[Snyk] Fix for 60 vulnerabilities

[one3chens]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	No	Proof of Concept
	600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-540974	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) npm:handlebars:20151207	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper minification of non-boolean comparisons npm:uglify-js:20150824	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 102 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Feature request: angular style guide validator angular/angular-cli#860)
• e7525c9 test: nested url (When creating a folder manually, the barrel needs to be updated in the systemjs.config angular/angular-cli#859)
• 7259faa test: css hacks (Please create ng g b folder/path angular/angular-cli#858)
• 5e6034c feat: allow to filter import at-rules (added support for a new sass-files option angular/angular-cli#857)
• 5e702e7 feat: allow filtering urls (Pipe spec should be valid angular/angular-cli#856)
• 9642aa5 test: css stuff (Missing Pipe suffix angular/angular-cli#855)
• 3338656 fix: reduce number of require for url (App doesn't run when built with -prod angular/angular-cli#854)
• 533abbe test: issue 636 (perf: move es6-shim to core-js (new stuff only) angular/angular-cli#853)
• 08c551c refactor: better warning on invalid url resolution (Broccoli cannot find name 'module' angular/angular-cli#852)
• b0aa159 test: issue bug: update app component name to have 'Component' suffix angular/angular-cli#589 (Switch from es6-shim to core-js/client/shim angular/angular-cli#851)
• f599c70 fix: broken unucode characters (When build dest folder content not rewriten angular/angular-cli#850)
• 1e551f3 test: issue 286 (Ignore SASS/SCSS files starting with "_" angular/angular-cli#849)
• 419d27b docs: improve readme (fix(lint): Update rule names for codelyzer 0.0.19 angular/angular-cli#848)
• d94a698 refactor: webpack-default (ng serve -prod fails (beta 5) angular/angular-cli#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Importing adhoc 3rd party lib fail angular/angular-cli#845)
• 8a6ea10 refactor: postcss plugins (ng serve -prod fails (beta 4) angular/angular-cli#844)
• fdcf687 fix: url resolving logic (Change typings.json to use 'global' instead of ambient' angular/angular-cli#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Make lazy route folder prefix configurable angular/angular-cli#842)
• ee2d253 test: importLoaders option (feat(test): use link-cli option on e2e angular/angular-cli#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Adding a route doesn't add imports to app component angular/angular-cli#840)
• fe94ebc test: icss reserved keywords (fix(build): fix broken sourcemaps angular/angular-cli#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (angular-cli failed to install angular/angular-cli#838)

See the full diff

Package name: html-webpack-plugin

The new version differs by 196 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: node-sass

The new version differs by 250 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (linking an image from template html requires path from app root angular/angular-cli#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (AOT compiled app doesn't work when served from cdn angular/angular-cli#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (support exclusion option for --proxy-config angular/angular-cli#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (Test angular/angular-cli#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (Fix help command angular/angular-cli#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (Error When deploy angular 2 cli to github angular/angular-cli#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (Error: Cannot find module 'ng-factory' angular/angular-cli#3149)
• e80d4af chore: Drop EOL Node 15 (fix(karma): Enable test of global scripts angular/angular-cli#3122)
• d753397 feat: Add Node 17 support (ng help command not supported while it works in ember-cli angular/angular-cli#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: postcss-loader

The new version differs by 104 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (ng build error 0.0.29 ENOENT: no such file or directory, lstat 'public' angular/angular-cli#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (fix: on error builds an error was thrown because of duped files. angular/angular-cli#375)
• 114db12 docs(README): add autoprefixing example (fix: if there's no public/ directory, do not merge it in build angular/angular-cli#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (fix: the manifest paths should not include the root angular/angular-cli#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (ng build no longer working with v0.0.29 angular/angular-cli#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (feat: adds client dir between src and app angular/angular-cli#379)

See the full diff

Package name: postcss-url

The new version differs by 67 commits.

• 1a7496e 8.0.0
• dcfef47 eslint fixes
• 4830527 8.0.0 changlelog
• 4810601 added package-lock.json
• 0e361d5 updated mime package
• c6deff4 fix changelog
• 05be637 Merge pull request WIP tests: add basic e2e tests angular/angular-cli#126 from realityking/postcss7
• 1b5c06e Update postcss to version 7
• 88fc678 Update some dev dependencies
• 607e448 Support Node.js 10
• de03b85 Require Node.js 6
• ea84a94 7.3.2
• de6f6e2 Merge pull request Upgrade test blueprints to beta angular/angular-cli#119 from kisenka/skip-urls-with-tilde
• 00ceb36 chore: skip URLs started with tilde
• eeaccb7 chore: eslint fix
• bec2b0c feat: skip URLs with tilde
• 251a2c8 7.3.1
• c92a076 doc fixes
• d559b4f Merge pull request Folder Structure angular/angular-cli#117 from just4uwei/master
• 271f917 fixbug
• 343294c fix changelog
• 953ba4b 7.3.0
• 1d4e78e Merge pull request chore(readme): update wording angular/angular-cli#114 from digitalkaoz/patch-1
• e557044 prepend original filename in hashed filename

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (Integrate the build pipeline with Karma angular/angular-cli#87)
• 636ebed feat: add `fallback` option (Changed default browser from Chrome to Firefox angular/angular-cli#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (feat: bump Angular to alpha.48 and update blueprints angular/angular-cli#89)
• 2de70bb docs(README): fix typo in example ([Snyk] Security upgrade webpack from 3.5.5 to 4.0.0 #81)
• ced5990 feat(index): add options validation (`schema-utils`) ([Snyk] Fix for 1 vulnerabilities #78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request Failed to create new project after install angular-cli angular/angular-cli#8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request Angular 5 ng serve becomes stale angular/angular-cli#8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request ng new myproject not working error: Invalid rule or source result... angular/angular-cli#8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for Angular cli 1.5 ng serve, ng build command not working and is Fustrating can't we build angular 5 apps with out the cli? and just config webpac? angular/angular-cli#8293
• af123a8 Merge pull request 1.5.0 - cannot build with AOT or Build Optimizer: JavaScript heap out of memory angular/angular-cli#8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request fix(@angular/cli): Reenable node global angular/angular-cli#8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request Feature Request: Generate component specs with DebugElement and HTMLElement predefined and assigned angular/angular-cli#8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request Files not declared in angular.cli/assets and referenced in templates are not being fingerprinted and copied to root (dist) after compilation angular/angular-cli#8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-concat-plugin

The new version differs by 24 commits.

• 7a807c4 feat: add dist
• 3baaf33 add npm package
• d544a4d feat: add travis config
• a0c42a1 merge dev
• 839effb update
• 48811df update
• b164289 Merge pull request [Snyk] Fix for 1 vulnerabilities #18 from akempes/master
• 23261c0 Merge pull request [Snyk] Security upgrade webpack-dev-server from 2.7.1 to 3.11.0 #23 from jiverson/fix/html-plugin
• 1087985 Merge branch 'dev' into fix/html-plugin
• da8bd93 Merge branch 'dev' into fix/html-plugin
• 994784a Merge pull request [Snyk] Security upgrade webpack from 3.5.5 to 3.11.0 #26 from tomastrajan/use-uglify-es-to-support-es2015-and-above
• 4fe26df Use uglify-es to support es2015 and above
• c9cbd4a feat: add in ingration tests
• 69d20ea fix [Snyk] Fix for 1 vulnerabilities #19
• e17d1d1 Merge pull request [Snyk] Security upgrade webpack from 3.5.5 to 4.0.0 #20 from gosp/master
• b1fa4d6 bugfix [Snyk] Fix for 1 vulnerabilities #19
• af08645 Fix
• 9c58a9f Fix "Reduce of empty array with no initial value" error. (https://stackoverflow.com/a/23359208)
• d2d0ceb version 1.4.1
• 33ef036 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #15 from IndraGunawan/fix1
• dd58bb6 fix duplicate hash at generated filename
• 2e9ef7e Merge pull request [Snyk] Fix for 1 vulnerable dependencies #13 from subhaze/grab-new-file-content-on-each-emit
• 1219bfb Reload file content on each compiler emit; Fixes [Snyk] Fix for 1 vulnerable dependencies #7
• c4ff6d9 bump version 1.4.0

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c5b9c7e chore(release): 4.6.0
• 1ba9720 fix: reload on warnings (Feature Request: lint option at ng serve angular/angular-cli#4056)
• 5026601 feat: allow to pass all `chokidar` options (Migrate ember references in error messages. angular/angular-cli#4025)
• 7e78bfa chore(deps-dev): bump webpack from 5.64.2 to 5.64.3 (Unable to create sprites.  angular/angular-cli#4054)
• f2a7d16 chore(deps-dev): bump memfs from 3.3.0 to 3.4.0 (feat(generate): add guard generation angular/angular-cli#4055)
• d104b58 chore: remove redundant `eslint-disable` comments (Import Highcharts export-csv angular/angular-cli#4053)
• e6330f5 chore: remove redundant snapshots (chore(config): remove addons/packages entries angular/angular-cli#4052)
• cf26a3f chore(deps): bump ws from 8.2.3 to 8.3.0 (npm link not working angular/angular-cli#4051)
• 7823237 chore(deps-dev): bump lint-staged from 12.1.1 to 12.1.2 (ng github-page:deploy not generating files with hashes, only main.bundle.js angular/angular-cli#4048)
• 9b32c96 fix: reconnection logic (Setting CSS preprocessor corrupts the environment settings angular/angular-cli#4044)
• 5e7c001 chore(deps-dev): bump eslint from 8.2.0 to 8.3.0 (help for nginx config with --base-href command (I am not sure it's a bug) angular/angular-cli#4045)
• 12d6d52 chore(deps-dev): bump lint-staged from 12.0.2 to 12.1.1 (fix(build): don't leave dist folder on fail angular/angular-cli#4047)
• 7ed2ba3 chore(deps-dev): bump webpack from 5.64.1 to 5.64.2 (Generate component without...  angular/angular-cli#4046)
• b497f68 docs: fix typo (ng e2e does not start a webserver angular/angular-cli#4042)
• 285487f chore(deps): remove unused (fix(build): override publicPath for ExtractTextPlugin angular/angular-cli#4036)
• a19ee71 chore(deps-dev): bump acorn from 8.5.0 to 8.6.0 (Giving the possibility to create component with associated module  angular/angular-cli#4040)
• 497e615 chore(deps): bump webpack-dev-middleware
• ec882db chore(deps-dev): bump typescript from 4.4.4 to 4.5.2 (chore(docs): update documentation to reflect recent changes angular/angular-cli#4034)
• 7d117de chore: update dependencies (Can we use angular-cli after a project has been already been created by using git clone of Angular Quickstart angular/angular-cli#4033)
• a5b1c70 chore: update `schema-utils` (refactor(deps): remove unused dependency angular/angular-cli#4032)
• d3be607 chore(deps): bump @ babel/preset-env from 7.16.0 to 7.16.4 (refactor: remove support for '.ember-cli' file angular/angular-cli#4030)
• 25bace8 chore(deps): bump @ babel/plugin-transform-runtime (Store session cookies and proxy angular/angular-cli#4031)
• 6a5b58d docs: fix `--https` option alignment (When it will add support for angular-universal ? angular/angular-cli#4028)
• fd8c54a chore: remove redundant `eslint-disable` comments (viewEncapsulation is not defined angular/angular-cli#4024)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"b35942bf-0051-4600-94a0-17911c4b988b","prPublicId":"b35942bf-0051-4600-94a0-17911c4b988b","dependencies":[{"name":"autoprefixer","from":"6.7.7","to":"9.0.0"},{"name":"css-loader","from":"0.28.5","to":"2.0.0"},{"name":"cssnano","from":"3.10.0","to":"4.1.1"},{"name":"html-webpack-plugin","from":"2.30.1","to":"4.0.0"},{"name":"license-webpack-plugin","from":"1.0.0","to":"2.0.0"},{"name":"lodash","from":"4.17.4","to":"4.17.21"},{"name":"node-sass","from":"4.5.3","to":"7.0.2"},{"name":"postcss-loader","from":"1.3.3","to":"3.0.0"},{"name":"postcss-url","from":"5.1.2","to":"8.0.0"},{"name":"url-loader","from":"0.5.9","to":"0.6.0"},{"name":"webpack","from":"3.5.5","to":"4.26.0"},{"name":"webpack-concat-plugin","from":"1.4.0","to":"2.0.0"},{"name":"webpack-dev-server","from":"2.7.1","to":"4.6.0"}],"packageManager":"npm","projectPublicId":"57da28c1-6370-4832-9b93-bd6b16f45854","projectUrl":"https://app.snyk.io/org/one3chens/project/57da28c1-6370-4832-9b93-bd6b16f45854?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746","npm:debug:20170905","npm:extend:20180424","npm:hoek:20180212","npm:mime:20170907","npm:stringstream:20180511","npm:tough-cookie:20170905"],"vulns":["npm:tough-cookie:20170905","npm:stringstream:20180511","npm:mime:20170907","npm:mem:20180117","npm:hoek:20180212","npm:extend:20180424","npm:debug:20170905","npm:braces:20180219","SNYK-JS-YARGSPARSER-560381","SNYK-JS-WEBPACKDEVSERVER-72405","SNYK-JS-UGLIFYJS-1727251","npm:uglify-js:20151024","npm:uglify-js:20150824","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-TAR-1579155","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536528","npm:lodash:20180130","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-1018905","SNYK-JS-SOCKJS-575261","SNYK-JS-SCSSTOKENIZER-2339884","SNYK-JS-POSTCSS-1255640","SNYK-JS-JSYAML-174129","SNYK-JS-JSYAML-173999","SNYK-JS-ISSVG-1243891","SNYK-JS-ISSVG-1085627","npm:handlebars:20151207","SNYK-JS-HANDLEBARS-567742","SNYK-JS-HANDLEBARS-534988","SNYK-JS-HANDLEBARS-534478","SNYK-JS-HANDLEBARS-469063","SNYK-JS-HANDLEBARS-173692","SNYK-JS-HANDLEBARS-1279029","SNYK-JS-HANDLEBARS-1056767","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-NODESASS-542662","SNYK-JS-NODESASS-540982","SNYK-JS-NODESASS-540974","SNYK-JS-NODESASS-535505","SNYK-JS-NODESASS-535504","SNYK-JS-NODESASS-535503","SNYK-JS-NODESASS-535501","SNYK-JS-NODESASS-535497","SNYK-JS-NODESASS-1059081","SNYK-JS-EVENTSOURCE-2823375","SNYK-JS-EJS-2803307","SNYK-JS-EJS-1049328","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ANSIHTML-1296849","SNYK-JS-AJV-584908"],"upgrade":["SNYK-JS-AJV-584908","SNYK-JS-ANSIHTML-1296849","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","SNYK-JS-EVENTSOURCE-2823375","SNYK-JS-GLOBPARENT-1016905","SNYK...