[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: copy-webpack-plugin

The new version differs by 18 commits.

• 2359cba 2.0.0
• 7b068cb Set up travis-ci
• d276d12 Fixed patterns with absolute to
• 06dbd9f Only include modified files w/ option to disable
• f0ff942 Fix tests
• c067554 Fix linting
• efab319 Add webpack-dev-server support
• 117c4da Enforce forward slash separators for compilation.assets
• 0ec5b3f Use glob options in from and copy to non-root dir
• 31e4115 4 space => 2 space indents
• 642c0ab Update code style.
• ad25776 No need to include the ./node_modules/.bin path
• 173d405 Merge pull request [Snyk] Security upgrade extract-text-webpack-plugin from 1.0.1 to 2.0.0 #23 from adamsxm/master
• dba5f76 Merge pull request [Snyk] Upgrade web3 from 1.3.6 to 1.4.0 #20 from gajus/issue-14
• f1ecdfe Merge pull request [Snyk] Security upgrade web3 from 1.3.5 to 1.3.6 #19 from gajus/issue-13
• e8aa028 Support lodash v4.0.0
• 10efaee Deletegate responsibility of change detection to write-file-webpack-plugin (fixes [Snyk] Upgrade bootstrap-webpack from 0.0.5 to 0.0.6 #14)
• 8971971 Paths need to be relative to the output path, not the context. (fixes [Snyk] Upgrade react-router from 1.0.1 to 1.0.3 #13)

See the full diff

Package name: css-loader

The new version differs by 136 commits.

• 43179a8 chore(release): 1.0.0
• 3d53968 Merge remote-tracking branch 'origin/master'
• 240db53 version 1.0 (#742)
• 1b7acf7 Merge remote-tracking branch 'origin/master'
• 1703721 docs(README): add more context to `localIdentName` (#711)
• 1c51265 docs(README): fix malformed emoji (#701)
• 50f8ec0 Merge remote-tracking branch 'origin/master'
• 07444ad tests: css custom variables (#709)
• 3de8aa7 tests: css custom variables (#709)
• df497db chore(release): 0.28.11
• c788450 fix(lib/processCss): don't check `mode` for `url` handling (`options.modules`) (#698)
• c35d8bd chore(release): 0.28.10
• 9f876d2 fix(getLocalIdent): add `rootContext` support (`webpack >= v4.0.0`) (#681)
• 0452f26 test: hashes inside `@ font-face` url (#678)
• 630579d chore(release): 0.28.9
• 604bd4b chore(package): update dependencies
• d1d8221 fix: ignore invalid URLs (`url()`) (#663)
• 0fc46c7 chore(release): 0.28.8
• 333a2ce chore(package): update `dependencies`
• 39773aa ci(travis): use `npm`
• 8897d44 fix: proper URL escaping and wrapping (`url()`) (#627)
• 0dccfa9 fix(loader): correctly check if source map is `undefined` (#641)
• d999f4a docs: Update importLoaders documentation (#646)
• 05c36db test: removed redundant `modules` argument (#599)

See the full diff

Package name: history

The new version differs by 35 commits.

• 702db62 Version 1.14.0
• 990b853 Merge pull request #168 from taion/doc-141
• a9db75a Deprecate pushState and replaceState
• 50420f9 Document the new push and replace syntax
• 0a1b31a Merge pull request #171 from rackt/query-string
• d0edd09 Use query-string instead of qs
• 331ee28 Merge pull request #167 from taion/hash-replace
• 32a3978 Consider the full path in changing PUSH to REPLACE
• ce96689 Merge pull request #141 from taion/push-replace-location-object
• 9a5a378 Merge pull request #156 from taion/actually-fix-coverage
• 969463f Configure the coverage reporter
• 4ab16f3 Merge pull request #155 from rackt/taion-patch-1
• d88948f Clean up the last of the old push/replace docs
• e2c9860 Merge pull request #152 from taion/build-es6
• 07b8013 Add ES2015 module build
• 2688abe Merge pull request #151 from taion/clean-lib
• b1cf2fa Merge pull request #150 from taion/linkify-CHANGES-HEAD
• a6aac12 Clean output directory when building
• 23353fe Link to HEAD diffs on CHANGES
• ede110f Merge pull request #147 from taion/CriOS-fixme
• 7f28fcb Merge pull request #148 from taion/eslint-mocha
• 7bb2867 Centralize eslint env setting
• b98fc54 Add FIXME note to CriOS workaround
• ae05e84 Update CHANGES.md

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic