[Snyk] Fix for 24 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • coreui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @vue/cli-plugin-e2e-nightwatch

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (#6964)
• a2b6409 feat: add build stats hash support (#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-plugin-unit-jest

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (#6964)
• a2b6409 feat: add build stats hash support (#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-service

The new version differs by 250 commits.

• 92d80a8 v5.0.1
• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (#6964)
• a2b6409 feat: add build stats hash support (#6980)

See the full diff

Package name: axios

The new version differs by 115 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: chromedriver

The new version differs by 31 commits.

• 9cd029d Update axios and del
• a6f5577 Bump to version 87.0.2
• 3c50e7e Honor proxy environment variables. Fixes #290
• af4a0f5 Bump version to 87.0.1
• 469dd0a let it works in mac book m1
• afe2b93 Add Node 15 to build matrix
• d6cba85 Bump version to 87
• e4c836e Remove .travis.yml from npm package
• 5ff4a1e Update Chromedriver to 86
• d5c1586 Remove Node.js 13 from build pipelines
• 3a065fe use driver v85 with patch fix
• e8fbe23 update default driver version to 85.x, bump module to 85.0.0
• 2afecb4 Ignore TS2350 for HttpsProxyAgent
• fc10462 Bump version to 84.0.1
• ebb2403 [update-https-proxy-lib] Update https-proxy-agent lib to v5
• 87dd877 Bump version to 84.0.0
• 6743dda Ignore ts errors on https agent options
• 53f45cc Bump version to 83.0.1
• db955c7 Introduced workaround for https-url combined with a proxy.
• 29496b6 Fix AzDO badge link
• 467f110 Bring Travis back and remove Shippable
• fcc6296 Change branch config for shippable
• 6b836de Move default branch to main
• eceae58 Bump version to 83.0.0

See the full diff

Package name: node-sass

The new version differs by 90 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn