[Snyk] Fix for 12 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/build-essentials/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 250 commits.

• e1572d9 2.0.0
• 2daf6a9 Bump dependencies
• b1e54b1 By default, select test and helpers inside 'tests' directories
• 677578f Replace individual lodash packages with the main package
• a53ea15 Define environment variables to be injected in the test file processes
• 626e58c 2.0.0-rc.1
• 51433be Implement helper for our ESLint plugin
• c10e38c Remove underline from Babel configuration validation errors
• 928ed14 Bump dependencies
• 98034fb Make the object printing depth configurable (FEATURE: use new link editor in inspector neos/neos-ui#2121)
• f26634b 2.0.0-beta.2
• 80d72ff Bump dependencies
• 5f4c96f Further helper selection improvements
• ba5cd80 Fix TypeScript definition allowing macro-without-title-using-tests to be skipped
• 13a89e1 Reduce size of logo in readme
• 799eb91 Update domain name
• cb4c809 Make watch mode dependency tracking work with custom require hooks
• 08e99e5 Treat .spec.js files as test files
• 91b7641 Use underscore-prefixed helpers in documentation
• c2d8218 Improve the TypeScript definition `ObservableLike` type
• 5bae97c Fix sample test in Flow recipe
• 2762d3c Fix require path in Babel recipe
• 05f925f Fix sample test in TypeScript recipe
• 8a3f6ca Remove mention of the obsolete `devtool` package

See the full diff

Package name: check-dependencies

The new version differs by 55 commits.

• 03c8847 Tag 2.0.0
• 65d9ef5 Set Node.js requirement in package.json engines to >=18.3
• 4917ab0 Simplify the spawn logic
• fc04cc8 Drop support for the callback interface
• 28257dd Tweak ESLint settings
• dc16e8a Drop the bluebird devDependency
• 412337a Drop fs-extra & graceful-fs devDependencies
• 091279a Drop the findup-sync dependency
• 10ac9c5 Drop lodash.camelcase & minimist dependencies
• 35dce52 Update dependencies
• 2929ba7 Update tested Node.js versions
• 1f514eb Don't invoke `npm prune`, `npm install` is already enough
• 65107d2 Drop support for Bower & the `checkCustomPackageNames` option
• f28ba1b Avoid `git://` URLs, they're no longer supported
• 8fdc6ad Limit allowed `packageManager` values
• 9809f13 Bump word-wrap from 1.2.3 to 1.2.4 ([Snyk] Security upgrade debug from 2.6.9 to 3.1.0 #58)
• e522471 Bump semver from 7.3.8 to 7.5.2 ([Snyk] Security upgrade webpack from 1.15.0 to 5.0.0 #57)
• 031416d Bump yaml from 2.2.1 to 2.2.2 ([Snyk] Security upgrade style-loader from 0.13.2 to 1.1.4 #56)
• dff3ab9 Build: Fix running tests on Windows
• 062005f Build: Update the GitHub Actions config
• ecf138f Build: Update dependencies
• 15c13b3 Build: Remove AppVeyor
• 89b9df0 Build: Update .gitattributes to files always use LF line endings
• db8c172 Build: Tweak GitHub Actions workflow code style

See the full diff

Package name: codeclimate-test-reporter

The new version differs by 8 commits.

• 1ad7ea8 Bump to 0.5.1
• 5e4b10e chore: update dependencies with security issues fixes [Snyk] Fix for 3 vulnerabilities #70
• c4b55e1 README: update deprecation notice
• 7a8c75f Update README.md
• c37a8da Update README.md ([Snyk] Security upgrade stylelint from 7.13.0 to 14.0.0 #63)
• 9fc86ba Release v0.5.0
• d936a62 Update engines depedency to node >= 4
• 97f1ff2 Upgrade request package

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 80b8d5d 5.5.0
• b68e403 Build: changelog update for 5.5.0
• 6e110e6 Fix: camelcase duplicate warning bug (fixes #10801) (#10802)
• 5103ee7 Docs: Add Brackets integration (#10813)
• b61d2cd Update: max-params to only highlight function header (#10815)
• 2b2f11d Upgrade: babel-code-frame to version 7 (#10808)
• 2824d43 Docs: fix comment placement in a code example (#10799)
• 10690b7 Upgrade: devdeps and deps to latest (#10622)
• 80c8598 Docs: gitignore syntax updates (fixes #8139) (#10776)
• cb946af Chore: use meta.messages in some rules (1/4) (#10764)
• a857cd9 5.4.0
• 8dee250 Build: changelog update for 5.4.0
• a70909f Docs: Add jscs-dev.github.io links (#10771)
• 034690f Fix: no-invalid-meta crashes for non Object values (fixes #10750) (#10753)
• 11a462d Docs: Broken jscs.info URLs (fixes #10732) (#10770)
• 985567d Chore: rm unused dep string.prototype.matchall (#10756)
• f3d8454 Update: Improve no-extra-parens error message (#10748)
• 562a03f Fix: consistent-docs-url crashes if meta.docs is empty (fixes #10722) (#10749)
• 6492233 Chore: enable no-prototype-builtins in codebase (fixes #10660) (#10664)
• 137140f Chore: use eslintrc overrides (#10677)
• 2af6f4f 5.3.0
• 11e70c7 Build: changelog update for 5.3.0
• dd6cb19 Docs: Updated no-return-await Rule Documentation (fixes #9695) (#10699)
• 6009239 Chore: rename utils for consistency (#10727)

See the full diff

Package name: nyc

The new version differs by 162 commits.

• 4a6b327 chore(release): 13.0.1
• ae5318b chore: Update istanbul dependencies. (When a node has a missing childNode, discard returns an error neos/neos-ui#896)
• d0b76e2 fix: Enable es-modules by default. (TASK: Add editorconfig linter neos/neos-ui#889)
• 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing (Make Background Color in ContentCanvas configurable neos/neos-ui#863)
• c325799 docs: reference babel 7 in all places (BUGFIX: fix performance of trees by fixing makeChildrenOfSelector neos/neos-ui#881)
• 7483ed9 fix: use uuid/v4 to generate unique identifiers. (TASK: Use Open Sans as the default UI font neos/neos-ui#883)
• 8ab1ae3 chore: update dependencies (BUGFIX: display inspector tabs that have only views and no properties neos/neos-ui#872)
• 52b69ef fix: Update caching-transform options. (BUGFIX: fallback to the first tab when tab index is out of bounds neos/neos-ui#873)
• 624a723 chore: update dependencies (Content and Document tree should scroll when moving nodes through drag/drop neos/neos-ui#866)
• a5818f5 chore(release): 13.0.0
• f0d98a5 docs: update README.md with babel configuration info (TASK: Remove border-bottom from ck-editor toolbar neos/neos-ui#860)
• 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report (TASK: refactor dependencies to the top level neos/neos-ui#859)
• f09cf02 chore: update dependencies (CKE-Link target won't close on a click on a non content element neos/neos-ui#855)
• d0f654c fix: source was being instrumented twice, due to upstream fix in ista… (Hide the inspector panel should close crop mode neos/neos-ui#853)
• adb310c chore(release): 12.0.2
• ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 (Structure-Tree can not be toggled neos/neos-ui#854)
• b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
• 9fc20e4 chore(release): 12.0.1
• 3e087d4 chore: upgrade to version of istanbul with optional catch binding (CKE Tool-Bar has a wrong border-bottom neos/neos-ui#851)
• eaf3f70 chore(release): 12.0.0
• 19b7d21 chore: upgrade to newest version of istanbul codebase (BUGFIX: Add missing url-loader dependency in neos-ui package neos/neos-ui#848)
• 570a08a chore(release): 11.9.0
• 1329a3b feat: add option that allows instrument to exit on error (New Content-Modal does not close in ESC neos/neos-ui#850)
• bc9ffe5 chore(release): 11.8.0

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 5ff7daf Prepare 9.8.0
• d2fb462 Update CHANGELOG.md
• 66855d6 Fix false positives for final newlines in max-empty-lines (BUG: The new conflict resolution e2e tests are sadly a bit flaky in ci :O neos/neos-ui#3785)
• cbd0246 Fixed typo "psuedo" to "pseudo" (TASK: Remove __neosLegacyUiEnabled__ flag again neos/neos-ui#3790)
• f20d9e4 Update prettier to the latest version 🚀 (TASK: Adjust To Tethered NodeType Definitions neos/neos-ui#3782)
• 8490b5d Remove unused dependencies (BUG: 9.0 change-base-workspace is infinite loop and times out - always?!! neos/neos-ui#3787)
• 547888b * Add jest-watch-typeahead (BUG: Neos Ui version shown as vundefined neos/neos-ui#3781)
• 29e0fde Update CHANGELOG.md
• 48dc855 Add autofix to value-keyword-case (TASK: Adjust to workspace aware ContentGraph neos/neos-ui#3775)
• 3dd2884 Update CHANGELOG.md
• 2ba9900 Fix error for single-line Sass comments (TASK: Adjust to NodeLabelRenderer neos/neos-ui#3772)
• 0c801e7 Update ignore to version 5.0.4 (WIP: Isolate Drawer menu from the rest of the UI neos/neos-ui#3773)
• a9a68dd Update micromatch (FEATURE: Integrate conflict resolution with publish/discard dialog workflow neos/neos-ui#3769)
• 691ce27 Update CHANGELOG.md
• 67596f0 Add ignore: ["pseudo-classes"] to max-nesting-depth (Back button in node creation handler does not work in secondary editor mode neos/neos-ui#3724)
• f1c50d0 Update CHANGELOG.md
• 97d351e Add ignoreFunctions: [] to unit-no-unkown (BUGFIX: Remove duplicated apply button in DateInput & handle onChange on date selection neos/neos-ui#3736)
• fdeb82f Update CHANGELOG.md
• e9e73d5 Fix false positives for Less variables and mixins in at-rule-* (BUG: Backend not working with strong Content-Security-Policy Header neos/neos-ui#3767)
• 5fd5905 Update CHANGELOG.md
• 3f6b31b Add ignoreTypes option to selector-type-case (TASK: Adjust to ViewInterface change in Neos.Flow and Neos.Neos neos/neos-ui#3758)
• b257c5f Update plugins.md (!!!FEATURE: Offer resolution strategies when conflicts arise during rebase neos/neos-ui#3762)
• 259ed20 Update appveyor badge id
• 19e1790 Prepare 9.7.1

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation