[Snyk] Fix for 17 vulnerabilities

[lholmquist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ember-ajax

The new version differs by 250 commits.

• 9f7a058 chore(release): 5.1.2
• b24279f Merge pull request #463 from boris-petrov/use-object-assign
• 5175d40 fix: resolve `ember-polyfills.deprecate-assign` deprecation warnings
• 5520bdf v5.1.1
• b818a9f v5.1.0
• 1b7a0f3 chore: update ignore files
• 77fbbb9 Merge pull request #459 from Turbo87/gh-actions
• 5fb626d chore: remove TravisCI config
• 903b5eb chore: add GitHub Actions config
• 597afc3 chore: change `ember-data` dependency to `~3.1.1`
• a499159 Merge pull request #454 from abrahamspaa/vulnerable-fix
• d44a567 Merge pull request #452 from boris-petrov/fix-ember-deprecation
• b1e1952 bump version najax
• 4dcd0f4 vulnerable fix
• a61cba6 Fix deprecated usage of `run.join`
• c178c5e Merge pull request #440 from jamescdavis/fix_ajax-request_mixin_public_property_types
• 2e2b0c5 fix: types on public properties in ajax-request mixin
• 838de17 Merge pull request #438 from boris-petrov/add-new-lts-releases-to-ci
• 78c3587 test: add Ember 3.4 and 3.8 to Travis
• 9de754a chore(release): 5.0.0
• bcebe35 Merge pull request #435 from Turbo87/ember-3.8
• a52533b Merge pull request #436 from Turbo87/ie11
• 57dc203 fix: always run tests in IE11 mode
• 2617549 chore: update `ember-source` to v3.8.0

See the full diff

Package name: ember-cli-htmlbars-inline-precompile

The new version differs by 250 commits.

• 398686f Release 3.0.2
• 795cb9a Merge pull request #408 from ember-cli/cache-lazily
• a8c3398 Make cacheKey calculation lazy
• 4a5c196 Drop documentation from README.
• 21645c7 [Security] Bump node-fetch from 2.6.0 to 2.6.1
• 7d1260c [Security] Bump http-proxy from 1.18.0 to 1.18.1
• 6ed45ef [Security] Bump dot-prop from 4.2.0 to 4.2.1
• 82d21b6 Bump @ ember/optional-features from 0.7.0 to 1.3.0
• 3570d96 Bump eslint-plugin-node from 9.2.0 to 11.1.0
• 95fc3d5 [Security] Bump websocket-extensions from 0.1.3 to 0.1.4
• 12ba58c [Security] Bump handlebars from 4.4.0 to 4.7.6
• e6862be [Security] Bump jquery from 3.4.1 to 3.5.0
• 30e19c0 [Security] Bump acorn from 7.1.0 to 7.1.1
• b5aa14c Bump ember-cli-babel from 7.12.0 to 7.14.1
• 1bd9e9d Bump qunit-dom from 0.9.1 to 0.9.2
• 8d15287 Bump lerna-changelog from 0.8.2 to 0.8.3
• 9e86687 Bump eslint-plugin-ember from 7.4.0 to 7.5.0
• 6d83ba0 Bump ember-try from 1.2.1 to 1.3.0
• 7cc5b5d Bump eslint-plugin-ember from 7.2.0 to 7.4.0
• 32f58a8 Bump qunit-dom from 0.9.0 to 0.9.1
• e2608bf Bump ember-source-channel-url from 1.1.0 to 2.0.1
• be42171 Bump eslint from 6.5.1 to 6.6.0
• d147af2 Bump ember-cli-htmlbars from 3.1.0 to 4.0.8 (#332)
• 2ce08fa Bump eslint-plugin-ember from 6.10.1 to 7.2.0 (#333)

See the full diff

Package name: ember-cli-qunit

The new version differs by 155 commits.

• 4ad1af2 release v4.4.0 🎉
• f4bd36b Merge pull request #212 from ember-cli/upgrade
• f32d88a bump ember-qunit
• 63ac2f2 Merge pull request #210 from samselikoff/upgrade-ember-qunit
• 300b36c Upgrade ember-qunit
• d3dc0f4 v4.3.2
• f4897da Add v4.3.2 to CHANGELOG.md.
• c3a2396 Update ember-qunit to v3.3.2.
• ac4ea28 v4.3.1
• 57b348a Add v4.3.1 to CHANGELOG.md.
• d92bb44 Merge pull request #204 from rwjblue/update-dependencies
• bc11e3a Fix issue with Chrome + Travis & setuid...
• f854e86 Update ember-qunit to latest version.
• 45dd8ec Update ember-cli-babel to latest version.
• 7f5ab89 Merge pull request #200 from kategengler/update-release-md
• 29e8b50 Remove bit about creating github releases, that hasn't been done for a
• 221a2d1 Update RELEASE.md for lerna-changelog & travis deploy
• 8bc7d15 v4.3.0
• 4f7d32e Add v4.3.0 to CHANGELOG.md.
• 371b9fa Update minimum version of ember-qunit to 3.3.0.
• f9da916 Update packages to latest allowed versions.
• 4d418f4 Update yarn.lock to match package.json.
• 497420c v4.2.1
• 9a48900 Add v4.2.1 to CHANGELOG.md.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Command Injection