-artifact from 2 to 3
• 633959d Merge pull request #35 forestryio/forestry.io#125 from svg-sprite/dependabot/github_actions/github/codeql-action-2
• 2603121 Bump github/codeql-action from 1 to 2
• cddf5ea Merge pull request docs: add audit logs to pro plan forestryio/forestry.io#124 from svg-sprite/dependabot/npm_and_yarn/minimist-1.2.6
• b2316e9 Bump minimist from 1.2.5 to 1.2.6
• 08e441e Update README.md
• 4edd567 Update README.md
• ef0ea70 Update CodeQL workflow
• 231ba1d Bump actions/setup-node from 2 to 3 (Front matter ux update forestryio/forestry.io#123)
• 5813197 Bump actions/checkout from 2 to 3 (Replaced bad logos forestryio/forestry.io#122)
• 5fbcfa3 Add dependabot config for GitHub Actions
• a153426 Switch to `Object.values`
• 493ae99 Update dependencies
• 295452a Replace through2 with smaller Transform helper (Why cannot get the docs side bar? forestryio/forestry.io#118)
• 5ccf7d2 README.md: remove david badges
• 368c7da Update devDependencies
• e19d6ec Switch to Node.js 16/npm 8

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 060310c 14.0.0
• ff4a1ef Prepare CHANGELOG
• 8d2f6e1 Bump postcss (#5619)
• f552608 Merge pull request #5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
• 7ed17ad Bump husky from 7.0.2 to 7.0.4
• 4d9f75e Merge pull request #5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
• bc9dd0b Bump jest from 27.2.5 to 27.3.1
• 82e2507 Merge pull request #5604 from stylelint/v14
• 16d259f Update CHANGELOG.md
• 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (#5613)
• 8dca498 Show more info in missing customSyntax warning (#5611)
• 2eee0a9 Remove v14 CI triggers (#5610)
• 12f8081 14.0.0-0
• 5dd7ec1 Prepare 14.0.0
• 67313a3 Add support for `extends` in `overrides` config (#5603)
• b6fd2fc Document no need for postcss-html maintainer (#5602)
• bf28025 Recommend using shared configs (#5598)
• 07118d6 Update CHANGELOG.md
• 367142a Change `ignoreFiles` to be extendable (#5596)
• 1b4162f Fix conflicts in dependabot
• 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (#5601)
• 1f32094 Bump typescript from 4.4.3 to 4.4.4 (#5599)
• 88b9575 Revise contributors section of README (#5585)
• e38da70 Use problem rather than violation in docs and types (#5592)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-stream

The new version differs by 83 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request New starter submission forestryio/forestry.io#212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request Docs: third-party credentials security warning forestryio/forestry.io#214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request Docs: Developing with Gatsby and absolute paths forestryio/forestry.io#225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request Fix underscore formatting issue forestryio/forestry.io#235 from marekdedic/webpack-5
• ff485fe Merge pull request New starter submission forestryio/forestry.io#234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 More lessons are available in Snyk Learn