[Snyk] Fix for 1 vulnerabilities

[juanjmerono]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-uglify

The new version differs by 83 commits.

• d7704c4 v0.11.1
• c129bf6 Merge pull request #377 from avdg/fix-screw-ie8-option-crash
• d74556f Merge pull request #387 from joeldenning/patch-1
• 758b7d5 Merge branch 'master' of github.com:gruntjs/grunt-contrib-uglify
• 92c84c8 Point main to task
• 0b00c0b Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
• 52cc6ae Merge pull request #388 from swarajgiri/bump-dependencies
• 2ff0283 Update lodash, maxmin and dev dependencies
• 6352022 Improve documentation for conditional compilation
• a6dd1cb Merge pull request #386 from ramswaroop/master
• f3c4592 Update README.md
• ea77dde Merge pull request #375 from jrhite/master
• 63279df Update copyright to 2016
• 71bf6f5 Merge branch 'master' of https://github.com/vibornoff/grunt-contrib-uglify into fix-screw-ie8-option-crash
• be7de43 CI: Remove node.js '0.12' and add '5'.
• 8578547 add handling of mangle_properties regex option in uglifyjs
• 1deb3be v0.11.0
• 13e95a2 Bump uglify-js to v2.6.0.
• 17ee505 Revert "Do not use "^" versions, ever, use ~"
• 2562bb2 v0.10.1
• 326f932 Merge pull request #369 from Rialgar/patch-1
• 7276245 Do not use "^" versions, ever, use ~
• b8bd228 v0.10.0
• e47d9e1 Merge pull request #361 from UltCombo/patch-1

See the full diff

Package name: log4js

The new version differs by 250 commits.

• 45eca69 3.0.0
• 7597c52 Merge pull request #755 from log4js-node/inspect-deprecated
• 16b8754 fix: removed semver dep, not needed
• 20a6b29 fix: removed the custom inspect thing as it was only need for node < 6
• 58cd7d2 chore: added node v10 to the travis builds, removed v7
• 7f2b1c2 docs: fixed references to external appenders
• dcdf2ad Merge pull request #754 from log4js-node/version-3.x
• 8c8eea5 test: fixed up the types test
• 8ad2c39 2.11.0
• 24d2663 Merge pull request #753 from log4js-node/remove-logfaces-udp
• 467f670 chore: removed the logFaces-UDP appender
• 2db6bb0 Merge branch 'master' into version-3.x
• e605365 Merge pull request #752 from log4js-node/deprecate-logfaces-udp
• db9271b chore: deprecated logFaces-UDP
• 6031257 Merge pull request #748 from log4js-node/remove-logFaces-HTTP
• 3a56566 chore: removed logFaces-HTTP appender
• 06c56b4 chore: turned off unused locals complaint for types (caused by levels)
• 5618fdb Merge branch 'master' into version-3.x
• 111fced Merge pull request #747 from log4js-node/deprecate-logfaces-http
• 29a238a chore: deprecated logFaces-HTTP appender
• 83440fa Merge pull request #745 from nicojs/744-fix-levels-typing
• 18ad653 fix(typings): correctly type the `levels` property
• 6b60cd9 Merge pull request #742 from log4js-node/remove-logstash-http
• 16603ca chore: removed logstash-http appender

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)