Update dependency clone-deep to fix security issue downstream

[adelyafatykhova]

• Operating System: na
• Node Version: na
• NPM Version: na
• webpack Version: na
• sass-loader Version: every version of sass-loader with clone-deep above version 1.0

Expected Behavior

No security vulnerabilities are flagged

Actual Behavior

Security vulnerability CVE-2019-20149 downstream in kind-of (used by clone-deep, which this package uses) leads to any projects using sass-loader to be flagged.

As this security vulnerability has been rated fairly high, this is problematic.

A new version of kind-of (6.0.3) has been released with a fix, but not yet clone-deep.

When this PR in clone-deep to bump the kind-of version is merged and a new version released, then sass-loader should also bump its version of clone-deep to match.

This issue affects every single version of sass-loader that uses above clone-deep v1.0

Links:

• discussion in kind-of about the security vulnerability: Security vulnerability backport to 3.x line. jonschlinkert/kind-of#33
• fix in kind-of for the issue fix type checking vul in ctorName jonschlinkert/kind-of#31
• PR in clone-deep Bump kind-of version for CVE-2019-20149 jonschlinkert/clone-deep#18)

Code

na

How Do We Reproduce?

Run whitesource on any project using this package

[alexander-akait]

Fixed on kind-of side