[Snyk] Fix for 46 vulnerabilities

[adsbn]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-WEBPACKBUNDLEANALYZER-174190	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:vue:20180222	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:vue:20180802	No	Proof of Concept
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 98 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• c4fffbc 8.0.0
• d51f4cf Build: changelog update for 8.0.0
• 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
• 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
• f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
• 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
• 68a49a9 Docs: Update Rollup Integrations (#15142)
• d867f81 Docs: Remove a dot from curly link (#15128)
• 9f8b919 Sponsors: Sync README with website
• 4b08f29 Sponsors: Sync README with website
• ebc1ba1 Sponsors: Sync README with website
• 2d654f1 Docs: add example .eslintrc.json (#15087)
• 16034f0 Docs: fix fixable example (#15107)
• 07175b8 8.0.0-rc.0
• 71faa38 Build: changelog update for 8.0.0-rc.0
• 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
• cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
• 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
• 7f2346b Docs: Update release blog post template (#15094)
• fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
• e3cd141 Sponsors: Sync README with website
• 05d7140 Chore: document target global in Makefile.js (#15084)
• 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: file-loader

The new version differs by 9 commits.

• 1451b1e chore(release): 1.1.7
• 98bf052 fix(index): don't concat `options.outputPath` and `options.publicPath` (#246)
• 9ee8332 docs(README): add `regExp` option (`options.regExp`) (#244)
• f62bc44 chore(package): update `schema-utils` v0.3.0...0.4.5 (#245)
• ef5688e docs(README): correct default value for `digestType` (`hashes`) (#239)
• d965494 chore(release): 1.1.6
• 1e4b7cf fix: rootContext compatibility fix for legacy / v4 (#237)
• 0c4cdc2 docs(README): correct the default value for `[hash:<length>]` (#230)
• 52c882e test: standardize test configuration (#214)

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: node-sass

The new version differs by 184 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 2 commits.

• 662dfb7 3.2.1
• 7ab5e15 Upgrade cssnano dependency

See the full diff

Package name: postcss-custom-media

The new version differs by 7 commits.

• b780656 7.0.0
• 926f1ef Use PostCSS 7
• 8336b81 Update README.md heading
• d472113 Fix badge
• e2c61ac Merge pull request [Snyk] Security upgrade node-sass from 4.9.0 to 7.0.2 #30 from postcss/feature/cssdb-badge
• 8f03744 Add CSS Standard Status
• 8136745 Change link to specification

See the full diff

Package name: shelljs

The new version differs by 71 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (#903)
• 4bd22e7 chore(ci): fix codecov on travis (#897)
• 2b3b781 fix: silent exec (#892)
• 37acb86 chore(npm): add ci-or-install script (#896)
• 4e861db chore(appveyor): run entire test matrix (#886)
• d079515 docs: remove gitter badge (#880)
• 4113a72 grep includes the i flag (#876)
• 8dae55f Fix(which): match only executable files (#874)
• 6d66a1a chore: rename some tests (#871)
• 131b88f Fix cp from readonly source (#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (#863)
• 72ff790 chore: bump dev dependencies and add package-lock (#864)
• 93bbf68 Prevent require-ing bin/shjs (#848)
• aa9d443 chore: output npm version in travis (#850)
• 4733a32 chore(appveyor): do not use latest npm (#847)
• dd5551d chore: update shelljs-release version (#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (#87)
• 636ebed feat: add `fallback` option (#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (#89)
• 2de70bb docs(README): fix typo in example ([Snyk] Security upgrade shelljs from 0.7.8 to 0.9.0 #81)
• ced5990 feat(index): add options validation (`schema-utils`) ([Snyk] Fix for 1 vulnerabilities #78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request #8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request #8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request #8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for #8293
• af123a8 Merge pull request #8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request #8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request #8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request #8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-bundle-analyzer

The new version differs by 250 commits.

• ee6c7a9 Merge pull request #389 from webpack-contrib/support-webpack-5
• 8d1a752 Update version
• 37ab03e Fix typo
• 2153401 Add `--watch-ignore` flag to `test-dev` npm script
• 35b62db Add `private: true` flag to `package.json` files in `test/webpack-versions`
• ef36924 Add changelog entry
• f819548 Update version
• d8f2dd7 Fix lint issues
• d32cbdb Add changelog for v4.0.0
• 3094dbc Update dependencies
• b85ba7d Add tests for Webpack 5
• c35bda3 Properly parse Webpack 5 entry modules
• 7bbe89f Properly parse Webpack 5 bundle format (except concatenated entry module)
• b34b249 Update package-lock.json
• abc298a Remove Node.js 6 and 8 from .travis.yml
• a81b7b8 - Support multiple Webpack versions in tests
• 591adf1 Add more ignores to .npm-upgrade.json
• d5698f4 Update dependencies
• e4a8974 Merge pull request #382 from wbobeirne/fix-opener-error
• b0f717b Catch uncaught opener errors
• e4b2677 v3.9.0
• afde5a8 Merge pull request #378 from dabbott/fix-missing-child-bundles
• 0ddc92d Add test for dynamic imports in worker bundles
• b39594c Fix missing child bundles throwing an error

See the full diff

Package name: webpack-hot-middleware

The new version differs by 113 commits.

• e140693 2.25.1
• 3d5018a Merge pull request #413 from nttibbetts/replace-ansi-html
• 90551e5 use public npm registry, not private one
• adeeade fix: replace ansi-html with ansi-html-community to fix vulnerability
• f0ffa4c Resolve weird desync in package lock
• 0f5e3e9 Use old-style require syntax to keep the linter happy
• aa38d42 Bump ansi/html encoding deps
• 2c31df1 Bump example dependencies
• d156bbc Simplify CI setup
• 0635d00 Replace istanbul with nyc
• 04fa8c8 Apply prettier formatting updates
• b81cfd5 Update eslint and prettier
• c98216a Upgrade test dependencies
• cb29abb 2.25.0
• bbffbe6 Merge branch 'master' of github.com:webpack-contrib/webpack-hot-middleware
• 82dd483 Merge pull request #360 from jimblue/master
• e2b49ff improved client overlay style
• c430265 2.24.4
• fe33d59 Merge pull request #355 from okcoker/ansi-color-fix
• 331ad96 Merge branch 'master' into ansi-color-fix
• f6609e4 Bump deps to sort audit out
• e605d10 Fix ansi colors
• 036bf30 Merge pull request #354 from Hacksign/master
• f2b477d Resolve Code under example folder do not work. webpack-contrib/webpack-hot-middleware#353

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"c8567726-5e63-4ee4-be01-3aff107fc8a0","prPublicId":"c8567726-5e63-4ee4-be01-3aff107fc8a0","dependencies":[{"name":"autoprefixer","from":"7.1.6","to":"9.0.0"},{"name":"css-loader","from":"0.28.7","to":"2.0.0"},{"name":"eslint","from":"3.19.0","to":"8.0.0"},{"name":"file-loader","from":"1.1.5","to":"1.1.7"},{"name":"html-webpack-plugin","from":"2.30.1","to":"4.0.0"},{"name":"http-proxy-middleware","from":"0.17.4","to":"0.18.0"},{"name":"lodash.merge","from":"4.6.0","to":"4.6.2"},{"name":"node-sass","from":"4.9.0","to":"7.0.2"},{"name":"optimize-css-assets-webpack-plugin","from":"3.2.0","to":"3.2.1"},{"name":"postcss-custom-media","from":"6.0.0","to":"7.0.0"},{"name":"shelljs","from":"0.7.8","to":"0.8.5"},{"name":"url-loader","from":"0.5.9","to":"0.6.0"},{"name":"vue","from":"2.5.2","to":"2.5.17"},{"name":"vue-loader","from":"13.3.0","to":"15.0.0"},{"name":"webpack","from":"3.8.1","to":"4.26.0"},{"name":"webpack-bundle-analyzer","from":"2.9.0","to":"4.0.0"},{"name":"webpack-hot-middleware","from":"2.20.0","to":"2.25.1"}],"packageManager":"npm","projectPublicId":"167ac981-a03d-475e-bd2f-6e1ab6762923","projectUrl":"https://app.snyk.io/org/adsbn/project/167ac981-a03d-475e-bd2f-6e1ab6762923?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746","npm:extend:20180424","npm:hoek:20180212","npm:stringstream:20180511"],"vulns":["npm:vue:20180802","npm:vue:20180222","npm:tunnel-agent:20170305","npm:stringstream:20180511","npm:mime:20170907","npm:mem:20180117","npm:hoek:20180212","npm:extend:20180424","npm:eslint:20180222","npm:braces:20180219","SNYK-JS-YARGSPARSER-560381","npm:ws:20171108","SNYK-JS-WS-1296835","SNYK-JS-WEBPACKBUNDLEANALYZER-174190","SNYK-JS-UGLIFYJS-1727251","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-TAR-1579155","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536528","SNYK-JS-SHELLJS-2332187","SNYK-JS-SCSSTOKENIZER-2339884","SNYK-JS-POSTCSS-1255640","SNYK-JS-NODESASS-542662","SNYK-JS-NODESASS-540982","SNYK-JS-NODESASS-535505","SNYK-JS-NODESASS-535504","SNYK-JS-NODESASS-535501","SNYK-JS-NODESASS-535497","SNYK-JS-NODESASS-1059081","SNYK-JS-LODASHMERGE-173733","SNYK-JS-LODASHMERGE-173732","SNYK-JS-LODASH-567746","SNYK-JS-JSYAML-174129","SNYK-JS-JSYAML-173999","SNYK-JS-ISSVG-1243891","SNYK-JS-ISSVG-1085627","SNYK-JS-HAWK-2808852","SNYK-JS-EJS-2803307","SNYK-JS-EJS-1049328","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIHTML-1296849","SNYK-JS-AJV-584908"],"upgrade":["SNYK-JS-AJV-584908","SNYK-JS-ANSIHTML-1296849","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","SNYK-JS-HAWK-2808852","SNYK-JS-ISSVG-1085627","SNYK-JS-ISSVG-1243891","SNYK-JS-JSYAML-173999","SNYK-JS-JSYAML-174129","SNYK-JS-LODASHMERGE-173732","SNYK-JS-LODASHMERGE-173733","SNYK-JS-NODESASS-1059081","SNYK-JS-NODESASS-535497","SNYK-JS-NODESASS-535501","SNYK-JS-NODESASS-535504","SNYK-JS-NODESASS-535505","SNYK-JS-NODESASS-540982","SNYK-JS-NODESASS-542662","SNYK-JS-POSTCSS-1255640","SNYK-JS-SCSSTOKENIZER-2339884","SNYK-JS-SHELLJS-2332187","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-UGLIFYJS-1727251","SNYK-JS-WEBPACKBUNDLEANALYZER-174190","SNYK-JS-WS-1296835","SNYK-JS-YARGSPARSER-560381","npm:braces:20180219","npm:eslint:20180222...