[Snyk] Fix for 15 vulnerabilities

[robdyke]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • nh_eobs_mobile/static/dev/less/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 243 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-flatten

The new version differs by 12 commits.

• 0119b8c new verstion with dropped deprecated deps
• 14b1908 tests now passes on node 9.x.x
• fc2e3f9 Merge pull request [Snyk] Security upgrade karma-sauce-launcher from 0.2.14 to 1.1.0 #15 from TheDancingCode/issue-14
• bff1212 Drop dependency on deprecated `gulp-util`
• 8a83216 exapmple output fix
• 04c2b46 v0.3.1
• 7fc66c4 refactor: nested functions was defined on each call
• 2229a21 bump v0.3.0
• 48a1557 update deps
• ce64bc0 Merge pull request [Snyk] Fix for 42 vulnerabilities #11 from fkammer/new-subpath-option
• 0b24d9c Updated Readme
• a5c26a7 Adds option subPath

See the full diff

Package name: gulp-less

The new version differs by 30 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support less@3.0.0 - closes #269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (#281)
• 9f9e643 3.4.0
• f58e0f7 Remove gulp-util
• dd37ea2 3.3.2
• dfefda3 update deps, clean files
• 18d0880 3.3.0
• cf6d8a6 Update package.json (#253)
• 3db484e Docs: Update Changelog through 3.2.0 (#258)
• 052aea7 3.2.0
• c48064c Merge pull request #238 from wolfy1339/less-version-fix
• c5a391d Updated libraries
• 6fa258b Make sure we explicitly skip the 2.7.0 release of less
• 6ebfdeb Merge branch 'master' of github.com:plus3network/gulp-less
• 772cead 3.1.0
• 346999e Merge pull request #233 from stevelacy/master
• a9a1f75 upgrade accord dependency
• 439d535 Remove recommended css minifier from readme
• 6daff72 Merge pull request #219 from jkalina/feature/upgrade-less
• f1bf5cb upgrade less
• 400f49d Merge pull request #217 from marti1125/master
• e824ff2 update Minifying CSS gulp plugin

See the full diff

Package name: less

The new version differs by 145 commits.

• b76db17 v2.7.0
• 9434469 Merge pull request #2894 from nex3/update-name
• 657972c Update my name.
• 9db686a polish abstractFileManager.extractUrlParts comments
• e72751a Merge pull request #2892 from Taritsyn/master
• cb1f0f5 Fix invalid extraction of the host part from URL
• d07a9b6 Fix for #2841 - Fix reversion for "color-like" keywords.
• d100bae Merge pull request #2874 from jeremyVignelles/master
• d6ec55e removed dependency to package "request" (closes #2870)
• c5fe893 Merge pull request #2830 from gtalusan/master
• dff9697 make --depends generate no output
• e257ebb fix broken license string
• ff94626 Merge branch 'master' of https://github.com/less/less.js
• 4c67576 Merge pull request #2860 from shkdee/patch-1
• 981cb95 Remove unreachable code
• 848c8ac Fix to function imports - only flag known nodes, empty function results allowed
• 96877c7 Merge pull request #2859 from stweil/master
• bf279b3 Fix typos found by codespell
• f4957bd Merge pull request #2858 from zzzzBov/patch-1
• 7853edc Fix AST to include text for single line comments
• 5bf6329 Merge pull request #2853 from addaleax/path-dirname-string-input
• ec04a03 bin/lessc: Make sure path.dirname gets passed strings
• 2c974b2 Add some more URLs for less-docs builds
• c548e3c Add master branch path for less-docs builds

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication