[Snyk] Fix for 12 vulnerabilities

[mak-thevar]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • WebCore/package.json
  • WebCore/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-CHARTJS-1018716	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-DATATABLESNET-1016402	No	No Known Exploit
	476/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.1	Cross-site Scripting (XSS) SNYK-JS-DATATABLESNET-1540544	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-DATATABLESNET-598806	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-1056868	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-2840635	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-2940620	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chart.js

The new version differs by 9 commits.

• 1d92605 Use Object.create(null) as `merge` target (#7920)
• dff7140 When objects are merged together, the target prototype can be polluted. (#7918)
• d919188 Bump verison number to v2.9.4
• 42ed589 Fix Maximum call stack size exception in computeLabelSizes (#7883)
• 063b7dc [2.9] FitBoxes recursion when dimensions are NaN (#7853)
• 2493cb5 Use node v12.18.2 on Travis CI (#7864)
• 679ec4a docs: fix rollup external moment (#7587)
• 484f0d1 Preserve object prototypes when cloning (#7404)
• 2df6986 Look for any branch starting with release (#7087) (#7089)

See the full diff

Package name: datatables.net

The new version differs by 250 commits.

• d67ca5d Sync tag release - 1.11.3
• 02aee29 79772b97fe6d45af67057cc13fa6af3f00c873ea 1.11.3 release
• 0ba589b 148ef5aaad0ebbafab2afd5b52e30b09b509301b remove debug
• 3e83d1d 1be97b106ca9b87308ca4fba2e8d8abf795c9213 dev: Stop calling save state when loading a state
• 5047dd5 1eddf57e55486c9e69581f14f77a2c3cd58b43f4 Fix: Polyfill for String.prototype.includes
• c12b06c af651f6ab12052c1cb5d67cb73ad3284e2c296cb Fix: Add polyfill for Array.prototype.includes as we use it in extensions now and IE11 (which is still supported) does not have Array.prototype.includes
• 59a8d3f e835ddc5b800c47f7e9e32a91cc522f8ca7ced5c Fix: If an array was passed to the HTML escape entities function it would not have its contents escaped
• 7e67f10 eb374d15c81375eb82eca6f16a27ecf2b86f0701 Release 1.11.2
• 267d3bf 45b675ba154e93eae3087811c7cd36675c953b10 dev: Only set start position internal property on initialisation
• 90940b2 e5bbe90f5ddb2e0016f6d8c158390b046c7d923a dev: Need columns visibility to be restoreable when using statesave not at initialisation
• d237bed a9f7bdf49784b713583995c0fd1863a279ed6533 return true from loadstate function
• ac873b2 1ae8c6893bd43961c55c3d0dff4a409bbffde3a5 TEST updated case number for disabled tests (was using the old bug tracker)
• 3eb5dab d4d67505a6a80b5645bb1078037e3bcd14816070 update: Move implementstate function so that it is available from the outside
• b5bd164 2496e827205d7a138c2da4456c4926c7bc6c00f8 test: revert the previous commit to add an afterall
• 7980ff7 485a1cff8910a8f953fab52d8950aafba1c92d75 test: Fix issue with tests not cleaning up nicely when they finish
• 3fbab9a b2b0ae8f214878fe08bc3f507624584cb6d3b242 fix: Fix issue with internal function not retrieving filter data where appropriate
• 2d7d3e1 Sync tag release - 1.11.2
• 691e7fc b231df3c8fdf73ee04bcd2a6b75bb94e94322a74
• 46aa22b Update datatables.json to include js files
• d2daf5e b231df3c8fdf73ee04bcd2a6b75bb94e94322a74 TEST changes to support StateRestore
• b72bdde d06d068a421fe57e888d6270166579812f0c2cbd
• 9bd642e d06d068a421fe57e888d6270166579812f0c2cbd
• 5a4328f Sync tag release - 1.11.1
• c13e9aa d06d068a421fe57e888d6270166579812f0c2cbd DataTables 1.11.1

See the full diff

Package name: datatables.net-bs4

The new version differs by 226 commits.

• dfc7316 Sync tag release - 1.11.0
• 622f639 a6ece4b2200e305b761f1ba2a893d8bcc5c5cb52 Fix: Language information being loaded in might not take into account the thousands and decimal separator options if using camelCase style
• be7648d 2fbd02e4f168a5b5a4f5e9a7a935230ffc694e05 Readme: Update package manager section
• 190736d 82e29b70c11f82a33c180362fcb7680f6032a624
• 99d21b5 Include types in package.json and correct folder
• 498cf42 90d756c563582681fce93859952654d814bf1414 Update: Remove `zoom` hacks for IE6
• 90d260e c786a08db6bf6a8cd9b9da1707bc0f776b380483 Fix: CSS for nested DataTable in a scrolling DataTable would have its sorting icons removed
• 42ce8d3 bff756573cff460d180af024046fa12173335650 Example: Add a search-side processing example for `-init search.return`.
• 3fa2389 92eec59cf594ce7aadba5945031e2442c2086136 DEV tweaks to enter key example
• ee3318c b732d779fe8861e16fabf41e83c2b5d7ade6e2b2 new: New initialisation option for search on return.
• 7917d05 f49883e2fd683142fe688f5670908a443d52c856 Fix: Rather than using Bootstrap 5's default row striping (which is 2n+1 based) we need to use the .odd selector to account for injected rows (child rows, rowgroup, etc).
• b2d815b 2c9940c023915984f5325b051af6748a887a8431 DEV tweaks to fuzzy search example
• 9b9b97c 2bef3655d1427404e06a18720ac380ce989dc9b8 new: New example for fuzzySearch - won't work until js file is added to cdn
• feee275 99456a13f37aa243e85d008869439d75f3a4c626 Types: Fix for old style `$().dataTable()` init
• b6fd977 e1c071b8e2b3e4ce6d3e508f4851c3a2c8ee9744 Types: Fix jQuery definitions
• 50892ec 6cd6387e6a0c32c3c83f3a91c34ae3eda4cc5fcb Types: Typing for selectors and passing around the data type more
• a5f82a9 4d9ddb4ac48674f01c432d0488e1884db5308d69 Types: Row data type information can be passed around now
• 33c5891 95508a92b2a5c638afbee859e774cd57dab7e135 Docs: Fix names of new static get/set methods
• 06346bc d34661c11a58978b17afdc27bea78acfc5458444 Fix: Remove superflous aria roles
• 36e7f99 bf1f0eb31dfdc5b9790c597b8c63bf4876d9c03f Docs: Add Bootstrap 5 to `-init dom`
• b47af93 b5287626fe86319a25e1182ddddf8adf17ed7096 Fix: Scrollbar was showing on tables which had a border on the table
• 3df71f3 0c7ee29e8de948282be59f640be0d7214c184cfa TEST updated tests for DD02036
• f074aa4 01128f168f9b2112ea9e565bef0a67d3afcfc1d4 fix: Make requestChild event run before initComplete
• 4814bf6 aef9c8080d64820cf72b1fe957e36bff8688df5f fix: Fix mistake in docs by removing a third parameter documented in requestChild event that does not exist

See the full diff

Package name: jquery-validation

The new version differs by 29 commits.

• 5907740 1.19.5
• 5bbd80d Merge pull request from GHSA-ffmh-x56j-9rc3
• 3d3c1fb Chore: Add CodeQL analysis
• 0da4906 Core: fix deprecated jquery .submit() event shorthand (#2430)
• 1b79877 Localization: Add periods to messages (#2266)
• b68e282 Chore: update changelog
• 3a4cd94 Build: Updating the master version to 1.19.5-pre.
• 91d2098 Build: update release steps
• 69cb17e Core: fix ReDoS vulnerability in url2 (#2428)
• aa5bcdc Chore: update issue templates
• 350f6ae Core: fix validation for input type="date" (#2360)
• 7828568 Gruntfile.js: add LICENSE.md to zip tarball (#2386)
• 3688078 Chore: switch to stale bot github action (#2425)
• f8b0b53 README: update build status badge (#2424)
• 25293cc Test: Switch from Travis to GitHub workflows (#2423)
• 900a90b Core: fix code style (#2422)
• eb88df0 Core: wait for pendingRequests to finish before submitting form (#2369)
• 31ea8ff Fixed bug for Html Editor(summernote) (#2154)
• df89cf0 Create SECURITY.md
• bda9a58 Build: added CVE-2021-21252 reference
• 322a575 Build: Updating the master version to 1.19.4-pre.
• 5d8f29e Core: fixed Regular Expression Denial of Service vulnerability (#2371)
• b8d6646 Localization: Add "pattern" translation for French (#2363)
• b9c793c docs: Fix simple typo, atteched -> attached (#2345)

See the full diff

Package name: jszip

The new version differs by 56 commits.

• 3b98cfc 3.8.0
• 2edab36 Sanitize filenames with `loadAsync` to prevent zip slip attacks
• 1f631b0 Update contributing
• 459ff79 Add tests for utils that remove leading slash
• d4702a7 Merge pull request #541 from PatricSteffen/patch-1
• 2ebb7e8 Merge pull request #737 from satoshicano/update-types-JSZipLoadOptions
• 85c4989 Merge pull request #796 from Stuk/ghci
• 40cc7f4 Add dependency caching
• 5ee321e Install deps needed for Playwright on Github Actions
• eeb841e Remove code and dependencies used for Saucelabs
• e281bc3 Test using Playwright instead of Saucelabs
• f7275e6 Use local qunit files in tests
• 0509c73 Add playwright and http-server
• 2bb0f74 Add names to steps
• a076d64 Add Github Actions PR workflow
• 3f2f0da 3.7.1
• 9f9c33b Updates for 3.7.1
• 5639745 Merge branch 'fix-build'
• e08003e Fix lint
• 79f7691 Revert "Disable proto assert that fails in browsers"
• 89298b9 Update gitignore for Mac, and sort
• 81cb5eb Temporarily update docs for building dist correctly
• e5b3f0d 3.7.0
• e88ba4b Update for version 3.7.0

See the full diff

Package name: pdfmake

The new version differs by 59 commits.

• 8827c9a 0.1.71
• 08d2b3b refresh pdf examples
• 0778858 update pdfkit to 0.12.0
• e720def update Roboto font, version 3.004
• 49377ff Update LICENSE
• 625b160 cleanup in npm release archive
• 4f1fa64 GitHub CI - fix double building
• 0efc03a reformat
• e248dd2 Performance problem when pageBreakBefore for large files used fixed (v0.1) (#2203)
• ecb9efe ignore .idea
• 800aae3 0.1.70
• 1fb9759 fix definition for compatibility with IE11 #2170
• afff197 contributing.md not required in 0.1 branch, normalize composer.json
• e2969bf GitHub Actions 0.1 branch status badge
• 3414e47 fix support node 8
• 78676e3 ignore .github
• e179969 github actions - disable fail-fast
• 5e69351 Merge branch '0.1' of https://github.com/bpampuch/pdfmake into 0.1
• 1597a8d CI GitHub action
• e12124d reformat
• c404252 0.1.69
• dd49fcd fix banner
• ec646e3 refresh pdf examples
• 27d4b1c migrate to terser (related with #1832)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Use of Weak Hash
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn