[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	621/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6	Prototype Pollution SNYK-JS-FLAT-596927	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-1070800	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: flat

The new version differs by 12 commits.

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• e8fb281 Test prototype pollution on unflatten
• 6e95c43 Add node 10 & 12 to travis config.

See the full diff

Package name: linkinator

The new version differs by 27 commits.

• f9c13e9 fix(deps): update dependency marked to v2 [security] (Fix indentation inside Code Examples github/docs#271)
• d02484d build: remove the cache fallback (UI/UX: Navbar active link's styling for all section should be same for better user experience github/docs#268)
• 39816c5 chore: move c8 configuration to .c8rc (Update access-permissions-on-github.md github/docs#267)
• 668aad6 fix: ensure verbosity flag is enabled for config (TAY.t.3.0.0 github/docs#266)
• 9b0b206 fix: use custom HTTP server (ui: sidebar with brand color github/docs#265)
• 2fb77fb chore: add html reporter too in c8 (Fix code block markdown in gradle packages doc github/docs#264)
• 187aea1 chore: remove .nyc_output from .gitignore (fix some ghcr docker call examples had a typo when specifying image tag github/docs#262)
• 4e17c8e test: switch to `assert.match` (.A github/docs#261)
• 5d0cdcd build: CI: specify `FORCE_COLOR: 2` (Fix tests for actions allow list. github/docs#257)
• 9d98693 build: use the main branch for semantic-release (Create codeql-analysis.yml github/docs#259)
• 8c6b6cc build: CI: switch to Node.js 14 (Sha256 webhook signatures github/docs#254)
• a5ac753 chore: README.md: remove `.svg` from badges (Add optional cleanup step after failover to HA replica github/docs#252)
• 54cfe7d build: CI: add caching for Windows too (Shell not indicated in some examples, missing alternative shell solutions github/docs#253)
• 43cb074 build: remove `npm link` from `docs-test` too (repo sync github/docs#255)
• 1b35af6 chore: add author in package.json (Main github/docs#258)
• cb1d808 build: update CI config (> ### What article on docs.github.com is affected? github/docs#243)
• 026a012 test: stop using npm link in CLI tests (Configure Dependabot version updates github/docs#251)
• f14c912 refactor: remove dependency on p-queue (Actions github context: Move github.event_name up to other .event* entries github/docs#250)
• 0433251 build: use the main branch (Contributing: Fix links github/docs#249)
• 071a220 build: fix release action (Update the quickstart.md docs github/docs#240)
• b78be5d build: add the lock file back (https://github.com/github/docs/issues/226#issue-716944332 github/docs#242)
• 71d46aa test: remove usage of npx in tests (Updated quickstart.md typos github/docs#241)
• 4f12838 build: update CI config (repo sync github/docs#235)
• b6ca492 build: add CodeQL scanning (Update about-issues.md github/docs#234)

See the full diff

Package name: lodash

The new version differs by 1 commits.

• c6e281b Bump to v4.17.21

See the full diff

Package name: redis

The new version differs by 31 commits.

• fc28860 Bump version to 3.1.1 (. github/docs#1597)
• 2d11b6d fix repo sync github/docs#1569 - improve monitor_regex (fix navigation on tablet github/docs#1595)
• 7e77de8 Add Chat (repo sync github/docs#1594)
• 5d3e995 Merge branch 'master' of https://github.com/NodeRedis/node-redis
• b797cf2 add user to README.md
• 79f34c2 Bump version to 3.1.0 (repo sync github/docs#1590)
• 7fdc54e fix for 428e1c8a7b2322c2650294638cb1663ac5692728 - fix auth retry when redis is in loading state
• 09f0fe8 "fix" tests
• 428e1c8 Add support for Redis 6 `auth pass [user]` (repo sync github/docs#1508)
• bb208d0 Add codeclimate badge (Webpage github/docs#1572)
• 47e2e38 Exclude examples from deepsource (Umar Duzz github/docs#1579)
• fbca5cd Upgrade node and dependencies (repo sync github/docs#1578)
• 2188744 Create codeql-analysis.yml (Document github/docs#1577)
• 32861b5 Create .deepsource.toml (#1574)
• 2a34d41 Add LGTM badge (Slow to respond through December github/docs#1571)
• 69b7094 Workflows fixes (repo sync github/docs#1570)
• 49c4131 Merge pull request Admin system Developers  github/docs#1531 from marnikvde/improve-docs
• 3c8ff5c Merge branch 'master' into improve-docs
• 685a72d Merge pull request Registry URLs must include https:// github/docs#1277 from dcharbonnier/patch-1
• 055f5c5 Merge branch 'master' into patch-1
• c78b6d5 Merge pull request add update SECURITY.md github/docs#1527 from heynikhil/patch-1
• 53f1468 Merge branch 'master' into patch-1
• 232f191 Merge pull request repo sync github/docs#1563 from lebseu/patch-1
• e4cb073 Update README.md

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (Is it possible to migrate an OAuth app to Github app without asking users to re-authenticate? github/docs#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests ($fuckchrisknight 041215663 1318664565848 github/docs#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (content/rest/index.mdUpdate index.md github/docs#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Improve docs to be more explanatory github/docs#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Explain how to use environment variables in a test matrix github/docs#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (Explain how to use environment variables in a test matrix github/docs#1254)
• a7cba2f chore: project maintanance and typescript fix (repo sync github/docs#1247)
• 7748472 chore: ignore package-lock.json and remove its references (Remove extraneous grammar period which breaks the compare URL github/docs#1252)
• a014aa7 docs: fix supported arguments & commands link in README (Dashboard github/docs#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (repo sync github/docs#1238)
• 6cc6a49 chore: post refactor CLI (Update restriction github/docs#1237)
• 358651e chore: move cli under lerna package (Update about-the-dependency-graph.md github/docs#1225)
• 2dc495a fix(init): fix webpack config scaffold (Avoid use branch for example workflows github/docs#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (repo sync github/docs#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (SystemformNuch1991 github/docs#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (Fix the table overflowing sidebar github/docs#1234)
• 35d1381 tests(generator): enable init generator test (index.md github/docs#1233)
• 66cdcb6 chore(generator): remove transpiled tests (Fixes #1190 github/docs#1229)
• f29a170 fix(init): fix the invalid package name (Issue: Improve existing docs github/docs#1228)
• 8c3a66d chore(cli): updated changelog of v3 (Add note that secret scanning endpoints should be able to handle larg… github/docs#1224)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic