[Snyk] Fix for 10 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • grid-packages/ag-grid-docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 71 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (sizeColumnsToFit all the time ag-grid/ag-grid#860)
• e7525c9 test: nested url (Pagination control persists on Ang state change ag-grid/ag-grid#859)
• 7259faa test: css hacks (Adding sortable class to sortable headers ag-grid/ag-grid#858)
• 5e6034c feat: allow to filter import at-rules ([Feature] Expand row to see a list of its details ag-grid/ag-grid#857)
• 5e702e7 feat: allow filtering urls ([Closed] Row styling - rowStyle & rowClass ag-grid/ag-grid#856)
• 9642aa5 test: css stuff (Made autoSizeColumns() to work with cells headers ag-grid/ag-grid#855)
• 3338656 fix: reduce number of require for url (setDatasource(dataSource) doesn't give you datasource on gridoptions ag-grid/ag-grid#854)
• 533abbe test: issue 636 ([column - fix] statically fixed columns, cannot reorder ag-grid/ag-grid#853)
• 08c551c refactor: better warning on invalid url resolution (Made autoSizeColumns() to work with cells that have padding ag-grid/ag-grid#852)
• b0aa159 test: issue [Snyk] Security upgrade gulp from 4.0.2 to 5.0.0 #589 (Invalid column state seems improperly handled in setColumnState ag-grid/ag-grid#851)
• f599c70 fix: broken unucode characters (headerCellTempate not parsing angular directive ag-grid/ag-grid#850)
• 1e551f3 test: issue 286 (support for max-height ag-grid/ag-grid#849)
• 419d27b docs: improve readme (Row Selection during grouping not working properly. ag-grid/ag-grid#848)
• d94a698 refactor: webpack-default (AG-Grid with Golden layout? ag-grid/ag-grid#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (from moving from 3.x to 4.x set data source not working ag-grid/ag-grid#845)
• 8a6ea10 refactor: postcss plugins (Activate context menu without selection of cell or row. ag-grid/ag-grid#844)
• fdcf687 fix: url resolving logic ([Bug/Feature] Filtering and Grouping on Combined Columns ag-grid/ag-grid#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Empty space at the bottom of the grid. ag-grid/ag-grid#842)
• ee2d253 test: importLoaders option ([component - status panel] allow customising of status panel ag-grid/ag-grid#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) ([Feature] suppressRowCopy - so ctrl+c will always copy range, never the rows ag-grid/ag-grid#840)
• fe94ebc test: icss reserved keywords ([search] Highlight searched text ag-grid/ag-grid#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (BUG: Selection count wrong after ungrouping ag-grid/ag-grid#838)

See the full diff

Package name: fork-ts-checker-webpack-plugin

The new version differs by 74 commits.

• 5ba6839 Release 5.0.0 ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #445)
• d056616 feat: remove "incremental: true" from ts default options ([Snyk] Fix for 1 vulnerabilities #444)
• 188d44d feat: add issue.scope option ([Snyk] Fix for 1 vulnerabilities #442)
• b865f1d fix: always pass compilation to issues hook ([Snyk] Fix for 1 vulnerabilities #443)
• e812f18 feat: overwrite other fields in tsconfig.json ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #440)
• 2b72fd0 fix: properly disconnect rpc client to be able to reconnect ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #439)
• c4796b2 fix: include files that are outside project context ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #437)
• 1f7ae0d docs: update bug-report template by merging master into alpha branch
• aa8f74d feat: rename tsconfig option to configFile for consistency ([Snyk] Security upgrade serialize-javascript from 2.1.0 to 3.1.0 #436)
• 944e0c9 feat: improve overall typescript performance ([Snyk] Fix for 5 vulnerabilities #435)
• a430979 feat: add `context` option for typescript reporter ([Snyk] Security upgrade gatsby-plugin-sharp from 2.14.0 to 5.10.0 #430)
• 503a948 fix: support webpack multi-compiler ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #431)
• 9b3b9dd feat: add "mode" for typescript reporter ([Snyk] Fix for 22 vulnerabilities #429)
• 2ba396d fix: respect eslint extensions in incremental check
• 8a10ca9 docs: add babel-loader example
• be9cd64 docs: add ts-loader example
• b5d5977 docs: add vscode-tasks example
• e59a8d2 chore: fix github actions release job
• 37b8944 feat: export `version` const for external tools ([Snyk] Fix for 12 vulnerabilities #428)
• 5552f62 docs: update bug template to use eslint, not tslint
• 5665dac feat: change start hook to AsyncSeriesWaterfallHook ([Snyk] Security upgrade @vusion/webfonts-generator from 0.6.1 to 0.8.0 #425)
• 8687c63 feat: support @ vue/compiler-sfc in the vue extension ([Snyk] Security upgrade lerna from 3.22.1 to 5.1.2 #423)
• f277444 fix: remove references to external typings ([Snyk] Security upgrade resemblejs from 3.2.5 to 4.0.0 #422)
• cfcc0fe fix: properly handle import modules with .vue suffix ([Snyk] Fix for 4 vulnerabilities #420)

See the full diff

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 4.0.0 #265)
• 8c73761 feat: `preprocessor` option ([Snyk] Security upgrade webpack from 4.46.0 to 5.0.0 #263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update ([Snyk] Fix for 1 vulnerabilities #260)
• 9835bde feat: supports `link:href` attribute for css ([Snyk] Fix for 1 vulnerabilities #258)
• 7af2eff refactor: improve schema ([Snyk] Fix for 2 vulnerabilities #257)
• 98412f9 docs: `filter` sources ([Snyk] Fix for 1 vulnerabilities #256)
• ff0f44c feat: implement the `filter` option for filtering some of sources ([Snyk] Fix for 1 vulnerabilities #255)
• 1c24662 refactor: move the `root` option under the `attributes` option ([Snyk] Fix for 1 vulnerabilities #254)
• 888b8fe docs: add footnote for `-attributes` ([Snyk] Fix for 1 vulnerabilities #252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #253)
• 9e5ce56 perf: improve source parse ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #251)
• c9c8dad refactor: improve source parse ([Snyk] Fix for 1 vulnerabilities #250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters ([Snyk] Fix for 1 vulnerabilities #244)
• 24b0427 fix: parser tags and attributes according spec ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: html-webpack-plugin

The new version differs by 139 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: jsdom

The new version differs by 250 commits.

• 74a8d1e Version 16.6.0
• f51f2ec Remove the dependency on request
• 2b6d5ae Update dependencies
• b72b33b Disable now-crashing canvas test
• 39b7972 Handle null and undefined thrown as exceptions
• 04f6c13 Add ParentNode.replaceChildren() (GridCell class is removed ???? ag-grid/ag-grid#3176)
• e4c4004 Version 16.5.3
• 2f41466 Fix MutationObserver infinite loop bugs (Arrow key - navigation bug ?? ag-grid/ag-grid#3173)
• b232f2a Run partially-failing WPTs in the custom-elements directory
• 35e103e Run partially-failing WPTs in the cors directory
• 77b660a Run partially-failing WPTs in the FileAPI directory
• d8a245f Use `InnerHTML` mixin for `innerHTML` definition (is it possible to add nullComparator only for not equal value ag-grid/ag-grid#2981)
• bd50bbe Version 16.5.2
• d5cfd69 Fix event handler ObjectEnvironment instantiation
• 93e3d4a Remove vestigial concurrentNodeIterators option-passing
• c92f9c1 Check all associated elements for form validity
• 2202703 Fix failing WPTs calculation
• 21c7671 Upgrade dependencies
• c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
• a13d854 Use WeakRefs for NodeIterator tracking when supported
• fdf97d8 Fix radio/checkbox to not fire events when disconnected
• 761d8cc Refactor <output>
• b36d418 Make customElements.whenDefined() resolve with the constructor
• c5d13bb Remove a variety of redundant to-port tests

See the full diff

Package name: node-sass

The new version differs by 38 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (Error while executing setColumnState() ag-grid/ag-grid#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (hidden cells are not editable when grid has horizontal scroll ag-grid/ag-grid#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (ComboBox in Aggrid Cell ag-grid/ag-grid#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (cellStyle with text-decoration isn't parsed correctly and breaks ag-grid/ag-grid#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (AG-3222 Fix/reactnext renderer timeout ag-grid/ag-grid#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (increase timeout for MOUSEOUT_HIDE_TOOLTIP and DEFAULT to 30000 ag-grid/ag-grid#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (filter doesn't work with server side row model ag-grid/ag-grid#3149)
• e80d4af chore: Drop EOL Node 15 (onCellValueChanged validate data using FETCH call to server. ag-grid/ag-grid#3122)
• d753397 feat: Add Node 17 support (Using Enterprise version in a SaaS application with unknown number of servers ag-grid/ag-grid#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 2 commits.

• 29c44fb 6.0.0
• 51313e4 feat(deps): upgrade cssnano and postcss major version

See the full diff

Package name: protractor

The new version differs by 77 commits.

• 5d8da04 chore(release): version bump to 6.0.0 and update the changelog
• d777738 chore(tests): circleci - chrome 69 requires chromdriver to 2.44 (Delete .idea directory ag-grid/ag-grid#5182)
• 3d50b68 chore(deps): update based on npm audit
• e478ba8 chore(release): bump version to 6.0.1-beta
• 7054827 chore(types): fix types to use not @ types/selenium-webdriver (AG-6677 - Better null/undefined handling for scatter series charts. ag-grid/ag-grid#5127)
• 2e5c2e6 chore(jasmine): prevent random execution order in jasmine 3 (AG-6733 - Fix pivot column agg values ag-grid/ag-grid#5126)
• 8afc4e2 chore(release): release 6.0.0-beta and update the changelog
• 5fd711c chore(webdriver-manager): use webdriver-manager@13.0.0-beta
• 96ae17c deps(jasmine): upgrade jasmine 3.3 (fix peerDependencies ag-grid/ag-grid#5102)
• 68491dd chore(expectedConditions): update generic Function typings (AG-5629 - Delta sorting ag-grid/ag-grid#5101)
• cf43651 chore(debugprint): convert debugprint to TypeScript (Ag grid custom pagination option is missing ag-grid/ag-grid#5074)
• d213aa9 deps(selenium): upgrade to selenium 4 (AG-6666 - Fix charts SonarCloud high priority issues ag-grid/ag-grid#5095)
• 4672265 chore(browser): remove timing issues with restart and fork (this.cellComp is undefined in CellCtrl.createCellRendererParams with AgGridReact ag-grid/ag-grid#5085)
• b4dbcc2 chore(elementexplorer): remove explorer bin file (autoHeight + wrapText in print layout creates a redraw rows loop  ag-grid/ag-grid#5094)
• 7de6d85 docs(api): update examples to use async/await (Ag-Grid will not keep a custom component registered in Cell Renderer, rendered when scrolling the main window ag-grid/ag-grid#5081)
• 1b2036e typings(selenium): try out new version of typings (SSRM Expandable Pivot Column Groups ag-grid/ag-grid#5084)
• befb457 chore(bin): update webdriver-manager require to use the cli (AG-6119 - Fix Integrated Charts proxy override of cursor style unless necessary. ag-grid/ag-grid#5093)
• 509f1b2 deps(latest): upgrade to the gulp and typescript (AG-6674 - Fix sparklines label fontSize type ag-grid/ag-grid#5089)
• 2def202 deps(webdriver-manager): use replacement (Fix errors due to this.cellComp being undefined in refreshCell ag-grid/ag-grid#5088)
• 9d510db chore(test): remove jasmine addMatcher test (AG-4571 reset column ordering when new secondary columns are added ag-grid/ag-grid#5072)
• 6522e40 chore(cleanup): clean up imports and wdpromises (AG-2168 - Improved SSRM example ag-grid/ag-grid#5073)
• 3b8f263 chore(ignoreSynchornization): clean up to use waitForAngularEnabled (Charts API reference, theme reference and API explorer docs pages ag-grid/ag-grid#5071)
• ffa3519 chore(debugger): remove debugger and explore methods (AG-6654 - Charts API Explorer Caching + Visual Improvements ag-grid/ag-grid#5070)
• 0f7a38a chore(test): error tests fixed (AG-2168 - Remove SSRM example ag-grid/ag-grid#5069)

See the full diff

Package name: ts-loader

The new version differs by 108 commits.

• 218718a drop support for < node 8 and republish 5.4.6 as 6.0.0 (Angular 2 angularCompileRows ag-grid/ag-grid#930)
• 9946fbc v5.4.6
• e13bee2 Update dependencies (Full release notes ag-grid/ag-grid#928)
• a6572ce internal: remove usage of hand crafted webpack typings (getNextTabbedCell ignores editable flag/callback ag-grid/ag-grid#927)
• 48626a9 add common appendTsTsxSuffixesIfRequired function to instance (cellRenderer component using typescript ag-grid/ag-grid#924)
• 0fd623f add node12 to travis build (How to get sortModel when I click header cell? ag-grid/ag-grid#925)
• 77b8471 prepare 5.4.3 release
• 381a6a9 more .npmignore
• 3f8316a don't publish anything but ts-loader (Input field doesn't work in the ROW ag-grid/ag-grid#923)
• ea2fcf9 resolveTypeReferenceDirective support for yarn PnP (When editing cell, keyboard navigation shall be disabled ag-grid/ag-grid#921)
• 4692a22 ts 3.4 tests (Avg Column Aggregation  ag-grid/ag-grid#916)
• dc1dda8 edited broken link in README.md (Fix issue with rowClass not being considered when autoSizing a column. ag-grid/ag-grid#915)
• c1f3c4e update example (Pivot ag-grid/ag-grid#912)
• 4a8df76 Feature/3.3 tests (Conflict between editable cell and custom renderer ag-grid/ag-grid#903)
• 58505c4 drop fast-incremental-builds example (A scroll bar appears after a click on #agMenu ag-grid/ag-grid#901)
• 4354cf8 fixed name of fork-ts-checker-webpack-plugin (Volatile Display on setRowData ag-grid/ag-grid#900)
• 4551893 there's way too many examples (Server Side Aggregation etc ..  ag-grid/ag-grid#899)
• c9b1f31 add probot-stale https://github.com/probot/stale
• 92a2de9 Merge pull request Consider removing id="agHeaderCellLabel" from .ag-header-cell-label elements ag-grid/ag-grid#898 from TypeStrong/example-for-mcolyer
• ff9bc37 example of filter issue for @ mcolyer
• ba6f5c4 Merge pull request [component] allow ghost icon to be a component, so can look similar to cusom headers ag-grid/ag-grid#884 from zerdos/master
• 92f0d70 migrate large comparison test to be execution test (Class for row group doesn't change when the row is expanded contracted ag-grid/ag-grid#896)
• df04a56 release event not available so use push event and filter ([Feature] angular 1.x scope in custom cell editor ag-grid/ag-grid#893)
• 177a985 add first github action! ([Feature] Allow colDef.editable to be defined also per row ag-grid/ag-grid#891)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (Cannot access service in CellRenderer ag-grid/ag-grid#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (Filter reset using setFilterModel(null) not working with remote data/virtual paging ag-grid/ag-grid#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (how to set grid height dynamically based on row count? ag-grid/ag-grid#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Any way to prevent cells in a column from being destroyed when calling setRowData()? ag-grid/ag-grid#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Set Cursor at the end of text. ag-grid/ag-grid#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (prevent doubleclick editing of cells ag-grid/ag-grid#1254)
• a7cba2f chore: project maintanance and typescript fix (export to excel ag-grid/ag-grid#1247)
• 7748472 chore: ignore package-lock.json and remove its references (sizeColumnsToFit not working if we call that api from column moved event ag-grid/ag-grid#1252)
• a014aa7 docs: fix supported arguments & commands link in README (Add row without redrawing existing ag-grid/ag-grid#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (double Click is not working on cell of ag-grid. ag-grid/ag-grid#1238)
• 6cc6a49 chore: post refactor CLI (Scroll to row programatically with virtual paging/infinite scrolling. ag-grid/ag-grid#1237)
• 358651e chore: move cli under lerna package (forPrint option breaks ag-grid ag-grid/ag-grid#1225)
• 2dc495a fix(init): fix webpack config scaffold (disable ag-grid ag-grid/ag-grid#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (Filter popup is unaligned and remains visible on horizontal scroll ag-grid/ag-grid#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (Debounce for filter input ag-grid/ag-grid#1232)
• f6dc680 tests(loader-generator): add tests for loader generator ([angular1] Angular 1.X Scope Based Child Grid not getting destroyed (Memory Leak) ag-grid/ag-grid#1234)
• 35d1381 tests(generator): enable init generator test (Cell Editor Documentation Typo ag-grid/ag-grid#1233)
• 66cdcb6 chore(generator): remove transpiled tests (processCellCallback ag-grid/ag-grid#1229)
• f29a170 fix(init): fix the invalid package name ([select editor] allow providing keys and values to selectCellEditor ag-grid/ag-grid#1228)
• 8c3a66d chore(cli): updated changelog of v3 (sizeColumnsToFit issue ag-grid/ag-grid#1224)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (Excel Export Line Number and Column Alphabets font size is bigger ag-grid/ag-grid#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (Support Column flex to fill the entire available space even after it was moved or swapped ag-grid/ag-grid#3675)
• 1768d6b fix: initial reloading for lazy compilation (suppressCount does not work when groupUseEntireRow = true ag-grid/ag-grid#3662)
• 4f5bab1 docs: improve examples (ag-grid export as CSV is displaying [object object] in csv file but loads good in table. ag-grid/ag-grid#3672)
• f2d87fb fix: improve https CLI output (ag-grid-angular cell value not binding automatically ag-grid/ag-grid#3673)
• 0277c5e chore: remove redundant console statements (Question: When can we find Ag Grid's Next Release Date? ag-grid/ag-grid#3671)
• 16fcdbc docs: add `ipc` example (Fix NPE when using row group edit ag-grid/ag-grid#3667)
• 8915fb8 test: add e2e tests for built in routes (Column flex issue - jumps/glitches on official examples ag-grid/ag-grid#3669)
• 4d1cbe1 docs: ask `version` information in issue template (Is it possible to style the dragged element of the columns? ag-grid/ag-grid#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (Some column events can't be bound with column definitions ag-grid/ag-grid#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (tool panel performance issue in IE 11 ag-grid/ag-grid#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (Tree data aggregate column set filter not working ag-grid/ag-grid#3660)
• d8bdd03 test: fix stability (ag-grid-enteprise with noImplicitAny: Could not find a declaration file for module  ag-grid/ag-grid#3661)
• 22b1414 refactor: remove `killable` (Missing exports for /filter/provided ag-grid/ag-grid#3657)
• 75bafbf test: add e2e tests for module federation (Comparator not responding in ag-grid ag-grid/ag-grid#3658)
• 493ccbd chore(deps): update `ws` ("agSetColumnFilter" breaks application  ag-grid/ag-grid#3652)
• ae8c523 test: add e2e test for universal compiler (enableCellTextSelection does not exist on 'GridOptions' ag-grid/ag-grid#3656)
• f94b84f chore(deps): update (Allow navigating to non-editable cell by tab when editing=true ag-grid/ag-grid#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (When switching themes dynamically icons are not displaying ag-grid/ag-grid#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (Context menu enhancement ag-grid/ag-grid#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (Export Data As Excel - Turn on Filter in Excel ag-grid/ag-grid#3613)

See the full diff

Package name: webpack-stream

The new version differs by 60 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request [Snyk] Fix for 1 vulnerabilities #225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.803.29 to 13.3.10 #235 from marekdedic/webpack-5
• ff485fe Merge pu...

[secure-code-warrior-for-github]

Micro-Learning Topic: Regular expression denial of service (Detected by phrase)

Matched on "Regular Expression Denial of Service"

What is this? (2min video)

Denial of Service (DoS) attacks caused by Regular Expression which causes the system to hang or cause them to work very slowly when attacker sends a well-crafted input(exponentially related to input size).Denial of service attacks significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability.

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Weak input validation (Detected by phrase)

Matched on "Improper Input Validation"

Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

Helpful references

• OWASP Top Ten 2021 A03: Injection - OWASP Top Ten articles provide basic techniques to protect against these high risk problem areas, and guidance on where to go next.
• OWASP Injection Prevention Cheat Sheet in Java - This article is focused on providing clear, simple, actionable guidance for preventing injection flaws in your Java applications.
• OWASP Input Validation Cheat Sheet - This cheatsheet is focused on providing clear, simple, actionable guidance for preventing injection and input validation flaws in your applications.
• OWASP Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing injection flaws in your applications.
• OWASP Top Ten Proactive Controls 2018 C5: Validate All Inputs - Detailed article on input validation as a programming technique for ensuring that only properly formatted data may enter a software system component.

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Server-side request forgery (Detected by phrase)

Matched on "Server-side Request Forgery"

What is this? (2min video)

Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.

Try a challenge in Secure Code Warrior