[Snyk] Fix for 1 vulnerabilities

[kaocher82]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • pkgs/development/interpreters/clojurescript/lumo/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-jest

The new version differs by 59 commits.

• 343532a v26.0.0
• 075854a chore: update changelog for release
• 68b65af v26.0.0-alpha.2
• d30a586 fix: disallow hook definitions in tests (xterm: 317 -> 320 NixOS/nixpkgs#9957)
• 3375ac3 chore: remove unused prettier uninstall step from CI
• 0a63d40 fix: absolute path moduleNameMapper + jest.mock issue (Enable tests for Haskell packages presburger and http-media NixOS/nixpkgs#8727)
• 03dbb2f chore: fix watch mode test with utimes (iops: init at 0.1 NixOS/nixpkgs#9967)
• 68d12d5 chore: skip broken test on windows (nixpkgs-lint: don't find license with new syntax NixOS/nixpkgs#9966)
• e8e8146 align circus with jasmine's top-to-bottom execution order (profanity: 0.4.6 -> 0.4.7 NixOS/nixpkgs#9965)
• 968a301 Fix invalid re-run of tests in watch mode (services.x11: Add option for additional InputClass sections. NixOS/nixpkgs#7347)
• 5d1be03 chore: fix windows CI (handbrake: 0.9.9 -> 0.10.2 NixOS/nixpkgs#9964)
• 2bac04f v26.0.0-alpha.1
• c665f22 feat: add `createMockFromModule` to replace `genMockFromModule` (gitit: Remove staticDir and templatesDir NixOS/nixpkgs#9962)
• 8147af1 chore: improve error on module not found (pantheon-terminal: 0.3.0.1 -> 0.3.1.3 NixOS/nixpkgs#9963)
• 71631f6 feat: add new 'modern' implementation of Fake Timers (rmlint: 2.0.0 -> 2.1.0 NixOS/nixpkgs#7776)
• d7f3427 chore: rename LolexFakeTimers to ModernFakeTimers (mupdf: 1.7a -> 1.7 NixOS/nixpkgs#9960)
• 2c7682c Update index.js (perf-linux installation failure NixOS/nixpkgs#9095)
• 5a16415 docs: Updated Testing Frameworks guide with React; make it generic (hubicfuse: init at 2.1.0 NixOS/nixpkgs#9106)
• 4216b86 updated docs regarding testSequencer (spyder: 2.2.5 -> 2.3.6 NixOS/nixpkgs#9174)
• 2e8f8d5 fix: handle `null` being passed to `createTransformer` (opensmtpd: 5.4.5p1 -> 5.7.1p1 NixOS/nixpkgs#9955)
• 7a3c997 jest-circus: throw if a test / hook is defined asynchronously (Bump 'svtplay-dl' to version 0.10.2015.05.24. NixOS/nixpkgs#8096)
• 42f920c chore: update ts-eslint (broadcom-sta: fix build on kernel >= 4.2 NixOS/nixpkgs#9953)
• 3078172 Updated config docs with default transform value (Remove network.target dependency from multi-user.target NixOS/nixpkgs#8583)
• b6052e0 Update jest-phabricator documentation (ghc: add haskell.compiler.ghcNokinds, for Richard Eisenberg's nokinds branch NixOS/nixpkgs#8662)

See the full diff

Package name: babel-loader

The new version differs by 16 commits.

• 9ff288f 9.0.0
• 006a3dc Update README.md
• daed88a Update README.md
• 0ed5fd6 Bump ini from 1.3.5 to 1.3.8 ([Snyk] Security upgrade matrix-js-sdk from 0.7.13 to 38.2.0 #968)
• b1749e3 Bump y18n from 4.0.0 to 4.0.3 ([Snyk] Security upgrade tedious from 6.7.0 to 6.7.1 #967)
• 3a55a4a Bump lodash from 4.17.20 to 4.17.21 ([Snyk] Security upgrade axios from 0.20.0 to 1.12.0 #966)
• 9a4ffe0 Bump normalize-url from 4.5.0 to 4.5.1 ([Snyk] Security upgrade metasploit-framework from 5.0.90 to 6.0.33 #962)
• 28f2482 Bump hosted-git-info from 2.8.8 to 2.8.9 ([Snyk] Security upgrade metasploit-framework from 5.0.90 to 6.0.33 #964)
• d850108 Bump glob-parent from 5.1.1 to 5.1.2 ([Snyk] Security upgrade codemirror from 5.49.3 to 6.0.0 #965)
• 29de619 Build for node 14.15.0 ([Snyk] Security upgrade codemirror from 5.65.20 to 6.0.0 #963)
• 9a2451f Remove dependency on loader-utils and drop webpack 4 support ([Snyk] Security upgrade jemoji from 0.12.0 to 0.13.0 #942)
• 12876a5 Bump tar from 6.0.5 to 6.1.11 ([Snyk] Fix for 1 vulnerabilities #960)
• 98a708e Bump trim-off-newlines from 1.0.1 to 1.0.3 ([Snyk] Fix for 5 vulnerabilities #958)
• 4ae5696 Bump minimist from 1.2.5 to 1.2.7 ([Snyk] Security upgrade jemoji from 0.12.0 to 0.13.0 #957)
• 4f00e41 Bump terser from 5.6.1 to 5.15.1 ([Snyk] Security upgrade kitchen-inspec from 1.3.1 to 2.5.2 #959)
• 87bfae7 Bump babel and node minimum versions ([Snyk] Security upgrade gitlab-labkit from 0.12.0 to 0.12.1 #956)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request The zip package is built without unicode support NixOS/nixpkgs#11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request signing-party: 2.0 -> 2.1 NixOS/nixpkgs#11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request gupnp-tools does not build NixOS/nixpkgs#11690 from webpack/bugfix/11673
• 234373e Merge pull request udevil: added patch NixOS/nixpkgs#11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request cache.nixos.org is slow NixOS/nixpkgs#11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request corkscrew: fix darwin build NixOS/nixpkgs#11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request zile: build on unix NixOS/nixpkgs#11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request super-user-spark: 0.1.0.0 -> 0.2.0.3 NixOS/nixpkgs#11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request lightdm: allow dm-tool lock to work properly NixOS/nixpkgs#11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request use fetchurlBoot in libressl NixOS/nixpkgs#11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)