[Snyk] Fix for 2 vulnerabilities

[Aquadita]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: knex

The new version differs by 250 commits.

• ed0e8a5 Fix SQLite not doing rollback when altering columns fails (#4336)
• 3c70dca Prepare 0.95.0 for release
• c1ab23c Await asynchronous expect assertions (#4334)
• 3e6176a SQLite parser improvements (#4333)
• a98614d Made the constraint detection case-insensitive (#4330)
• 5d2db21 Fix ArrayIfAlready type (#4331)
• 887a4f6 Improve join and conflict types v2 (#4318)
• 29b8a36 Adjust generateDdlCommands return type (#4326)
• d807832 mssql: schema builder - attempt to drop default constraints when changing default value on columns (#4321)
• c0d8c5c mssql: schema builder - add predictable constraint names for default values (#4319)
• 5ec76f5 Convert produced statements to objects before querying (#4323)
• 9e28a72 Add support for altering columns to SQLite (#4322)
• 7db2d18 fix mssql alter column must have its own query (#4317)
• 371864d Bump typescript from 4.1.5 to 4.2.2 (#4312)
• 6c3e7b5 mssql: don't raise query-error twice (#4314)
• 168f2af Bump eslint-config-prettier from 7.2.0 to 8.1.0 (#4315)
• 3718d64 Respect KNEX_TEST, support omitting sqlite3 from DB, and reduce outside mssql test db config (#4313)
• c58794b Prepare to release 0.95.0-next3
• 61e1046 Avoid importing entire lodash to ensure tree-shaking is working correctly (#4302)
• 8c73417 events: introduce queryContext on query-error (#4301)
• b6fd941 Include 'name' property in MigratorConfig (#4300)
• 9581100 Prepare to release 0.95.0-next2
• 5614c18 Timestamp UTC Standardization for Migrations (#4245)
• 4899346 Fix for ES Module detection using npm@7 (#4295) (#4296)

See the full diff

Package name: nodemon

The new version differs by 98 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of [email protected]

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption