[Snyk] Fix for 1 vulnerabilities

[nithincvpoyyil]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: clean-webpack-plugin

The new version differs by 20 commits.

• 2e7f7f6 2.0.0
• e90a300 remove unused babel plugins
• 0ff10f0 windows test fixes
• d6e2e38 use **/* instead of ** and update packages
• e19b19d reorder option types
• 03d12ac add protectWebpackAssets option
• f506dc6 add cleanStaleWebpackAssets option
• c730f45 cleanAfterEveryBuildPatterns should not remove webpack assets
• 6d6b341 initialPatterns renamed to cleanOnceBeforeBuildPatterns, customPatterns renamed to cleanAfterEveryBuildPatterns
• 5e5a519 do not include customPatterns in initialPatterns
• 3830778 use circleci instead of travis
• bdb5099 readme updates
• d2ac516 require dangerouslyAllowCleanPatternsOutsideProject to explicitly set dry to false
• 68893e8 allowExternal renamed to dangerouslyAllowCleanPatternsOutsideProject
• 8167328 by default remove all files once prior to compilation, add allowExternal option, migrate dryRun to dry
• 2b94838 initial 2.0
• 2778115 bumped version
• e64ba87 Merge pull request [Snyk] Fix for 1 vulnerabilities #95 from MeiKatz/master
• 5e5f76a fix for issue 84
• c9d7117 updated to 1.0.0

See the full diff

Package name: copy-webpack-plugin

The new version differs by 151 commits.

• 46af20a chore(release): 7.0.0
• 5d5635f refactor: code (#567)
• c6f68a5 refactor: code
• 4cea28b refactor: next
• 6c11e21 chore(release): 6.4.0
• db53937 feat: added the `info` option
• 9bc5416 feat: added type `Function` for the `to` option (#563)
• 7167645 chore(release): 6.3.2
• 7b58fd9 fix: watching directories (#558)
• 5215721 chore(release): 6.3.1
• c92b5ee style: default prettier options (#556)
• b996923 fix: watching (#555)
• fa5aa1b chore(release): 6.3.0
• bc2833e refactor: fix cache (#549)
• 87a8486 chore(deps): update (#547)
• b827c6e refactor: logger (#545)
• f98be10 refactor: handle errors (#544)
• b971374 refactor: code (#543)
• db2e3bf feat: added the `sourceFilename` info (original source filename) to assets info (#542)
• c892451 feat: persistent cache between compilations (webpack@5 only) (#541)
• 93936a0 chore(deps): update (#540)
• 36ff46a ci: updated webpack versions #536
• bd09a24 ci: updated webpack versions
• fb60b9b chore(release): 6.2.1

See the full diff

Package name: del

The new version differs by 38 commits.

• cd0543e 6.0.0
• 6c99805 Require Node.js 10
• 1df5280 Readme tweaks
• 4acd962 Add tip about deleting subdirectories ([Snyk] Fix for 1 vulnerabilities #116)
• 1a0c36c Add mention of GitHub Sponsors
• 1e0d705 Tidelift tasks
• 892ce2a Make it clear that it recursively deletes directories ([Snyk] Security upgrade gh-pages from 0.12.0 to 2.0.0 #113)
• 728cb7c Fix benchmark
• 557c1fa 5.1.0
• 12c443d Meta tweaks
• 01da91f Allow non-glob patterns with backslash on Windows ([Snyk] Security upgrade node-sass from 4.14.1 to 7.0.1 #100)
• 9c72270 Add benchmarks ([Snyk] Security upgrade node-forge from 0.6.49 to 1.0.0 #101)
• 1299747 Use graceful-fs ([Snyk] Security upgrade unset-value from 0.1.2 to 2.0.1 #108)
• f509a89 Update dependencies ([Snyk] Security upgrade karma from 1.7.1 to 6.3.16 #109)
• ca05c65 Sort removed files ([Snyk] Security upgrade node-forge from 0.6.49 to 1.0.0 #102)
• 51662ac Reverse order back for the returned paths ([Snyk] Security upgrade node-sass from 4.14.1 to 7.0.0 #99)
• 902b594 Meta tweaks
• ffbf4c4 Fix the `cwd` option ([Snyk] Fix for 1 vulnerabilities #96)
• 8efdbcd Prevent race condition on macOS when deleting files ([Snyk] Fix for 1 vulnerabilities #95)
• 9e7550b Add note about backward-slashes
• c071180 5.0.0
• a73462c Meta tweaks
• 6f96d2d Update globby to version 10 ([Snyk] Fix for 1 vulnerabilities #64)
• 6e23f6a Tidelift tasks

See the full diff

Package name: gh-pages

The new version differs by 138 commits.

• a8478a8 2.2.0
• 8bb003c Log changes
• 5bf8204 Merge pull request #318 from okuryu/dist
• 169f29b Merge pull request #319 from Sag-Dev/master
• ff212fe Merge pull request #323 from tschaub/updates
• 3dcf9ea Update dependencies
• f6bb57b Update dev dependencies
• 6b87c84 Merge pull request #277 from dplusic/feature/no-history
• e73d921 cli: add `--no-history` flag not to preserve deploy history
• 1f313c7 Use path.resolve() instead
• a5f6b56 Added 'remove' documentation to 'readme.md'
• 1f0e59f Allow an absolute path as dist directory
• 0249ac9 2.1.1
• aa27355 Log changes
• 3a92063 Add MIT license
• 3cb4f30 Merge pull request #312 from tschaub/git-default
• 0b3f02c Use default for git
• ba7e5e1 2.1.0
• 28f006b Log changes
• 47d051b Merge pull request #307 from tschaub/updates
• 76288c5 Update dev dependencies
• 496aeb4 Audit fix
• 5bcf217 Test for git option
• 2fb83f5 Merge pull request #303 from JRJurman/patch-1

See the full diff

Package name: glob

The new version differs by 173 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: globby

The new version differs by 75 commits.

• 45ac58a 11.0.0
• 3c93fa1 Re-enable test for [Snyk] Security upgrade json-schema from 0.2.5 to 0.4.0 #97
• 4a471af Require Node.js 10
• d4681a4 Get rid of `glob` dependency ([Snyk] Fix for 1 vulnerabilities #135)
• 8bc1ab0 10.0.2
• 72e775a Fix using `gitignore` and `absolute` options at the same time on Windows ([Snyk] Fix for 1 vulnerabilities #137)
• c61561a Fix TypeScript type for the `expandDirectories` option ([Snyk] Security upgrade copy-webpack-plugin from 4.6.0 to 5.0.5 #138)
• 51611f5 Tidelift tasks
• 4a47044 10.0.1
• a226f5d Don't throw when specifying a non-existing `cwd` directory ([Snyk] Security upgrade istanbul-instrumenter-loader from 2.0.0 to 3.0.0 #125)
• 5b0834a Readme tweaks
• 878ef6e 10.0.0
• 3706920 Upgrade `fast-glob` package to v3 ([Snyk] Security upgrade karma from 1.7.1 to 5.0.8 #126)
• 8aadde8 Add `globby.stream` ([Snyk] Security upgrade gh-pages from 0.12.0 to 2.0.0 #113)
• 2dd76d2 Remove `**/bower_components/**` as a default ignore pattern
• 9f781ce Require Node.js 8
• 04d51bf Upgrade `ignore` package ([Snyk] Security upgrade sass-graph from 2.2.6 to 4.0.1 #120)
• 2b61484 Readme tweaks
• ff3e1f9 Tidelift tasks
• 31f18ae Create funding.yml
• 33ca01c Fix using the `gitignore` and `stats` options together ([Snyk] Security upgrade node-sass from 4.14.1 to 7.0.2 #121)
• c737820 Minor TypeScript definition improvements
• 82db101 Add Node.js 12 to testing ([Snyk] Security upgrade webpack-dev-server from 2.11.5 to 3.1.10 #117)
• 766b728 9.2.0

See the full diff

Package name: jasmine

The new version differs by 69 commits.

• e1657e3 Fixed grunt release task to use main, not master
• 0d56082 Bump version to 3.6
• 0e8022b Removed ancient Node versions from build matrix
• 4814296 Removed unnecessary check for passedExpectations truthiness
• 204e0a1 Fixed spec that wasn't verifying what it meant to
• 7e72bef Merge branch 'missing-core-config-options' of https://github.com/coyoteecd/jasmine-npm
• 4ecf63c Support 'failSpecWithNoExpectations' config option and include a message in the default ConsoleReporter when a spec contains no expectations
• af16759 Merge branch 'c4dt-master'
• 6c14ba2 not parsing argv after --
• f0c0d7d Merge branch 'wood1986-features/concurrent-v4'
• b78c149 feat: add the parallel functionality
• c2e0f30 bump version to 3.5
• f2dee59 Use the total time from Jasmine-Core instead of calculating ourself
• b44fcef Add newer node.js version to travis and bump year in license
• dd00f4b Bump version to 3.4
• b5d9ef9 Use `removeListener` instead of `off` since it always exists
• 78cf067 Merge branch 'battk-remove-listener'
• 8e9ab27 moved exit listener add and removal to completion reporter
• b8183d2 recognize that Windows paths may use a '/' or a '\' as a separator
• 82b395c update dependencies
• bf79dd2 Merge branch 'strama4-strama4-readme-update'
• 831b646 Merge branch 'strama4-readme-update' of https://github.com/strama4/jasmine-npm into strama4-strama4-readme-update
• 0f2531c Bump version to 3.3.1
• 82b7db2 Add `null` encoding when writing to streams on close

See the full diff

Package name: karma-coverage

The new version differs by 36 commits.

• 32acafa chore(release): 2.0.2 [skip ci]
• bb8f9ee chore: add semantic-release for project - fix #408 (#413)
• 9c37de6 chore: add check commit message (#411)
• 27822c9 ci(test): use eslint as ci command and add all js files to check by eslint (#410)
• 1adb27a ci: drop node 8, adopt node 12 (#409)
• 4962a70 fix(reporter): update calls to match new API in istanbul-lib-report fix #398 (#403)
• fc6e289 refactor: remove isAbsolute and replace with path.isAbsolute (#405)
• 83bafc3 refactor: replace migrate coffee unit tests to modern JS (#407)
• 49f174d refactor: onRunComplete method to upgrade on new major version of Istanbul (#406)
• 4cfa697 chore: Update dev Dependencies eslint and load-grunt-tasks (#387)
• 5cf931a fix: remove information about old istanbul lib (#404)
• 352254a chore(deps): bump handlebars from 4.1.2 to 4.5.3 (#399)
• 0ee780c chore(deps): bump lodash.template from 4.4.0 to 4.5.0 (#392)
• d18cde4 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (#397)
• 55aeead Update Source Map Handling (#394)
• b23664e Added debug msg whether coverage is in reporters (#396)
• d3f53e3 chore(all): Migrate to ES6 (#385)
• 9c8a222 Make travis file simpler (#386)
• b76db9e Remove unused dateformat dependency (#384)
• 075ece0 Remove unused istanbul dependency (#382)
• 9184fc0 chore: release v2.0.1
• 57d4bd3 chore(deps): npm audit fix --force; update travis.yml (#380)
• 0e2800b chore: release v2.0.0
• 99c0c35 chore: update contributors

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published (#2921)
• 4e493d4 chore: misc testing fixes (#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (#2929)
• e388255 deps: [email protected] (#2928)
• 059bb6f deps: [email protected] (#2927)
• 4bef1ec deps: [email protected] (#2926)
• 21a7249 chore: add check engines script to CI (#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (#2923)
• d644ce4 docs: update applicable GitHub links from master to main (#2843)
• 4a50fe3 chore: empty commit to add changelog entries from #2770
• 26683e9 chore: GitHub Workflows security hardening (#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 (#2783)
• 5746691 test: update expired certs (#2908)
• d3615c6 Fix incorrect Xcode casing in README (#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python (#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after (#2721)
• 445c28f test: increase mocha timeout (#2887)
• 1bfb083 Fix Python lint error by using an f-string (#2886)
• c9caa2e docs: Update windows installation instructions in README.md (#2882)

See the full diff

Package name: node-pre-gyp

The new version differs by 39 commits.

• 2844fa4 bump to v0.8.0 with N-API support
• b22612c remove node-pre-gyp dep from app7 package.json
• 9bb97af Merge pull request #345 from inspiredware/napi-support
• c31cce4 Merge branch 'master' into napi-support
• cf3ebb6 bump to v0.7.1 with tar v4.x
• 9bc1ff3 avoid double declare of tape in devDeps
• b1ce220 fix package.json syntax
• e9fb2e5 Merge pull request #299 from isaacs/master
• 81f2e60 Merge branch 'master' into master
• e7bb6cd bump to v0.7.0 / drop node v0.10.x support
• 837c48b update versions
• af507d1 Merge pull request #347 from krotscheck/hawk
• eda90e0 Remove dependency on hawk, upgrade request
• 9684ef6 Another CI build tweak
• 9870491 Addresses CI build errors
• b2ed35a update with latest versions
• e352a05 kick travis
• 37eb637 bump to v0.6.40
• 8f7c497 CI tweaks
• 488ac7b Fix for code cleanup
• 82a641e Code cleanup.
• f0719bd Fix for reveal command
• 1122fdb Fixes clean and app7 for automated testing
• 411f5be Windows fixes

See the full diff

Package name: node-sass

The new version differs by 90 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: protractor

The new version differs by 63 commits.

• 5d8da04 chore(release): version bump to 6.0.0 and update the changelog
• d777738 chore(tests): circleci - chrome 69 requires chromdriver to 2.44 (#5182)
• 3d50b68 chore(deps): update based on npm audit
• e478ba8 chore(release): bump version to 6.0.1-beta
• 7054827 chore(types): fix types to use not @ types/selenium-webdriver (#5127)
• 2e5c2e6 chore(jasmine): prevent random execution order in jasmine 3 (#5126)
• 8afc4e2 chore(release): release 6.0.0-beta and update the changelog
• 5fd711c chore(webdriver-manager): use [email protected]
• 96ae17c deps(jasmine): upgrade jasmine 3.3 (#5102)
• 68491dd chore(expectedConditions): update generic Function typings (#5101)
• cf43651 chore(debugprint): convert debugprint to TypeScript (#5074)
• d213aa9 deps(selenium): upgrade to selenium 4 (#5095)
• 4672265 chore(browser): remove timing issues with restart and fork (#5085)
• b4dbcc2 chore(elementexplorer): remove explorer bin file (#5094)
• 7de6d85 docs(api): update examples to use async/await (#5081)
• 1b2036e typings(selenium): try out new version of typings (#5084)
• befb457 chore(bin): update webdriver-manager require to use the cli (#5093)
• 509f1b2 deps(latest): upgrade to the gulp and typescript (#5089)
• 2def202 deps(webdriver-manager): use replacement (#5088)
• 9d510db chore(test): remove jasmine addMatcher test (#5072)
• 6522e40 chore(cleanup): clean up imports and wdpromises (#5073)
• 3b8f263 chore(ignoreSynchornization): clean up to use waitForAngularEnabled (#5071)
• ffa3519 chore(debugger): remove debugger and explore methods (#5070)
• 0f7a38a chore(test): error tests fixed (#5069)

See the full diff

Package name: rimraf

The new version differs by 52 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Package name: tar

The new version differs by 195 commits.

• 1098f4b v3.0.0
• 51396a9 test and push on version bump
• 753ea13 parse test: early end isn't a zlib error on v4
• 9440c43 Merge branch 'v3'
• 7ac6960 pack test: set times explicitly so travis doesn't fail
• 7d8bd02 Handle truncated zlib input
• 3d1b142 docs: fix example code for tar.t({file})
• 50bfa6e Parser: emit warning about truncated input
• 3c70b5d Directory entries should have 0 size
• 4bfd57b Pax: don't break on line-break-having values or empty keys
• 09215cd ;
• a2a12d3 Doc improvements. Warnings and cwd consistency
• 740ac18 parse: Array is not faster than linked list
• f5899f6 parser: make consumeBody/Meta/Header private methods
• d32397f benchmark: output timer to stdout
• 0e8b390 Don't create obnoxious directories
• dffa806 follow option for packing
• 4b0b393 add preserveOwner flag for tar.x/tar.Unpack
• 5db47b0 use makeTar in unpack test
• 41965bd ignore extract benchmark folder
• 080d4d6 abstract out timer code from benchmarks
• 0b195dc Document benchmarks, clearer output
• 2464b53 Add files stanza to package.json
• ca9611a comprehensive benchmarks

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5aad1e7 chore(release): 4.8.0
• 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (#4368)
• 7920364 feat: export initialized socket client (#4304)
• 4e7800e chore: update webpack (#4367)
• fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (#4366)
• ...