[Snyk] Fix for 1 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Update python-dateutil to 2.8.0 mozilla/redash#860)
• e7525c9 test: nested url (Update psycopg2 to 2.7.7 mozilla/redash#859)
• 7259faa test: css hacks (Update blinker to 1.4 mozilla/redash#858)
• 5e6034c feat: allow to filter import at-rules (Update aniso8601 to 4.1.0 mozilla/redash#857)
• 5e702e7 feat: allow filtering urls (Update passlib to 1.7.1 mozilla/redash#856)
• 9642aa5 test: css stuff (Update flask-limiter to 1.0.1 mozilla/redash#855)
• 3338656 fix: reduce number of require for url (Update flask-migrate to 2.4.0 mozilla/redash#854)
• 533abbe test: issue 636 (Update flask-sqlalchemy to 2.3.2 mozilla/redash#853)
• 08c551c refactor: better warning on invalid url resolution (Update flask-login to 0.4.1 mozilla/redash#852)
• b0aa159 test: issue Scheduled daily dependency update on tuesday mozilla/redash#589 (Update flask-restful to 0.3.7 mozilla/redash#851)
• f599c70 fix: broken unucode characters (Update flask-admin to 1.5.3 mozilla/redash#850)
• 1e551f3 test: issue 286 (Update httplib2 to 0.12.1 mozilla/redash#849)
• 419d27b docs: improve readme (Update pyopenssl to 19.0.0 mozilla/redash#848)
• d94a698 refactor: webpack-default (Update markupsafe to 1.1.1 mozilla/redash#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Update itsdangerous to 1.1.0 mozilla/redash#845)
• 8a6ea10 refactor: postcss plugins (Update jinja2 to 2.10 mozilla/redash#844)
• fdcf687 fix: url resolving logic (Update werkzeug to 0.14.1 mozilla/redash#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Update flask to 1.0.2 mozilla/redash#842)
• ee2d253 test: importLoaders option (Update jsonschema to 3.0.0 mozilla/redash#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Update markupsafe to 1.1.1 mozilla/redash#840)
• fe94ebc test: icss reserved keywords (Update xlsxwriter to 1.1.5 mozilla/redash#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Update botocore to 1.12.101 mozilla/redash#838)

See the full diff

Package name: webpack-build-notifier

The new version differs by 55 commits.

• 6ee67a7 Updated doc comments
• f47b1bf 2.0.0 release
• 7154ebc Added code coverage ignore else
• 5a8aaf0 Fixed lint errors.
• 3818331 Added showDuration config option from master
• 7983df7 Added test mock for platform architecture.
• c04ca71 Added onComplileStart and onComplete callbacks from master
• 0b3d3b7 Removed accidantal commit
• 7c44e15 Removed accidantal commit
• 929ee09 Merge branch 'master' into release/2.0.0
• df25e60 Updated dependencies to latest.
• 69e43cd Temporarily disable failing tests.
• 76a2a87 Added test mock for process.arch
• 1a5987d Updated node-notifier to fix [Snyk] Security upgrade protobuf from 3.17.3 to 3.18.3 #43; added test coverage.
• e153dd8 Updated changelog and package version
• d6b7feb Merge pull request [Snyk] Fix for 2 vulnerabilities #49 from yoavain/add-duration-to-notification
• 510f9cd Build time in notification
• db6552f Updated node-notifier dependency to latest version to fix [Snyk] Security upgrade pyarrow from 0.13.0 to 0.15.1 #45.
• b39b4a1 Merge pull request [Snyk] Security upgrade urllib3 from 1.25.11 to 1.26.5 #44 from RoccoC/feature/callbacks
• 8f65131 Fixed lint errors
• c031929 Minor cleanup for consistency, bumped version
• 75c101c Merge pull request [Snyk] Security upgrade pyarrow from 0.13.0 to 0.15.1 #42 from phyzical/feature/Adding-custom-callback-functionailty
• 61edb0d Added TODO
• 4ace475 * simplified code and added params to be passed down, allowing for the type of compilation to be hadnled in the callbaack provided

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• 30b1b8d chore: v3.3.5
• 76b75ac chore: remove donation section
• 8913928 chore: update pkg lock
• a37477d cli: remove donation prompt
• 002a6ac Merge pull request M23 rebase mozilla/redash#970 from dhruvdutt/postinstall
• cd54ba5 chore(scripts): clean opencollective
• 0c1f6b6 chore(scripts): clean postinstall
• 313e83e chore(deps): update major versions (Fix query id in parameter querystring names (fixes #942) mozilla/redash#969)
• 6105ef1 fix(deps): move prettier from dependencies to devDependencies (Release m22.1 mozilla/redash#968)
• dad54f4 chore(ts): enables source map in the ts (Consider adding a banner that gives information about missing data mozilla/redash#961)
• d7cdab9 Merge pull request Reverting a query to a previous version is not taking place until the page is refreshed mozilla/redash#960 from DanielRuf/fix/use-strict
• 6015bad chore: added await in order to resolve the pending promise (Big Query Data Samples mozilla/redash#948)
• 670efc7 fix: change "usr strict" to "use strict"
• dc25beb Merge pull request New created tags are not saved from the new query page mozilla/redash#959 from webpack/fix/deps
• 69f364e fix: update deps
• f0f12c9 chore(packages): lock dependencies versions (Moving widgets inside a dashboard has become less smooth in RC mozilla/redash#958)
• 08edf57 Merge pull request Query consistently times out mozilla/redash#954 from webpack/v.3.3.4
• 186166f chore: v.3.3.4
• 8acf08f Merge pull request M21 rebase mozilla/redash#952 from pranshuchittora/docs/readme
• 8b00884 chore: remove unused pkgs
• 478340d chore: fix prompt
• 0acd33e Merge pull request Too easy to accidentally schedule queries for long periods that cost a lot of money mozilla/redash#949 from rishabh3112/fix/not-found
• 23eddcb chore: improved err msg
• d025bf5 Merge branch 'master' of github.com:webpack/webpack-cli into docs/readme

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (refs https://github.com/getredash/redash/issues/3675 getredash/redash#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (need to add optional params to render_token_login_page on reset_password? getredash/redash#3675)
• 1768d6b fix: initial reloading for lazy compilation ( Error running query: Working outside of application context getredash/redash#3662)
• 4f5bab1 docs: improve examples (Reduce volatility in embed percy snapshots getredash/redash#3672)
• f2d87fb fix: improve https CLI output (Only load fields that are needed from Google API for Big Query schema. getredash/redash#3673)
• 0277c5e chore: remove redundant console statements (REST API to delete dashboard getredash/redash#3671)
• 16fcdbc docs: add `ipc` example (Add max-width to Notification description getredash/redash#3667)
• 8915fb8 test: add e2e tests for built in routes (Large query results causing Redis to lose connection getredash/redash#3669)
• 4d1cbe1 docs: ask `version` information in issue template ([#1414] Word Cloud Word Frequency Selection getredash/redash#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (Y axis units not adhering to number format getredash/redash#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (Fixed wrong width assertion getredash/redash#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (upgrade from 6.0.0 to 7.0.0 fails with a lot of crashes getredash/redash#3660)
• d8bdd03 test: fix stability (upgrade from v6 to v7, users tab cannot be opened due to exceptions getredash/redash#3661)
• 22b1414 refactor: remove `killable` (Google SSO is not available on fresh redash install getredash/redash#3657)
• 75bafbf test: add e2e tests for module federation (feature: add couchbase query runner getredash/redash#3658)
• 493ccbd chore(deps): update `ws` (Table UI linked to plot getredash/redash#3652)
• ae8c523 test: add e2e test for universal compiler (Dashboard grid markings getredash/redash#3656)
• f94b84f chore(deps): update (REST API to create user without invitation getredash/redash#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (Dashboard auto-saving getredash/redash#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (redash7.0 schema refresh failed:get schema from hive(1.2.1000) datasource error getredash/redash#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (Fix email shows as unverified when no email server is configured getredash/redash#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.