[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HTMLTOTEXT-571464	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-cssmin

The new version differs by 6 commits.

• 5404a77 Update clean-css to v4.1.1.
• f3e3987 Set required Node.js version to >=4 since clean-css 4.x requires that.
• 22471fe Update URL to clean-css repo.
• e6b2d72 Merge pull request Why do not function lang-matlab.js googlearchive/code-prettify#281 from gruntjs/cleancss4
• c4aa531 v2.0.0.
• 47e6ed6 Update clean-css to ~4.0.3.

See the full diff

Package name: html-to-text

The new version differs by 78 commits.

• f277a07 Version bumped to 6.0.0
• ecf344c Tidy up the changelog [ci skip]
• b5ec48c npm badges [ci skip]
• 9987864 Codeclimate - don't use eslint plugin at all [ci skip]
• e5912e7 Update Travis config
• 8fb71fc Codeclimate - attempt 4 to fix eslint checks [ci skip]
• f41d013 Codeclimate - attempt 3 to fix eslint checks [ci skip]
• 6c7526b Codeclimate - attempt 2 to fix eslint checks [ci skip]
• f87c5af Codeclimate - attempt to fix eslint checks [ci skip]
• e8e5fe5 Codeclimate - eslint version [ci skip]
• a15ac45 Codeclimate config update [ci skip]
• 58b84c2 Contributors
• 6b37a99 Tidy up the license
• 8bc501d Link from Readme to Changelog
• ffc735f Note about the repo move
• 465786f Update repository links
• ccfac06 Changelog - missing change note [ci skip]
• a48400e Fix typo
• ccecba4 Maximum input length limit
• 4d57bf4 Update changelog
• 27cce50 Update readme
• 939baa3 Rewritten formatting, block-level tags, reorganized options, ...
• fc45e3b Change from "prepare" to "prepublishOnly"
• 304070c Let CLI tests more time for slow machines

See the full diff

Package name: zombie

The new version differs by 75 commits.

• 5c8b27c 6.1.0
• 3d98232 Updated dependencies
• 2fa3d74 Merge pull request #978 from pscheit/invalid-script-tags
• ee2ddfe Merge pull request #1023 from jamespic/master
• 96deafe Merge pull request #1038 from jagoda/fix-redirect
• d0c5577 Merge pull request #1016 from PLPeeters/cookie-mem-leak-fix
• 836b6a4 Merge pull request #1037 from frzng/fetch-arr-obj-headers-fix
• 5cf393e Merge branch 'master' of https://github.com/assaf/zombie
• aeb8eb6 Updated CHANGELOG
• 27fab1e Merge pull request #1138 from vladgurgov/issue-1137
• c9ef182 Merge pull request #1055 from jliuhtonen/master
• 4c1b2ec Merge pull request #1107 from krolow/patch-1
• da2bac4 Merge branch 'master' into pr/1138
• 03839e9 Updated CHANGELOG
• b6c78c9 Merge pull request #1153 from StefanoDeVuono/801-event-target-dataset
• 64f6688 added jsdomQueue test
• 6bde9bc fixes eventloop timing problems (jsdomQueue) and streamlines impl.js file
• ca83040 Merge branch 'master' into 801-event-target-dataset
• 8d52344 Merge pull request #1154 from lrmunoz/master
• 0bfcd3b comment clean up
• bbb9382 new mocha syntax
• 4c2b49d Merge pull request #1157 from nokane/doc/no/browser
• 68a02d1 doc: Add documentation for browser.source and browser.html()
• db742e5 Updated changelog

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic