[Snyk] Fix for 3 vulnerabilities

[lholmquist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-concat

The new version differs by 8 commits.

• 9e0f72f 2.0.0
• de2b0e9 Merge pull request #192 from gruntjs/release-2
• 2f2aeff Release docs
• 63a42a8 Merge pull request #191 from gruntjs/update-deps-oct
• 4c4fab8 Update CI
• 71d6edd Update dependencies
• 9054b14 Merge pull request #176 from alexjking/fix-browserify-sourcemap-regex
• b1cf785 fix(sourcemap-regex): fix regex to match browserify sorucemap charset

See the full diff

Package name: grunt-contrib-jshint

The new version differs by 9 commits.

• 2fce871 v2.0.0.
• d9212b7 Document `reporterOutputRelative` option (#268)
• d4fe674 Merge pull request #283 from gruntjs/dev
• 35036cc Update deps, use https, fix failing test.
• f1114ed Update mgol's name in AUTHORS, add .mailmap (#276)
• 39daf69 Removing reference to dead jslinterrors.com site (#279)
• debd964 v1.2.0 (#281)
• 1f3519f Update deps (#280)
• 2d237ee updated package grunt-contrib-internal from 1.1.0 to 1.2.3 (#273)

See the full diff

Package name: grunt-contrib-qunit

The new version differs by 8 commits.

• d186893 Update contrib internal
• b35e7ce feat(headless-chrome): use headless chrome instead of phantomjs (#147)
• 5291472 Add Missing QUnit Link (#142)
• f981d37 Lint tweaks.
• b9522f4 v2.0.0
• f45b682 Remove usage of `QUnit.jsDump`
• 353a7a8 Upgrade qunitjs to 2.3.0 (#123)
• f28e09d adding an Introduction to the README (#140)

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 25 commits.

• a3f3f34 5.2.1
• 3c8d904 Update Readme
• 0850dcd update dependencies (#568)
• c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
• 98b4c5f Fix documentation in relation to issue #565 (#566)
• 7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
• e410511 Update deps, v5.1.0 (#564)
• 2cb31be Update uglify-js to v3.15.2 (#562)
• 12ca0f2 Fix wording in README.md (#560)
• 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
• 0e4b1a0 Update uglify-js (#557)
• 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
• 4e83e45 Update UglifyJS to 3.13.3 (#554)
• 8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
• 14b71da v5.0.0
• 9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
• 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
• b7bcde4 Delete .travis.yml
• cba2631 Delete appveyor.yml
• 3dc53f0 ini github workflow
• f65dbb9 v4.0.1. (#535)
• b33a071 upgrade devDependencies (#536)
• 1e40037 upgrade to uglify-js 3.5.0 (#534)
• 33724cd update links to uglifyJS documentation (#530)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution