[Snyk] Fix for 1 vulnerabilities

[juanjmerono]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt-contrib-less

The new version differs by 77 commits.

• e6e4c29 Merge pull request #308 from gruntjs/deps
• 30f5d4b v1.3.0.
• c116cc0 Update CI configs from the latest grunt-contrib-internal.
• 6ecb76e Update lodash.
• c8506f1 Ignore latedef for now as it is used in this task
• 6065301 Update grunt and devDeps to 1.0
• 3e26653 Update docs.
• 27eea93 Update CHANGELOG.
• 2e7ea1e Merge pull request #297 from adjohnson916/patch-2
• 4df7f08 Merge pull request #298 from adjohnson916/patch-1
• 57e25ff Fix tests inconsistency.
• 6debbb4 v1.2.0 bump
• c3168e6 v1.2.0
• 43610ab Merge pull request #302 from plesiecki/patch-1
• a2db4bd update less
• 33ad236 Merge branch 'master' of github.com:gruntjs/grunt-contrib-less
• 5d5b5d6 Point main to task
• 6b5ac2d Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
• e5faef8 Merge pull request #301 from ktkaushik/master
• 14a1582 adding register task name issue on README for better clarity
• 28f23e7 Update copyright to 2016
• 44b4073 Add period to plugins option in README.
• 69f153a README consistent LESS, data URI, code blocks.
• 5dab417 CI: Remove node.js '0.12' and add '5'.

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 83 commits.

• d7704c4 v0.11.1
• c129bf6 Merge pull request #377 from avdg/fix-screw-ie8-option-crash
• d74556f Merge pull request #387 from joeldenning/patch-1
• 758b7d5 Merge branch 'master' of github.com:gruntjs/grunt-contrib-uglify
• 92c84c8 Point main to task
• 0b00c0b Remove peerDeps. Ref Remove peerDependencies from plugins gruntjs/grunt#1116
• 52cc6ae Merge pull request #388 from swarajgiri/bump-dependencies
• 2ff0283 Update lodash, maxmin and dev dependencies
• 6352022 Improve documentation for conditional compilation
• a6dd1cb Merge pull request #386 from ramswaroop/master
• f3c4592 Update README.md
• ea77dde Merge pull request #375 from jrhite/master
• 63279df Update copyright to 2016
• 71bf6f5 Merge branch 'master' of https://github.com/vibornoff/grunt-contrib-uglify into fix-screw-ie8-option-crash
• be7de43 CI: Remove node.js '0.12' and add '5'.
• 8578547 add handling of mangle_properties regex option in uglifyjs
• 1deb3be v0.11.0
• 13e95a2 Bump uglify-js to v2.6.0.
• 17ee505 Revert "Do not use "^" versions, ever, use ~"
• 2562bb2 v0.10.1
• 326f932 Merge pull request #369 from Rialgar/patch-1
• 7276245 Do not use "^" versions, ever, use ~
• b8bd228 v0.10.0
• e47d9e1 Merge pull request #361 from UltCombo/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution