[Snyk] Fix for 1 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • grid-packages/ag-grid-docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fork-ts-checker-webpack-plugin

The new version differs by 74 commits.

• 5ba6839 Release 5.0.0 ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #445)
• d056616 feat: remove "incremental: true" from ts default options ([Snyk] Fix for 1 vulnerabilities #444)
• 188d44d feat: add issue.scope option ([Snyk] Fix for 1 vulnerabilities #442)
• b865f1d fix: always pass compilation to issues hook ([Snyk] Fix for 1 vulnerabilities #443)
• e812f18 feat: overwrite other fields in tsconfig.json ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #440)
• 2b72fd0 fix: properly disconnect rpc client to be able to reconnect ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #439)
• c4796b2 fix: include files that are outside project context ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #437)
• 1f7ae0d docs: update bug-report template by merging master into alpha branch
• aa8f74d feat: rename tsconfig option to configFile for consistency ([Snyk] Security upgrade serialize-javascript from 2.1.0 to 3.1.0 #436)
• 944e0c9 feat: improve overall typescript performance ([Snyk] Fix for 5 vulnerabilities #435)
• a430979 feat: add `context` option for typescript reporter ([Snyk] Security upgrade gatsby-plugin-sharp from 2.14.0 to 5.10.0 #430)
• 503a948 fix: support webpack multi-compiler ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #431)
• 9b3b9dd feat: add "mode" for typescript reporter ([Snyk] Fix for 22 vulnerabilities #429)
• 2ba396d fix: respect eslint extensions in incremental check
• 8a10ca9 docs: add babel-loader example
• be9cd64 docs: add ts-loader example
• b5d5977 docs: add vscode-tasks example
• e59a8d2 chore: fix github actions release job
• 37b8944 feat: export `version` const for external tools ([Snyk] Fix for 12 vulnerabilities #428)
• 5552f62 docs: update bug template to use eslint, not tslint
• 5665dac feat: change start hook to AsyncSeriesWaterfallHook ([Snyk] Security upgrade @vusion/webfonts-generator from 0.6.1 to 0.8.0 #425)
• 8687c63 feat: support @ vue/compiler-sfc in the vue extension ([Snyk] Security upgrade lerna from 3.22.1 to 5.1.2 #423)
• f277444 fix: remove references to external typings ([Snyk] Security upgrade resemblejs from 3.2.5 to 4.0.0 #422)
• cfcc0fe fix: properly handle import modules with .vue suffix ([Snyk] Fix for 4 vulnerabilities #420)

See the full diff

Package name: ts-loader

The new version differs by 108 commits.

• 218718a drop support for < node 8 and republish 5.4.6 as 6.0.0 (Angular 2 angularCompileRows ag-grid/ag-grid#930)
• 9946fbc v5.4.6
• e13bee2 Update dependencies (Full release notes ag-grid/ag-grid#928)
• a6572ce internal: remove usage of hand crafted webpack typings (getNextTabbedCell ignores editable flag/callback ag-grid/ag-grid#927)
• 48626a9 add common appendTsTsxSuffixesIfRequired function to instance (cellRenderer component using typescript ag-grid/ag-grid#924)
• 0fd623f add node12 to travis build (How to get sortModel when I click header cell? ag-grid/ag-grid#925)
• 77b8471 prepare 5.4.3 release
• 381a6a9 more .npmignore
• 3f8316a don't publish anything but ts-loader (Input field doesn't work in the ROW ag-grid/ag-grid#923)
• ea2fcf9 resolveTypeReferenceDirective support for yarn PnP (When editing cell, keyboard navigation shall be disabled ag-grid/ag-grid#921)
• 4692a22 ts 3.4 tests (Avg Column Aggregation  ag-grid/ag-grid#916)
• dc1dda8 edited broken link in README.md (Fix issue with rowClass not being considered when autoSizing a column. ag-grid/ag-grid#915)
• c1f3c4e update example (Pivot ag-grid/ag-grid#912)
• 4a8df76 Feature/3.3 tests (Conflict between editable cell and custom renderer ag-grid/ag-grid#903)
• 58505c4 drop fast-incremental-builds example (A scroll bar appears after a click on #agMenu ag-grid/ag-grid#901)
• 4354cf8 fixed name of fork-ts-checker-webpack-plugin (Volatile Display on setRowData ag-grid/ag-grid#900)
• 4551893 there's way too many examples (Server Side Aggregation etc ..  ag-grid/ag-grid#899)
• c9b1f31 add probot-stale https://github.com/probot/stale
• 92a2de9 Merge pull request Consider removing id="agHeaderCellLabel" from .ag-header-cell-label elements ag-grid/ag-grid#898 from TypeStrong/example-for-mcolyer
• ff9bc37 example of filter issue for @ mcolyer
• ba6f5c4 Merge pull request [component] allow ghost icon to be a component, so can look similar to cusom headers ag-grid/ag-grid#884 from zerdos/master
• 92f0d70 migrate large comparison test to be execution test (Class for row group doesn't change when the row is expanded contracted ag-grid/ag-grid#896)
• df04a56 release event not available so use push event and filter ([Feature] angular 1.x scope in custom cell editor ag-grid/ag-grid#893)
• 177a985 add first github action! ([Feature] Allow colDef.editable to be defined also per row ag-grid/ag-grid#891)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-dev-server

The new version differs by 17 commits.

• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection ([filter] - allow operands and sub queries ag-grid/ag-grid#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (Allow translating the labels of the aggregation functions (internationalization) ag-grid/ag-grid#1598) (QuickFIlter/ExternalFilter not working with full-width/grouping/master-detail ag-grid/ag-grid#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (Row selection on mousedown ag-grid/ag-grid#1575) (autoSizeColumns only works with ColDef.field, not with ColDef ag-grid/ag-grid#1580)
• 7a3a257 fix(package): update `spdy` v3.4.1...4.0.0 (assertion error) (Unable to get context menu in Pop up editors ag-grid/ag-grid#1491) (gridOptions.paginationAutoPageSize type should be boolean ag-grid/ag-grid#1563)
• 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (Custom grouping with viewport row model ag-grid/ag-grid#1588)
• 55398b5 fix(bin/options): correct check for color support (`options.color`) (Grid doesn't render rows on show/hide ag-grid/ag-grid#1555)
• 927a2b3 fix(Server): correct `node` version checks (VirtualPagingRowModel inconsistent and problematic request behavior ag-grid/ag-grid#1543)
• fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (Copy down is not utilizing processCellFromClipboard ag-grid/ag-grid#1539)
• fe3219f chore(release): 3.1.10
• c12def3 fix(Server): set `tls.DEFAULT_ECDH_CURVE` to `'auto'` (No provision in first column to prevent drag and pinned  ag-grid/ag-grid#1531)
• e719959 fix(package): update `sockjs-client` v1.1.5...1.3.0 (`url-parse` vulnerability) (Range Copy & Paste parsing bugs ag-grid/ag-grid#1537)
• d2f4902 fix(options): add `writeToDisk` option to schema (Missing ag-grid in https://www.webcomponents.org/ ag-grid/ag-grid#1520)
• bb484ad chore(release): 3.1.9
• 8b8b087 chore(package): update `webpack-dev-middleware` v3.3.0...3.4.0 (`dependencies`)
• d0725c9 chore(package): update `webpack-dev-middleware` v3.2.0...3.3.0 (`dependencies`) (Data Export - Include filtered rows ag-grid/ag-grid#1499)
• cbe6813 refactor(package): cross-platform `prepare` script (`scripts`) (Only prevent scroll when gridPanel can scroll ag-grid/ag-grid#1498)

See the full diff

Package name: webpack-stream

The new version differs by 60 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request [Snyk] Fix for 1 vulnerabilities #225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.803.29 to 13.3.10 #235 from marekdedic/webpack-5
• ff485fe Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[secure-code-warrior-for-github]

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior