[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 58 commits.

• 0d87655 Releasing 0.20.0
• cd27741 Updating changelog for 0.20.0 release
• ffea034 Releasing 0.20.0-0
• fe147fb Updating changlog for 0.20.0 beta release
• 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
• c4300a8 Adding support for URLSearchParams in node (#1900)
• bed6783 add table of content (preview) (#3050)
• c70fab9 Fix stale bot config (#3049)
• 5b08fc4 Add days and change name to work (#3035)
• 1768c23 Update close-issues.yml (#3031)
• 3dbf6a1 Add GitHub actions to close stale issues/prs (#3029)
• a9010e4 Add GitHub actions to close invalid issues (#3022)
• 36f0ad2 Replace 'blacklist' with 'blocklist' (#3006)
• 0d69a79 Refactor mergeConfig without utils.deepMerge (#2844)
• 4879416 Allow unsetting headers by passing null (#382) (#1845)
• 4b3947a Add test with Node.js 12 (#2860)
• 0077205 Adding console log on sandbox server startup (#2210)
• ee46dff docs(): Detailed config options environment. (#2088)
• 17a6886 Include axios-data-unpacker in ECOSYSTEM.md (#2080)
• 3f2ef03 Allow opening examples in Gitpod (#1958)
• f3cc053 Fixing overwrite Blob/File type as Content-Type in browser. (#1773)
• f2b478f Revert "Fixing default transformRequest with buffer pools (#1511)" (#2982)
• d35b5b5 Remove axios.all() and axios.spread() from Readme.md (#2727)
• 6d36dbe Update README.md (#2887)

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: jest

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (#8850)
• 7594141 chore: upgrade to eslint@6 (#8855)
• b33ce0d chore: upgrade to micromatch v4 (#8852)
• d6ff72a chore: add node 12 to CI (#8411)
• 7e9b4ea chore: upgrade jsdom (#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
• d523fa8 bug.md: highlights placeholder should be removed (#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
• 012472b fix(docs): Update broken links in docs. (#8847)
• ee2bea1 chore: sort member in imports (#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
• e76c7da docs: update matchMedia methods (#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5280ee7 docs: fix typo
• d834582 chore(release): 4.7.3
• 7b8c85b chore(deps): update `selfsigned` (#4170)
• d598325 chore: fix lint
• c1907f1 refactor: remove redundant `if` statements (#4158)
• e535f25 ci: debug (#4144)
• 75999bb chore(release): 4.7.2
• 90a96f7 ci: fix (#4143)
• f6bc644 fix: compatible with `onAfterSetupMiddleware`
• 317e4b9 docs: fix testing instructions (#4133)
• ff4550e test: remove redundant test cases related to 3rd party code (#4131)
• 0dd1ee6 test: add e2e tests for `setupExitSignals` option (#4130)
• afe4975 chore(release): 4.1.7
• 4e5d8ea fix: droped `url` package (#4132)
• b0c98f0 chore(release): 4.7.0
• 3138213 chore(deps): update (#4127)
• 8f02c3f feat: added types
• f4fb15f fix: update description of `onAfterSetupMiddleware` and `onBeforeSetupMiddleware` options (#4126)
• 37b73d5 test: add e2e test for `WEBPACK_SERVE` env variable (#4125)
• f5a9d05 chore(deps-dev): bump eslint from 8.4.1 to 8.5.0 (#4121)
• c9b959f chore(deps): bump ws from 8.3.0 to 8.4.0 (#4124)
• 42208aa chore(deps-dev): bump lint-staged from 12.1.2 to 12.1.3 (#4122)
• f440f84 chore(deps): bump express from 4.17.1 to 4.17.2 (#4120)
• c13aa56 feat: added the `setupMiddlewares` option (#4068)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic