[Snyk] Fix for 15 vulnerabilities

[kopax]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	No	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @expo/webpack-config

The new version differs by 250 commits.

• 4e7dbf3 Publish
• 84f6686 Update README.md
• 7adc6ae Update README.md
• 3052b9d [webpack] Upgrade to Webpack 5 (#3763)
• 625d91a Remove Node.js limitations on the legacy CLI (#4635)
• bee0413 [readme] Highlight the modern local CLI over everything else (#4632)
• 7edfa46 + [email protected]
• 75af3f6 fix(create-expo-app): skip creating a git repo when inside existing repo (#4629)
• c56fb82 update docs to reflect next config bug (#4620)
• 48d14b4 Update CHANGELOG and commit schema cache
• a151151 Publish
• 3986274 [install-expo-modules] Add react-native 0.71 support (#4612)
• 8e5e5f7 fix(update): json5 to v2.2.2 where vulnerability has been patched (#4618)
• 62ce1fd Handle multiple query parameters in Android URIs (#4538)
• 757b300 [xdl] Add feature gates (#4587)
• 58cf75b Update @ xmldom/xmldom (#4592)
• 508f15b Update README.md
• 820cc0f deprecate expo-optimize and drop related checks (#4588)
• d6329a4 Update PULL_REQUEST_TEMPLATE
• e631bdb Update index-test.js.snap
• 72e6af2 drop traveling-fastlane source (#4589)
• 69965f2 feat(next)!: rewrite package (#4582)
• 8c3e745 Update CHANGELOG and commit schema cache
• e01f946 Publish

See the full diff

Package name: css-loader

The new version differs by 178 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (#1209)
• 7bfe85d chore(deps): update (#1208)
• b5c9379 feat: postcss@8 (#1204)
• 92fe103 docs: context is localIdentContext in README (#1202)
• e5a9272 chore(deps): update (#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (#1196)
• dd52931 feat: hide warning on no plugins (#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (#1180)
• ec58a7c feat: the `importLoaders` can be `string` (#1178)
• df490c7 test: sass-loader next (#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (#1176)
• 4ce556a docs: fix type (#1174)

See the full diff

Package name: documentation

The new version differs by 130 commits.

• 849a083 chore(release): 14.0.0
• 42b14a0 build(deps-dev): bump eslint from 8.21.0 to 8.22.0 (#1547)
• 85ecbbf build(deps): bump @ babel/generator from 7.18.10 to 7.18.12 (#1545)
• 4609719 chore(release): 14.0.0-alpha.1
• f513485 Align babel plugin list with Prettier
• 5d66953 Sort babel plugins
• 7e17203 revert to upsteam package-lock.json
• 3f187d7 feat: ✨ update Babel, copy list of plugins from Prettier
• 73bb2a4 chore(release): 14.0.0-alpha.0
• 390edff Update release instructions
• e4ba155 patch updates to babel and husky
• 9941fb6 Bump husky from 4 to 8
• 69066bb don't ignore updates to husky
• 3d2c043 run migration script from husky 4 to 8
• c5e0156 Merge pull request #1541 from documentationjs/bump-mock-fs
• 8236bd0 Bump to mock-fs 5.1.4
• ab0cade Merge pull request #1530 from SojinSamuel/patch-1
• 77968e1 Bump mock-fs from 5.1.2 to 5.1.3
• 0d04462 Merge pull request #1540 from documentationjs/Add-test-suite-for-node-18
• a6dc1bd Add test suite for node 18
• 2c885bf Run npm audit fix
• 21fbb3e Bump fs-extra from 10.0.1 to 10.1.0
• 2cb5a26 Bump prettier from 2.6.2 to 2.7.1
• fb20409 Bump eslint from 8.13.0 to 8.21.0

See the full diff

Package name: image-webpack-loader

The new version differs by 74 commits.

• d9cca9b 7.0.0
• 7d91d45 lts not found?
• 8ea85e3 update changelog
• 044ccaf require node 10
• 8d386e2 Merge pull request #238 from tcoopman/dependabot/npm_and_yarn/imagemin-mozjpeg-9.0.0
• d0f574c Bump imagemin-mozjpeg from 8.0.0 to 9.0.0
• 73e4acc Merge pull request #259 from tcoopman/dependabot/npm_and_yarn/imagemin-pngquant-9.0.1
• 42b776f Merge pull request #236 from tcoopman/dependabot/npm_and_yarn/imagemin-webp-6.0.0
• 63b3d18 Merge pull request #248 from tcoopman/dependabot/npm_and_yarn/webpack-4.44.1
• 953073e Bump imagemin-pngquant from 8.0.0 to 9.0.1
• 12a9da6 Bump webpack from 4.42.0 to 4.44.1
• 569b13c Bump imagemin-webp from 5.1.0 to 6.0.0
• 7fcf273 Merge pull request #258 from tcoopman/dependabot/npm_and_yarn/bl-1.2.3
• 2367e00 Merge pull request #255 from tcoopman/dependabot/npm_and_yarn/decompress-4.2.1
• 7714554 Merge pull request #253 from tcoopman/dependabot/npm_and_yarn/schema-utils-2.7.1
• b601c5c Merge pull request #247 from tcoopman/dependabot/npm_and_yarn/elliptic-6.5.3
• 96197b4 Merge pull request #241 from tcoopman/dependabot/npm_and_yarn/webpack-cli-3.3.12
• 5cf2d90 [Security] Bump bl from 1.2.2 to 1.2.3
• 7e4116c Bump schema-utils from 2.6.5 to 2.7.1
• 605a580 Merge pull request #235 from tcoopman/dependabot/npm_and_yarn/imagemin-svgo-8.0.0
• 6fd3a22 [Security] Bump decompress from 4.2.0 to 4.2.1
• c37a782 Merge pull request #234 from tcoopman/dependabot/npm_and_yarn/imagemin-optipng-8.0.0
• 830a392 Merge pull request #211 from tcoopman/dependabot/npm_and_yarn/imagemin-gifsicle-7.0.0
• 168a70c [Security] Bump elliptic from 6.5.2 to 6.5.3

See the full diff

Package name: react-styleguidist

The new version differs by 250 commits.

• a460fcc feat: Upgrade to Webpack 5 (#1996)
• 4c55077 Build(deps): Bump ua-parser-js in /examples/webpack (#1928)
• e630725 Build(deps): Bump browserslist in /examples/webpack (#1927)
• 2c855fa Build(deps): Bump follow-redirects in /examples/react-native (#1924)
• 7f4d1fa Build(deps): Bump follow-redirects in /examples/preact (#1921)
• d486074 Build(deps): Bump follow-redirects in /examples/customised (#1920)
• 4861363 Build(deps): Bump follow-redirects in /examples/express (#1919)
• abfc18e Build(deps): Bump follow-redirects in /examples/sections (#1917)
• 6d4c1e7 Build(deps): Bump follow-redirects in /examples/basic (#1916)
• c66b152 Build(deps): Bump prismjs in /examples/styled-components (#1913)
• 92518df feat: Webpack 5 support (#1903)
• 6415cb6 Build(deps): Bump url-parse from 1.4.7 to 1.5.3 (#1896)
• 6ca3c4c chore: Add npm 'cache' to 'release' workflow (#1899)
• 7d62618 chore: Add npm 'cache' to 'danger' workflow (#1900)
• 9114b4a docs: Fix code block formatting in Maintenance.md (#1908)
• 54be33b chore: Add npm 'cache' to 'release' workflow (#1901)
• 48e98b8 chore: Add npm 'cache' to Node.js workflow (#1898)
• 77a2a2e fix: Remove `is-directory`, use `fs` module directly (#1897)
• 0a477a6 docs: Add more funding options
• 33b6796 Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/webpack (#1892)
• 0ebf18b Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/sections (#1891)
• e2ee4a9 Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/customised (#1890)
• e97872a Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/express (#1889)
• 4290c03 Build(deps): Bump tmpl from 1.0.4 to 1.0.5 (#1885)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 Prototype Pollution