[Snyk] Fix for 26 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • wp-content/themes/twentynineteen/package.json
  • wp-content/themes/twentynineteen/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	No	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chokidar-cli

The new version differs by 51 commits.

• 42a6ea8 Release 2.1.0.
• 9fac94b Merge pull request Bump shell-quote from 1.7.2 to 1.7.3 in /wp-content/themes/twentytwentyone skillcrush/203-accelerate#89 from XhmikosR/deps
• 85ab77b chokidar 3.2.3
• df61f94 Merge pull request Bump minimist from 1.2.5 to 1.2.6 in /wp-content/themes/twentytwentyone skillcrush/203-accelerate#82 from XhmikosR/eslint
• be51a1d Merge pull request Bump node-fetch from 2.6.1 to 2.6.7 in /wp-content/themes/twentytwenty skillcrush/203-accelerate#87 from XhmikosR/ll
• 8f9e26e Merge pull request Bump jsdom from 16.4.0 to 16.7.0 in /wp-content/themes/twentytwenty skillcrush/203-accelerate#86 from XhmikosR/patch-1
• e2256a2 Add ESLint support.
• 411c257 Tweak README.md
• f05e384 Minor tweaks.
• be15f65 Merge pull request Bump trim-newlines from 3.0.0 to 3.0.1 in /wp-content/themes/twentytwentyone skillcrush/203-accelerate#79 from XhmikosR/npmignore
• e27c41a Merge pull request Bump node-sass from 5.0.0 to 7.0.0 in /wp-content/themes/twentynineteen skillcrush/203-accelerate#78 from XhmikosR/mocha
• 114247d Merge pull request Bump trim-newlines from 3.0.0 to 3.0.1 in /wp-content/themes/twentytwenty skillcrush/203-accelerate#80 from XhmikosR/engines
• badf904 Merge pull request Bump minimist from 1.2.5 to 1.2.6 in /wp-content/themes/twentynineteen skillcrush/203-accelerate#81 from XhmikosR/lint
• 0c22bed Minor lint changes
• 38d57a9 Remove .npmignore.
• af64659 Use 8.10.0 in engines like upstream
• a94b7c5 Update mocha to 6.2.2.
• 8f41440 Merge pull request Bump glob-parent from 5.1.1 to 5.1.2 in /wp-content/themes/twentynineteen skillcrush/203-accelerate#75 from XhmikosR/rm-bluebird
• dadd3e9 Remove bluebird dependency.
• f660fae Update index.js
• b599d66 Update index.js
• adcd70d Update package.json
• fa29f1e Update index.js
• 778de64 Update utils.js

See the full diff

Package name: node-sass

The new version differs by 137 commits.

• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5

See the full diff

Package name: postcss-cli

The new version differs by 37 commits.

• 745ad2c 7.0.0
• cf6ea09 Update eslint config
• ea1cec4 Update eslint-config-problems to version 3.1.0 (#306)
• 1519430 Update globby to version 10.0.1 (#303)
• 5b47456 Update eslint to version 6.8.0 (#305)
• e241672 Update nyc to version 15.0.0 (#297)
• 4a87ff1 Update chalk to version 3.0.0 (#294)
• e666505 Update prettier to version 1.19.1 (#304)
• 0d3591a Update ava to version 2.4.0 (#302)
• cb9f451 Update fs-extra to version 8.1.0 (#301)
• 4f68a46 Update chokidar to version 3.3.0 (#300)
• 5c22ddb Update yargs to version 15.0.2 (#298)
• 79eb0ac Update get-stdin to version 7.0.0 (#273)
• 71384c6 Update Travis config; remove AppVeyor
• 6b92df3 BREAKING: Drop Node 6 & 8; test on new Node versions
• 7091819 6.1.3
• 0de7ccf Fix map file path creation (#286)
• f1c7352 Update prettier to version 1.18.0 (#281)
• 035bab8 Update nyc to version 14.0.0 (#274)
• 541048e Update prettier to version 1.17.0 (#272)
• 8fd79b0 6.1.2
• 72376fc Upgrade prettier to ~1.16.4
• 87a7286 Update globby to v9.0.0 (#270)
• c079cff Test Node 10 & 11

See the full diff

Package name: rtlcss

The new version differs by 23 commits.

• cd0e5cd 3.0.0
• bd4c099 2.6.2
• 80c15f2 set input source to same file in raw directive
• d6dfd3e 2.6.1
• 4994517 deps - remove String.prototype polluting "colors" deep dep (#177)
• ae64631 Update CHANGELOG.md
• 29ce551 2.6.0
• 43d70f3 fix flipping `rotate3d`/enable flipping `rotateY`.
• be838c0 Flip perspective-origin declarations (#167)
• f5afa82 Fix an issue with empty output when `--silent` and `--stdin` flags are used together. (#170)
• 16f477b Bump lodash from 4.17.15 to 4.17.19 (#172)
• a2f9748 use mocha v5
• 77f552b update mocha
• 57b09e5 2.5.0
• 78fd6d3 flip length based `transform-origin` using calc.
• 435a6c8 Closes #156
• feb9e9c Update FUNDING.yml
• 1bd11bb Create FUNDING.yml
• 835ca6c rename variable
• c8ff9fe 2.4.1
• fa56182 update dependencies
• 91825cb ignore white spaces before directive prefix
• 3b47539 Should mirror keyword horizontal position (with value) (#126)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Overwrite
🦉 Arbitrary File Overwrite
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn