[Snyk] Fix for 33 vulnerabilities

[lholmquist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	No	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ember-cli-app-version

The new version differs by 140 commits.

• 3600865 Release 4.0.0
• bf6be87 Re-roll yarn.lock.
• 4961759 Update to latest allowed versions of dependencies.
• ec33b92 Add automated release setup.
• 15a23fe Merge pull request #295 from nlfurniss/upgrade-ember-cli-babel
• 1b5e85a upgrade ember-cli-babel to ^7.0.0
• 2ae42c5 [Security] Bump websocket-extensions from 0.1.3 to 0.1.4
• 11d038f [Security] Bump eslint-utils from 1.3.1 to 1.4.2
• fa35bc1 Bump ember-resolver from 5.1.3 to 5.2.0
• 0aff26b [Security] Bump lodash from 4.17.11 to 4.17.14
• 9234fa4 [Security] Bump lodash.merge from 4.6.1 to 4.6.2
• 9f84b74 Bump eslint-plugin-ember from 6.7.0 to 6.7.1
• 3808ee0 Bump ember-cli-htmlbars from 3.0.1 to 3.1.0
• ad459b9 Bump ember-source from 3.10.2 to 3.11.1 (#152)
• d943312 Bump eslint-plugin-ember from 6.6.0 to 6.7.0
• 5901b27 Bump ember-source from 3.10.1 to 3.10.2
• c8c8f4c Bump eslint-plugin-ember from 6.5.1 to 6.6.0
• 93eb71d Bump ember-source from 3.10.0 to 3.10.1
• 3c61e7b Bump eslint-plugin-ember from 6.5.0 to 6.5.1
• 3e27332 Bump eslint-plugin-ember from 6.4.1 to 6.5.0
• 922ac3e Bump ember-cli-dependency-checker from 3.1.0 to 3.2.0
• 6b6ae2a Bump ember-try from 1.1.0 to 1.2.1
• f5b36cb Bump ember-source from 3.9.1 to 3.10.0
• f22cc60 [Security] Bump tar from 4.4.1 to 4.4.8

See the full diff

Package name: ember-cli-babel

The new version differs by 250 commits.

• 0b83e42 7.0.0
• fcf317f Merge pull request #140 from babel/babel-7
• d01d724 Prevent issues with @ babel/preset-env getting unknown options.
• 1ea60c3 Merge branch 'master' into babel-7
• 6955f46 Drop support for ember-cli < 2.13.
• eb03764 Merge changes from master...
• c58ae85 6.17.0
• 5486b3e Add recent releases to changelog...
• ec3f25c Merge pull request #241 from arthirm/master
• af16202 Bumping broccoli-babel-transpiler
• b4528ff Update test to properly match plugin style.
• 2ea0e47 Remove brittle (and unneeded) tests.
• 9671601 7.0.0-beta.5
• 1167211 Remove stray .only.
• cf8f7ee Fix issue with @ babel/polyfill update.
• b4ea00d 7.0.0-beta.4
• e53e927 Update dependencies.
• 1e494d6 Update babel-polyfill -> @ babel/polyfill.
• 7008a5f Use release version of broccoli-babel-transpiler.
• 932a1d0 Merge pull request #239 from dfreeman/green-tests
• a185133 Get tests passing with throwUnlessParallelizable: true
• 6d11f44 Merge pull request #237 from babel/rwjblue-patch-1
• b96e5cb Use correct preset env...
• f9e4f17 Fix file: reference in package.json.

See the full diff

Package name: ember-cli-htmlbars-inline-precompile

The new version differs by 30 commits.

• ae552eb 0.4.0
• 133cd0a Release 0.4.0 final.
• 705f173 0.4.0-beta.2
• 335e4c5 Update CHANGELOG.
• 62e44bd Update minimum version of babel plugin.
• d86edac 0.4.0-beta.1
• 74fd184 Merge pull request #69 from rwjblue/babel-6
• ffafb16 Remove welcome page.
• 99aad43 Add ember-cli-shims back to ember-source scenario.
• 3ae7891 Update min engine version.
• d8cb4a1 Make function properly for babel@6 version.
• f68e8b6 Update minimum versions of deps and devDeps.
• c18f6d3 fixup! Add babel@6 to devDeps for test harness.
• 8f92b23 Remove unused directories.
• 1e9f66e Set ember-cli to 2.11.1.
• edeceaa Add babel@6 to devDeps for test harness.
• c113ff3 fixup! Update minimum node version.
• 06f4fc7 ES6ify
• 1f9d121 Update for babel@6.
• e157867 Update minimum node version.
• a8e851b Merge pull request #68 from samselikoff/patch-1
• d1763d7 Ensure super call is bounded
• 083ae62 Merge pull request #67 from Turbo87/ci-deploy
• 5fa9b15 CI: Enable automatic NPM deployment for tags

See the full diff

Package name: ember-cli-qunit

The new version differs by 91 commits.

• ce97b77 4.0.0
• a047c12 Update yarn.lock.
• 03d7c2c Update CHANGELOG for 4.0.0.
• b5dbd09 Update minimum version of ember-qunit.
• f16f4d1 Merge pull request #180 from mminkoff/patch-1
• f91e04b don't cover open Module drop-down
• c9c0bbf 4.0.0-beta.1
• c9385f2 Add basic upgrading info to README.
• 127600d Update CHANGELOG.
• e1e96a7 Merge pull request #177 from rwjblue/stuff
• 8f77efd Update associated dependencies to Babel 6.
• 99b18ba Death to `var`!
• a1929f2 Merge pull request #175 from rwjblue/update-babel-6
• ea52fd4 Merge pull request #176 from rwjblue/manual-start
• cf5c5a5 Replace autostart behavior with hook to start tests.
• df6a0e9 Update allowed engines in package.json.
• 4b46471 Update to Babel 6.
• fb8127a 3.1.2
• 1714541 Update CHANGELOG for v3.1.2.
• 8adb7ab Merge pull request #173 from rwjblue/prevent-clobbering
• 161ab87 Bump to node@4 in CI.
• 893d0ff Prevent clobbering custom `this.options.babel`.
• f4cbeb9 3.1.1
• f2f997c Merge pull request #170 from hidnasio/override-height-in-fullscreen

See the full diff

Package name: ember-export-application-global

The new version differs by 7 commits.

• 3641991 Release 2.0.1
• 84999a5 Remove ember-cli-babel dependency.
• 2e335cf 2.0.0
• d8904dd Merge pull request [Snyk] Fix for 1 vulnerabilities #24 from ember-cli/update-babel-6
• cf11f03 Update to Babel 6.
• bf21819 Merge pull request [Snyk] Security upgrade ember-cli from 2.2.0-beta.3 to 2.4.2 #23 from ember-cli/clean-up
• 06605c5 addon cleanup

See the full diff

Package name: ember-resolver

The new version differs by 250 commits.

• 4a4aff7 BUMP changelog
• dcba9a7 release v6.0.0 🎉
• 0a03a9c Merge pull request #449 from ember-cli/upgrades
• fb6ebde upgrade deps
• 06a6be7 Bump ember-load-initializers from 2.1.0 to 2.1.1
• c5e0fa2 Bump ember-cli-inject-live-reload from 2.0.1 to 2.0.2
• 56e4304 Release 5.3.0
• fd8701e Add support for nested colocated components. (#417)
• 28ef51e Add resolution for engine.io.
• a2be8db Upgrade to xenial
• e63891d Add support for nested colocated components.
• 98dc24f [Security] Bump mixin-deep from 1.3.1 to 1.3.2
• 2b698fe Bump ember-load-initializers from 2.0.0 to 2.1.0
• f7e4237 [Security] Bump eslint-utils from 1.3.1 to 1.4.2
• cd2e16b Release 5.2.1
• 307ce67 Add v5.2.1 to CHANGELOG.
• 403bb72 Component and their templates should be normalized the same. (#396)
• 422b1c7 Component and their templates should be normalized the same.
• 6f9793b Bump eslint-plugin-ember from 6.7.1 to 6.8.2
• 910af15 Release 5.2.0
• e9e1b92 Add v5.2.0 to CHANGELOG.md.
• 9ee661c Add components to dasherisation exception (#392)
• 718e066 Bump resolve from 1.11.1 to 1.12.0
• 35890e0 Add components to dasherisation exception

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn