[Snyk] Fix for 76 vulnerabilities

[Omrisnyk]

Snyk has created this PR to fix 76 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• large-file/package.json
• large-file/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Poisoning SNYK-JS-QS-3153490	****
	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	****
	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	****
	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	****
	Information Exposure SNYK-JS-SANITIZEHTML-6256334	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	****
	Prototype Pollution SNYK-JS-SETVALUE-1540541	****
	Prototype Pollution SNYK-JS-SETVALUE-450213	****
	Improper Privilege Management SNYK-JS-SHELLJS-2332187	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	****
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	****
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	****
	Arbitrary File Write SNYK-JS-TAR-1579147	****
	Arbitrary File Write SNYK-JS-TAR-1579152	****
	Arbitrary File Write SNYK-JS-TAR-1579155	****
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	****
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	****
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	****
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	****
	Denial of Service (DoS) SNYK-JS-WS-7266574	****
	Prototype Pollution SNYK-JS-Y18N-1021887	****
	Code Injection SNYK-JS-LODASH-1040724	239
	Code Injection SNYK-JS-LODASHES-2434284	239
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	235
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	224
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	224
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	224
	Denial of Service (DoS) npm:ws:20171108	220
	Prototype Pollution SNYK-JS-PATHVAL-596926	190
	Prototype Pollution SNYK-JS-LODASHES-2434283	189
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GETFUNCNAME-5923417	187
	Prototype Pollution SNYK-JS-JSON5-3182856	179
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	169
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ES5EXT-6095076	169
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159
	Prototype Pollution SNYK-JS-ASYNC-2441827	159
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	159
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	159
	Prototype Pollution SNYK-JS-LODASHES-2434290	152
	Prototype Pollution SNYK-JS-INI-1048974	151
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	150
	Prototype Pollution SNYK-JS-LODASHES-2434285	150
	Prototype Pollution SNYK-JS-LODASHES-2434287	149
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	141
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434286	133
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	124
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	124
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	115
	Directory Traversal SNYK-JS-MOMENT-2440688	114
	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	114
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	112
	Information Exposure SNYK-JS-NODEFETCH-2342118	104
	Denial of Service SNYK-JS-NODEFETCH-674311	101
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	63
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	63
	Prototype Pollution SNYK-JS-MINIMIST-2429795	59
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	58
	Improper Input Validation SNYK-JS-POSTCSS-5926692	49
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	45
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	45
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	45

Release notes

Package name: @babel/cli

• 7.7.0 - 2019-11-05
  

  v7.7.0 (2019-11-05)

  👓 Spec Compliance

  • babel-types
    • #10621 throw a TypeError if identifier validation fails. (@ dentrado)
  • babel-parser
    • #10559 fix: Exclude catch clause from let identifier error. (@ gonzarodriguezt)
    • #10567 [parser] Exception to 8 and 9 in tagged template. (@ pnowak)
    • #10532 Allow duplicate __proto__ keys in patterns, simple case (#6705). (@ alejo90)

  🚀 New Feature

  • babel-generator, babel-helper-create-class-features-plugin, babel-parser, babel-plugin-transform-typescript, babel-preset-typescript, babel-types
    • #10545 Add support for TS declare modifier on fields. (@ nicolo-ribaudo)
  • babel-core, babel-parser, babel-preset-typescript
    • #10363 @ babel/parser error recovery. (@ nicolo-ribaudo)
  • babel-core
    • #10599 Add support for .cjs config files. (@ nicolo-ribaudo)
    • #10501 Add support for babel.config.json. (@ devongovett)
    • #10361 feat: if code frame error is on a single line, highlight the whole path. (@ SimenB)
  • babel-plugin-syntax-top-level-await, babel-preset-env
    • #10573 Create @ babel/plugin-syntax-top-level-await. (@ nicolo-ribaudo)
  • babel-helper-builder-react-jsx, babel-plugin-transform-react-jsx, babel-preset-react
    • #10572 [transform-react-jsx] Add useSpread option to transform JSX. (@ ivandevp)
  • babel-generator, babel-parser, babel-plugin-proposal-decorators, babel-plugin-syntax-flow, babel-types
    • #10344 Flow enums parsing. (@ gkz)
  • babel-plugin-transform-function-name, babel-plugin-transform-modules-umd, babel-preset-env
    • #10477 Changes UMD callsite to be more likely to pass in the intended object.. (@ MicahZoltu)
  • babel-parser
    • #10449 Create parser plugin "topLevelAwait". (@ nicolo-ribaudo)
    • #10521 [parser] Enable "exportNamespaceFrom" by default. (@ nicolo-ribaudo)
    • #10483 [parser] Add support for private fields in TypeScript. (@ nicolo-ribaudo)
  • babel-generator, babel-parser, babel-types
    • #10543 add assertions signature for TypeScript. (@ tanhauhau)
  • babel-cli, babel-register
    • #8622 Make dir for babel --out-file. (@ TrySound)
  • babel-cli
    • #10399 Closes #8326, add back --quiet option.. (@ chris-peng-1244)

  🐛 Bug Fix

  • babel-helpers, babel-plugin-proposal-async-generator-functions, babel-plugin-proposal-function-sent, babel-preset-env
    • #10422 Correctly delegate .return() in async generator. (@ nicolo-ribaudo)
  • babel-helper-module-transforms, babel-plugin-transform-modules-commonjs
    • #10628 Don't throw when destructuring into a var named as an import. (@ nicolo-ribaudo)
  • babel-plugin-transform-modules-systemjs
    • #10638 fix: remove ExportNamedDeclaration when the specifier is empty. (@ JLHwung)
  • babel-parser
    • #10631 [TS] Parse calls with type args in optional chains. (@ nicolo-ribaudo)
    • #10607 fixed missing errors on assignment pattern in object expression. (@ vivek12345)
    • #10594 [parser] Parse only modifiers of actual methods. (@ gonzarodriguezt)
  • babel-plugin-transform-typescript
    • #10555 [TS] Correctly transform computed strings and templates in enums. (@ nicolo-ribaudo)
  • babel-core
    • #10623 Fix: inputSourceMap should work when it is an external file. (@ JLHwung)
    • #10539 fix: remove filename annotation in buildCodeFrameError. (@ JLHwung)
  • babel-plugin-proposal-decorators
    • #10578 [decorators] fix: support string literal properties. (@ mwhitworth)
  • babel-helpers, babel-plugin-proposal-dynamic-import, babel-plugin-transform-modules-commonjs, babel-preset-env
    • #10574 fix: _interopRequireWildcard should only cache objects. (@ samMeow)
  • babel-traverse
    • #9777 [traverse] Allow skipping nodes inserted with .replaceWith(). (@ nicolo-ribaudo)
  • babel-preset-env
    • #10146 Inject core-js@3 imports in Program:exit instead of on post(). (@ nicolo-ribaudo)
  • babel-generator
    • #10519 Fix generator missing parens around an arrow returning function type. (@ existentialism)
  • babel-plugin-transform-async-to-generator, babel-preset-env, babel-traverse
    • #9939 Don't use args rest/spread to hoist super method calls. (@ nicolo-ribaudo)

  💅 Polish

  • babel-plugin-transform-classes, babel-plugin-transform-regenerator, babel-preset-env
    • #9481 [preset-env] Don't use async-to-generator when already using regenerator. (@ nicolo-ribaudo)
  • babel-helpers, babel-plugin-transform-modules-commonjs, babel-preset-env
    • #10585 fix(babel‑helpers/interopRequireWildcard): Avoid double nullish check. (@ ExE-Boss)
  • babel-register
    • #10557 fix: disable caching when babel could not read/write cache. (@ JLHwung)

  🏠 Internal

  • babel-cli, babel-node
    • #10619 chore: remove output-file-sync dependency. (@ JLHwung)
  • babel-register
    • #10614 chore: bump source-map-support to 0.5.14. (@ JLHwung)
  • babel-helper-create-regexp-features-plugin, babel-plugin-proposal-unicode-property-regex, babel-plugin-transform-dotall-regex, babel-plugin-transform-named-capturing-groups-regex, babel-plugin-transform-unicode-regex, babel-preset-env
    • #10447 Merge multiple regex transform plugin. (@ JLHwung)
  • babel-preset-env
    • #10612 chore: update web.immediate support fixtures. (@ JLHwung)
  • babel-helper-module-imports
    • #10608 Use .find instead of .filter to get targetPath in ImportInjector. (@ Andarist)
  • Other
    • #10600 Test node@13 on circle. (@ existentialism)
    • #10593 chore: replace outdated travis-ci.org badges [ci skip]. (@ JLHwung)
    • #10591 chore: test against Node.js 13. (@ JLHwung)
    • #10556 Add master branch workflow for test262 tests. (@ jbhoosreddy)
  • babel-runtime
    • #10418 docs: add homepage link. (@ DanArthurGallagher)
  • babel-helper-annotate-as-pure, babel-helper-bindify-decorators, babel-helper-builder-binary-assignment-operator-visitor, babel-helper-builder-react-jsx, babel-helper-call-delegate, babel-helper-define-map, babel-helper-explode-assignable-expression, babel-helper-explode-class, babel-helper-function-name, babel-helper-get-function-arity, babel-helper-hoist-variables, babel-helper-member-expression-to-functions, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-optimise-call-expression, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-helper-simple-access, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-template
    • #10568 Bump babel-types to ^7.6.3. (@ JLHwung)

  🏃‍♀️ Performance

  • babel-traverse
    • #10480 Traverse performance. (@ JLHwung)

  Committers: 28

  • Alejandro Sánchez (alejo90)
  • Bogdan Chadkin (TrySound)
  • Brian Ng (existentialism)
  • Chris Garrett (pzuraq)
  • Daniel Arthur Gallagher (DanArthurGallagher)
  • Devon Govett (devongovett)
  • Eugene Myunster (t0lkman)
  • ExE Boss (ExE-Boss)
  • George Zahariev (gkz)
  • Georgii Dolzhykov (thorn0)
  • Gerald (gera2ld)
  • Huáng Jùnliàng (JLHwung)
  • Ivan Medina (ivandevp)
  • Jaideep Bhoosreddy (jbhoosreddy)
  • Linus Unnebäck (LinusU)
  • Martin Forsgren (dentrado)
  • Mateusz Burzyński (Andarist)
  • Matthew Whitworth (mwhitworth)
  • Micah Zoltu (MicahZoltu)
  • Mohammad Ahmadi (m-ahmadi)
  • Nicolò Ribaudo (nicolo-ribaudo)
  • Simen Bekkhus (SimenB)
  • Tan Li Hau (tanhauhau)
  • Vivek Nayyar (vivek12345)
  • gr (gonzarodriguezt)
  • piotr (pnowak)
  • samuel kwok (samMeow)
  • 彭驰 (chris-peng-1244)
• 7.6.4 - 2019-10-10
  

  v7.6.4 (2019-10-10)

  👓 Spec Compliance

  • babel-parser
    • #10491 Trailing comma after rest - The final fix (@ nicolo-ribaudo)

  🐛 Bug Fix

  • babel-cli, babel-core, babel-generator, babel-helper-transform-fixture-test-runner
    • #10536 Revert "chore: Upgrade source-map to 0.6.1 (#10446)" (@ nicolo-ribaudo)

  Committers: 2

  • Huáng Jùnliàng (@ JLHwung)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
• 7.6.3 - 2019-10-08
  

  v7.6.3 (2019-10-08)

  Thanks to @ hjdivad, @ Basaingeal and @ todofixthis for their first PRs!

  👓 Spec Compliance

  • babel-parser
    • #10469 Disallow await inside async arrow params (@ nicolo-ribaudo)
    • #10493 [parser] Disallow numeric separators in legacy octal like integers (@ gonzarodriguezt)

  🚀 New Feature

  • babel-types
    • #10504 Add declarations for more of @ babel/types exports (@ Jessidhia)

  🐛 Bug Fix

  • babel-plugin-transform-block-scoping
    • #10343 Do not remove let bindings even they are wrapped in closure (@ JLHwung)
  • babel-parser
    • #10119 add scope to TSModuleDeclaration (@ tanhauhau)
    • #10332 Do not allow member expressions to start async arrows (@ nicolo-ribaudo)
    • #10490 [parser] Don't crash on comment after trailing comma after elision (@ nicolo-ribaudo)
  • babel-plugin-transform-react-constant-elements, babel-traverse
    • #10529 Do not hoist jsx referencing a mutable binding (@ nicolo-ribaudo)
  • babel-generator, babel-parser, babel-plugin-transform-block-scoping, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-typescript
    • #10220 Flow: interface identifier should be declared in the scope (@ JLHwung)

  💅 Polish

  • babel-core
    • #10419 assertNoDuplicates throw with more context (@ hjdivad)
    • #10511 Add filename to transform error (@ JLHwung)

  🏠 Internal

  • Other
    • #10506 Use make -j for parallel build (@ JLHwung)
    • #10443 perf: only apply lazy cjs module transform on cli and core (@ JLHwung)
    • #10494 Enable optional chaining and nullish coalescing plugins (@ nicolo-ribaudo)
  • babel-cli, babel-core, babel-generator, babel-helper-fixtures, babel-helper-transform-fixture-test-runner, babel-node, babel-plugin-transform-react-jsx-source, babel-plugin-transform-runtime, babel-preset-env, babel-preset-react
    • #10249 Add windows to travis (@ nicolo-ribaudo)

  🏃‍♀️ Performance

  • babel-parser
    • #10371 perf: replace lookahead by lookaheadCharCode (@ JLHwung)
  • Other
    • #10443 perf: only apply lazy cjs module transform on cli and core (@ JLHwung)

  Committers: 10

  • Brian Ng (@ existentialism)
  • Corey Farrell (@ coreyfarrell)
  • David J. Hamilton (@ hjdivad)
  • Gonzalo Rodríguez (@ gonzarodriguezt)
  • Henry Zhu (@ hzoo)
  • Huáng Jùnliàng (@ JLHwung)
  • Jessica Franco (@ Jessidhia)
  • Michael J. Currie (@ Basaingeal)
  • Nicolò Ribaudo (@ nicolo-ribaudo)
  • Tan Li Hau (@ tanhauhau)
• 7.6.2 - 2019-09-23
  

  v7.6.2 (2019-09-23)

  Thanks to @ FND, @ guywaldman, @ vivek12345, @ TomerAberbach, @ ivandevp and @ gonzarodriguezt for their first PRs!

  👓 Spec Compliance

  • babel-parser
    • #10472 added check to disallow super.private variable access and test case added. (@ vivek12345)
    • #10468 [parser] Disallow numeric separator in unicode scape sequences. (@ ivandevp)
    • #10467 [parser] Invalid NonOctal Decimal. (@ gonzarodriguezt)
    • #10461 [parser] Disallow static fields named constructor. (@ guywaldman)
    • #10455 [parser] Report escapes in kws only if they won't be used as identifiers. (@ nicolo-ribaudo)

  🐛 Bug Fix

  • babel-parser
    • #10445 Leave trailing comments after handling a possible trailing comma. (@ nicolo-ribaudo)
  • babel-cli
    • #10400 fix: allow the process to exit naturally. (@ JLHwung)
  • babel-core
    • #10402 fix: pass optionLoc when validating plugin object. (@ JLHwung)
  • babel-plugin-transform-block-scoping, babel-plugin-transform-spread, babel-traverse
    • #10417 Do not guess relative execution status for exported fns. (@ nicolo-ribaudo)
  • babel-plugin-proposal-object-rest-spread, babel-preset-env
    • #10275 fix object rest in array pattern. (@ tanhauhau)

  🏠 Internal

  • babel-plugin-transform-named-capturing-groups-regex
    • #10430 refactor: replace regexp-tree by regexpu. (@ JLHwung)
  • Other
    • #10441 Update GitHub actions to v2. (@ nicolo-ribaudo)
    • #10427 chore: add lint-ts rule. (@ JLHwung)
  • babel-helper-fixtures
    • #10428 chore: remove tryResolve dependency. (@ JLHwung)
  • babel-node
    • #10429 Remove babel polyfill dependency of babel-node. (@ bdwain)
  • babel-generator, babel-helper-fixtures
    • #10420 chore: remove trim-right dependency. (@ JLHwung)
  • babel-core, babel-plugin-transform-runtime, babel-register
    • #10405 Remove circular dependency. (@ nicolo-ribaudo)

  🏃‍♀️ Performance

  • babel-parser
    • #10421 Miscellaneous perf tweak. (@ JLHwung)

  Committers: 8

  • Bryan Wain (bdwain)
  • Gonzalo Rodríguez (gonzarodriguezt)
  • Guy Waldman (guywaldman)
  • Huáng Jùnliàng (JLHwung)
  • Ivan Medina (ivandevp)
  • Nicolò Ribaudo (nicolo-ribaudo)
  • Tan Li Hau (tanhauhau)
  • Vivek Nayyar (vivek12345)
• 7.6.0 - 2019-09-06
  

  v7.6.0 (2019-09-06)

  👓 Spec Compliance

  • babel-generator, babel-parser
    • #10269 Fix parenthesis for nullish coalescing (@ vivek12345)
  • babel-helpers, babel-plugin-transform-block-scoping, babel-traverse
    • #9498 Fix tdz checks in transform-block-scoping plugin (@ nicolo-ribaudo)

  🚀 New Feature

  • babel-core
    • #10181 feat(errors): validate preset when filename is absent (@ JLHwung)
  • babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-private-methods
    • #10217 Class Private Static Accessors (@ tim-mc)
  • babel-generator, babel-parser, babel-types
    • #10148 V8intrinsic syntax plugin (@ JLHwung)
  • babel-preset-typescript
    • #10382 Allow setting 'allowNamespaces' in typescript preset (@ dsgkirkby)
  • babel-parser
    • #10352 Do not register ambient classes to the TS scope (@ nicolo-ribaudo)
  • babel-types
    • #10248 Add static to class property builder (@ yuri-karadzhov)

  🐛 Bug Fix

  • babel-helpers, babel-plugin-transform-destructuring, babel-plugin-transform-modules-commonjs, babel-preset-env
    • #10396 fix: early return when instance is not iterable (@ JLHwung)
  • babel-plugin-transform-runtime
    • #10398 Add supports for polyfill computed methods (@ rhyzx)
  • babel-preset-env
    • #10397 Don't polyfill when evaluation is not confident (@ rhyzx)
    • #10218 [preset-env] Include / exclude module plugins properly (@ AdamRamberg)
    • #10284 Replace es.string.reverse with es.array.reverse (@ epicfaace)
  • babel-plugin-transform-named-capturing-groups-regex
    • #10395 fix: transform name capturing regex once (@ JLHwung)
  • babel-types
    • #10098 fix typescript for babel-types (@ tanhauhau)
    • #10319 Add a builder definition including name for tsTypeParameter (@ deificx)
  • babel-parser
    • #10380 Refactor trailing comment adjustment (@ banga)
    • #10369 Retain trailing comments in array expressions (@ banga)
    • #10292 fix: assign trailing comment to ObjectProperty only when inside an ObjectExpression (@ JLHwung)
  • babel-parser, babel-types
    • #10366 Don't allow JSXNamespacedName to chain (@ jridgewell)
  • babel-generator, babel-plugin-transform-typescript,