[Snyk] Fix for 35 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/Web/WebSPA/package.json
  • src/Web/WebSPA/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-FRONTMATTER-569103	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	No	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Command Injection SNYK-JS-TREEKILL-536781	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:jasmine-core:20180216	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 167 commits.

• 36ced0a 5.0.0
• 5fd5632 Build: changelog update for 5.0.0
• 0feedfd New: Added max-lines-per-function rule (fixes #9842) (#10188)
• daefbdb Upgrade: eslint-scope and espree to 4.0.0 (refs #10458) (#10500)
• 077358b Docs: no-process-exit: recommend process.exitCode (#10478)
• f93d6ff Fix: do not fail on unknown operators from custom parsers (fixes #10475) (#10476)
• 05343fd Fix: add parens for yield statement (fixes #10432) (#10468)
• d477c5e Fix: check destructuring for "no-shadow-restricted-names" (fixes #10467) (#10470)
• 7a7580b Update: Add considerPropertyDescriptor option to func-name-matching (#9078)
• e0a0418 Fix: crash on optional catch binding (#10429)
• de4dba9 Docs: styling team members (#10460)
• 5e453a3 Docs: display team members in tables. (#10433)
• b1895eb Docs: Restore intentional spelling mistake (#10459)
• a9da57d 5.0.0-rc.0
• 3ac3df6 Build: changelog update for 5.0.0-rc.0
• abf400d Update: Add ignoreDestructing option to camelcase rule (fixes #9807) (#10373)
• e2b394d Upgrade: espree and eslint-scope to rc versions (#10457)
• a370da2 Chore: small opt to improve readability (#10241)
• 640bf07 Update: Fixes multiline no-warning-comments rule. (fixes #9884) (#10381)
• 831c39a Build: Adding rc release script to package.json (#10456)
• dc4075e Update: fix false negative in no-use-before-define (fixes #10227) (#10396)
• 3721841 Docs: Add new experimental syntax policy to README (fixes #9804) (#10408)
• d0aae3c Docs: Create docs landing page (#10453)
• fe8bec3 Fix: fix writing config file when `source` is `prompt` (#10422)

See the full diff

Package name: handlebars

The new version differs by 159 commits.

• a9a8e40 v4.7.7
• e66aed5 Update release notes
• 7d4d170 disable IE in Saucelabs tests
• eb860c0 fix weird error in integration tests
• b6d3de7 fix: check prototype property access in strict-mode (Fixed typo: Applciation -> Application dotnet-architecture/eShopOnContainers#1736)
• f058970 fix: escape property names in compat mode (Fixed typo: Applciation -> Application dotnet-architecture/eShopOnContainers#1736)
• 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (The EventBus.Tests project isn't added to the solution dotnet-architecture/eShopOnContainers#1683)
• 3789a30 chore: start testing on Node.js 12 and 13
• e6ad93e v4.7.6
• 2bf4fc6 Update release notes
• b64202b Update release-notes.md
• c2f1e62 Switch cmd parser to latest minimist
• 08e9a11 Revert "chore: set Node.js compatibility to v6+"
• 1fd2ede v4.7.5
• 3c9c2f5 Update release notes
• 16487a0 chore: downgrade yargs to v14
• 309d2b4 chore: set Node.js compatibility to v6+
• 645ac73 test: fix integration tests
• b454b02 docs: update release-docs in CONTRIBUTING.md
• 7adc19a v4.7.4
• 9dd8d10 Update release notes
• 4671c4b Use tmp directory for files written during tests
• e46baa1 tasks/test-bin.js: Delete duplicate test
• c491b4e Revert "Update release-notes.md"

See the full diff

Package name: karma

The new version differs by 180 commits.

• 3653caf chore(release): 6.0.0 [skip ci]
• 04a811d fix(ci): abandon browserstack tests for Safari and IE (#3615)
• 4bf90f7 feat(client): update banner with connection, test status, ping times (#3611)
• 68c4a3a chore(test): run client tests without grunt wrapper (#3604)
• fec972f fix(middleware): catch errors when loading a module (#3605)
• 3fca456 fix(server): clean up close-server logic (#3607)
• 1c9c2de fix(test): mark all second connections reconnects (#3598)
• 87f7e5e chore(license): Update copyright notice to 2020 [ci skip] (#3568)
• e6b045f chore(deps): npm audit fix the package-lock.json (#3603)
• 3c649fa chore(build): remove obsolete Grunt tasks (#3602)
• 8997b74 fix(test): clear up clearContext (#3597)
• fe0e24a chore(build): unify client bundling scripts (#3600)
• 1a65bf1 feat(server): remove deprecated static methods (#3595)
• fb76ed6 chore(test): remove usage of deprecated buffer API (#3596)
• 35a5842 feat(server): print stack of unhandledrejections (#3593)
• 4a8178f fix(client): do not reset karmaNavigating in unload handler (#3591)
• 603bbc0 feat(cli): error out on unexpected options or parameters (#3589)
• 7a3bd55 feat: remove support for running dart code in the browser (#3592)
• 1b9e1de fix(deps): bump socket-io to v3 (#3586)
• 3fed0bc fix(cve): update yargs to 16.1.1 to fix cve-2020-7774 in y18n (#3578)
• f819fa8 fix(cve): update ua-parser-js to 0.7.23 to fix CVE-2020-7793 (#3584)
• 05dc288 fix(context): do not error when karma is navigating (#3565)
• e5086fc docs: clarify `browser_complete` vs `run_complete`
• ead31cd chore(release): 5.2.3 [skip ci]

See the full diff

Package name: merge

The new version differs by 27 commits.

• 56ca75b build: v2.1.1
• 7b0ddc2 fix: prototype pollution
• 8686d85 build: bump version
• 80151be build
• 0acaaf3 build: update dev dependencies
• f571887 Merge pull request [Snyk] Security upgrade AspNetCore.HealthChecks.UI.Client from 2.2.4 to 3.0.0 #38 from 418sec/master
• 869927f Merge pull request [Snyk] Fix for 35 vulnerabilities #1 from alromh87/master
• c2f8454 Fix Prototype Pollution
• bf8b1ff build: include typings
• ece8885 Merge pull request [Snyk] Security upgrade Newtonsoft.Json from 12.0.3-beta1 to 13.0.1 #32 from yeikos/develop
• 43ffa43 build: include only needed files
• 7bf0fc8 fix: export default function (typings)
• 159e724 build: bump version
• 21f4105 fix: default typings
• 36d4b9c build: new npm scripts
• eabfd6f build: CommonJS support
• bf85170 test: add merge script
• 75ba781 build: add editor config
• 2d2b54a build: update ignored files
• b36036a docs: remove license copyright
• 1385593 build: update main script and description
• 2b22e6b docs: update readme
• 7cc6574 build: package-lock.json
• 29e46a8 build: ts and webpack config

See the full diff

Package name: npm-watch

The new version differs by 16 commits.

• 6cd3ca2 0.7.0
• b737415 npm audit fix
• a634e9e fix: package.json & package-lock.json to reduce vulnerabilities
• a31b046 Clean up devDependancies
• 2d7a59d Add silent option to turn on nodemon quiet mode
• efb3c75 0.6.0
• ced6020 Documentation for verbose mode
• e02147f Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.13.9 to 0.803.28 #53 from charlesbdudley/add-clear-buffer-option
• a30560c Merge branch 'master' into add-clear-buffer-option
• f5f5064 Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.13.9 to 0.13.10 #54 from Leo7654/master
• 22aef57 Merge branch 'master' into master
• 305a45e Merge pull request [Snyk] Security upgrade jquery from 3.4.1 to 3.5.0 #63 from kaycebasques/patch-1
• 6e88d57 Fix code samples
• c555e38 Add section on ignoring files
• 3ba807e Add verbose option
• 73b3c9d added config flag to clear the buffer on file changes

See the full diff

Package name: protractor

The new version differs by 63 commits.

• 5d8da04 chore(release): version bump to 6.0.0 and update the changelog
• d777738 chore(tests): circleci - chrome 69 requires chromdriver to 2.44 (#5182)
• 3d50b68 chore(deps): update based on npm audit
• e478ba8 chore(release): bump version to 6.0.1-beta
• 7054827 chore(types): fix types to use not @ types/selenium-webdriver (#5127)
• 2e5c2e6 chore(jasmine): prevent random execution order in jasmine 3 (#5126)
• 8afc4e2 chore(release): release 6.0.0-beta and update the changelog
• 5fd711c chore(webdriver-manager): use webdriver-manager@13.0.0-beta
• 96ae17c deps(jasmine): upgrade jasmine 3.3 (#5102)
• 68491dd chore(expectedConditions): update generic Function typings (#5101)
• cf43651 chore(debugprint): convert debugprint to TypeScript (#5074)
• d213aa9 deps(selenium): upgrade to selenium 4 (#5095)
• 4672265 chore(browser): remove timing issues with restart and fork (#5085)
• b4dbcc2 chore(elementexplorer): remove explorer bin file (#5094)
• 7de6d85 docs(api): update examples to use async/await (#5081)
• 1b2036e typings(selenium): try out new version of typings (#5084)
• befb457 chore(bin): update webdriver-manager require to use the cli (#5093)
• 509f1b2 deps(latest): upgrade to the gulp and typescript (#5089)
• 2def202 deps(webdriver-manager): use replacement (#5088)
• 9d510db chore(test): remove jasmine addMatcher test (#5072)
• 6522e40 chore(cleanup): clean up imports and wdpromises (#5073)
• 3b8f263 chore(ignoreSynchornization): clean up to use waitForAngularEnabled (#5071)
• ffa3519 chore(debugger): remove debugger and explore methods (#5070)
• 0f7a38a chore(test): error tests fixed (#5069)

See the full diff

Package name: sass-lint

The new version differs by 94 commits.

• dac0f12 chore(release): 1.13.0 [skip ci]
• 6b5a615 Merge pull request Refused to load the script 'http://host.docker.internal:5105/lib/jquery/jquery.js' because it violates the following Content Security Policy directive: "script-src 'unsafe-inline'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback. dotnet-architecture/eShopOnContainers#1278 from srowhani/fix/release-version
• bf4f2ae fix(ci): rollback release version to match npm
• 037b459 Merge pull request Facing issue while running MVC application . Response status code does not indicate success: 500 (Internal Server Error). dotnet-architecture/eShopOnContainers#1276 from srowhani/fix/dependencies
• 37863b7 feat(ast): migrate from ast fork to latest version of gonzales
• b508036 feat(lint): adds disable-next-line
• 19df7ba Merge branch 'develop' into develop
• e391436 Merge pull request Is there any video which explains entire application and its code base in detail? dotnet-architecture/eShopOnContainers#1275 from srowhani/chore/ci-deploy-phase
• 2ab49c5 Merge branch 'develop' into chore/ci-deploy-phase
• 49b7253 chore(ci): fix build stages
• 50831b1 Merge pull request How to see edited code whiel docker is running? dotnet-architecture/eShopOnContainers#1274 from srowhani/chore/ci-release-automation
• c0bd68f chore(ci): update husky commit-msg hook
• 814259b chore(ci): increase mocha test timeout to reduce flakiness of cli suite
• 745c0ba chore(ci): update travis build rules, and update matrix
• 9a6c32e chore(ci): automated release and deployment using semantic-release
• 21a56de Merge pull request Getting error of unauthorized_client when clicking on Login button from web mvc dotnet-architecture/eShopOnContainers#1273 from srowhani/chore/ci
• 3a6b08c chore(ci): update appveyor build matrix
• 3b9f2d5 Add disable-next-line
• 594cc6c Merge pull request SPA app doesn't show the orders when using docker.for.win.localhost dotnet-architecture/eShopOnContainers#1232 from sasstools/1.13.0
• de2bbce merge with master
• bd0ed2b v1.13.0
• 501ea72 Merge pull request Login not working in 'webmvc' when running locally on docker dotnet-architecture/eShopOnContainers#1230 from ccjmne/update-smacss-ordering
• 56fb8a9 Merge branch 'develop' into update-smacss-ordering
• 268c939 Merge pull request Use internal docker dns names dotnet-architecture/eShopOnContainers#1231 from sasstools/feature_update-packages

See the full diff

Package name: typedoc

The new version differs by 231 commits.

• 5b3e56b chore: Bump version to 0.18.0
• 14eb245 chore: Upgrade dependencies
• cce8bf6 Merge remote-tracking branch 'origin/fix/1263'
• 2f8d295 BREAKING CHANGE: Bump minimum node version to 10
• a0a8f14 chore(deps): bump lodash from 4.17.15 to 4.17.19
• 021261c chore: Fix lint
• 23482c5 chore: Rebuild renderer test
• 7fc721c fix: Improve support for type aliases
• f582eb3 fix: Examples don't run (How ApiGateway and BFF Aggregator work? dotnet-architecture/eShopOnContainers#1327)
• ea1cdcb chore: Fix invalid renderer test failure
• 82a7e76 chore: Update rendered specs
• 471d36e chore: Bump version to 0.17.8
• 7b54288 Merge branch 'master' of https://github.com/TypeStrong/typedoc
• c7eabf7 fix: Use `baseUrl` to determine file paths (Bump jquery from 3.4.1 to 3.5.0 in /src/Web/WebSPA dotnet-architecture/eShopOnContainers#1313)
• d704709 fix: Support resolveJsonModule
• e553af2 fix: Do not ignore the properties of object type literals (Why I get this error - ERROR: Service 'webstatus' failed to build: The command 'cmd /S /C dotnet restore "eShopOnContainers-ServicesAndWebApps.sln"' returned a non-zero code: 1 dotnet-architecture/eShopOnContainers#1308)
• 30fab7a fix: GithubPlugin: read correct remote when multiple github repos exist
• 48090b7 chore: Add note about ignoreCompilerErrors
• 9118a5c chore: Bump version to 0.17.7
• 9b586db fix: copy inherited parameter descriptions (CatalogService: GetItemsByIds wrong behavior  dotnet-architecture/eShopOnContainers#1303)
• 8edb17c fix: TypeDoc fails to resolve @ types packages outside of cwd
• 935e10a fix: Trim whitespace when parsing links
• 0708fb8 chore: Fix minimatch pattern error in tests on Windows (CatalogService: Fix issue with Status set when items list is empty dotnet-architecture/eShopOnContainers#1304)
• 4fed0bd fix: Module declaration parsed as namespace (Set up and debug this application is VS code dotnet-architecture/eShopOnContainers#1301)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic