[Snyk] Fix for 6 vulnerabilities

[qmutz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 34 commits.

• 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
• ee70306 Merge pull request #1697 from philz/1696
• 05c0634 Merge pull request #1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request #1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link
• d5cdac0 Merge pull request #1706 from gruntjs/tag-neew
• 4674c59 v1.1.0
• 6124409 Merge pull request #1705 from gruntjs/mkdirp-update
• 0a66968 Fix up Buffer usage
• 4bfa98e Support versions of node >= 8
• f1898eb Update to mkdirp ~1.0.3
• 7985b19 Avoiding infinite loop on very long command names.
• 75da17b HTTPS link to gruntjs.com (#1683)
• 5a0a02b support monorepo (relative path)
• 6795d31 Update js-yaml dependecy to ~3.13.1 (#1680)
• 66fc8fa support monorepo (test case)

See the full diff

Package name: grunt-contrib-htmlmin

The new version differs by 39 commits.

• b0dcacb Merge pull request Update meganz/webclient#144 from gruntjs/v3
• 0865122 v3.0.0.
• 88bbf7a Update README.md
• d1bd316 Update html-minifier to v3.5.0.
• ce5d713 Update html-minifier to v3.4.0.
• 7e79402 v2.2.0.
• 16e092d Update html-minifier to v3.3.0.
• 4ad1943 v2.1.0.
• 165adf2 Update CI configs.
• 556c63d Update docs.
• a3ab8d5 Merge pull request Problems over unencrypted folder meganz/webclient#136 from fassetar/patch-1
• fc0c121 forget cwd example
• 94d4897 example for Ability to make visible only particular folders within a folder meganz/webclient#134 in docs
• d41bf39 v.2.0.0.
• b8db17a Merge pull request fix: css class name typo meganz/webclient#131 from gruntjs/deps
• 69f06f4 Update dependencies.
• 43c64f9 Fix typo in CHANGELOG.
• 1ca3675 v1.5.0.
• b32705f Merge pull request Updated strings from es_prod.json meganz/webclient#130 from lucastanz/master
• d8eb575 updated version to 2.1.7 for tags with commas like srcset
• 7d88913 v1.4.0.
• ff6529a Update html-minifier to v2.0.0.
• c8c893b Update html-minifier to v1.5.0.
• 32299aa Update CI configs from the latest grunt-contrib-internal.

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 88 commits.

• a3f3f34 5.2.1
• 3c8d904 Update Readme
• 0850dcd update dependencies (#568)
• c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
• 98b4c5f Fix documentation in relation to issue #565 (#566)
• 7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
• e410511 Update deps, v5.1.0 (#564)
• 2cb31be Update uglify-js to v3.15.2 (#562)
• 12ca0f2 Fix wording in README.md (#560)
• 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
• 0e4b1a0 Update uglify-js (#557)
• 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
• 4e83e45 Update UglifyJS to 3.13.3 (#554)
• 8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
• 14b71da v5.0.0
• 9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
• 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
• b7bcde4 Delete .travis.yml
• cba2631 Delete appveyor.yml
• 3dc53f0 ini github workflow
• f65dbb9 v4.0.1. (#535)
• b33a071 upgrade devDependencies (#536)
• 1e40037 upgrade to uglify-js 3.5.0 (#534)
• 33724cd update links to uglifyJS documentation (#530)

See the full diff

Package name: relaxed-json

The new version differs by 22 commits.

• 525675f Merge pull request Bump degenerator and snyk #21 from phadej/prapare-1.0.2
• 0478e00 Export module or set global variable, but not both
• 458e575 Add `tolerant` option to documentation.
• 3d17e49 Update deps
• f3826d9 Merge pull request Bump url-parse from 1.4.3 to 1.5.7 #15 from phadej/meteor
• b3c6783 Update .travis.yml
• f332f57 Bump version to 1.0.1
• f79df73 issue with module exports in certain frameworks (Meteor, Electrion). resolves Configure WhiteSource Bolt for GitHub #9
• c07321c Update dependencies
• e250830 Update dev deps
• ae00521 Update badges
• eee5cb4 Bump version to 1.0.0
• 2f8bb5d Add sudo: false to .travis.yml
• ac1b22e Fix parsing escaped forward slashes
• 2bfa9b2 Update eslint
• bf6be30 Correct package.json license field
• f0110f7 Update eslint
• 09cc59e Fix mocha
• 4887d1a Update dependencies
• e8466ed Fix typo in readme
• d29df01 Build on iojs and 0.12 in travis
• 3788810 Add david dependency to package.json

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution