[Snyk] Fix for 3 vulnerabilities

[smarkussen19]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	Yes	No Known Exploit
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: elliptic

The new version differs by 10 commits.

• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• 7570078 6.5.5
• 206da2e lib: lint
• 0a78e03 [Fix] restore node < 4 compat
• 43ac7f2 6.5.4
• f4bc72b package: bump deps
• 441b742 ec: validate that a point before deriving keys
• e71b2d9 lib: relint using eslint
• 8421a01 build(deps): bump elliptic from 6.4.1 to 6.5.3 ([Snyk(Unlimited)] Upgrade from thebespokepixel/es-tinycolor to thebespokepixel/es-tinycolor snyk-fixtures/npm-lockfiles#231)

See the full diff

Package name: engine.io

The new version differs by 250 commits.

• 9b80ab4 chore(release): engine.io@6.6.2
• a5d2368 ci: ignore tests when publishing to npm (bis)
• 88efd44 chore(deps): bump cookie to version 0.7.2 ([Snyk] Fix for 1 vulnerabilities snyk-fixtures/npm-lockfiles#5205)
• d0fc720 chore(release): socket.io@4.8.0
• 4a0555c chore(release): socket.io-client@4.8.0
• 2b60df1 chore(release): engine.io@6.6.1
• d4cb375 ci: ignore tests when publishing to npm
• c251ae7 chore(release): engine.io-client@6.6.1
• 8a2f5a3 fix(eio-client): move 'offline' event listener at the top
• b04fa64 fix(sio): allow to join a room in a middleware (uws)
• 7085f0e refactor(sio-client): mangle private attributes
• 4f66708 chore(sio-client): use babel loose mode when transpiling classes
• 1a95db2 chore(sio-client): add a script to compute the bundle size
• 282ae92 chore(sio-client): restore the debug package in the dev bundle
• 93010ca chore(eio-client): bump xmlhttprequest-ssl to version 2.1.1
• 132d05f fix(sio): expose type of default engine
• d5095fe fix(eio): prevent the client from upgrading twice (uws)
• da61381 test(eio): bump uWebSockets.js to version 20.48.0
• 19c48a4 refactor(sio): break circular dependency in source code
• 9b3c9ab fix(eio-client): only remove the event listener if it exists
• 043b55c refactor(sio): simplify middleware execution (bis)
• 32c761f refactor(sio): export the ExtendedError type
• 1f54ee0 refactor(sio): simplify middleware execution
• 923a12e fix(eio): discard all pending packets when the server is closed

See the full diff

Package name: react-middle-truncate

The new version differs by 12 commits.

• 41a37e7 1.0.1
• b9c235d RC v1.0.1 ([Snyk] Fix for 1 vulnerabilities #7)
• 3f3c1fe fix: resolve alias for utils folder for library webpack config
• 5c0967b fix: Readme typos.
• e455feb Merge branch 'master' of github.com:matt-d-rat/react-middle-truncate
• 6575007 fix: Security vulnerabilities in dev dependencies + upgrade dev dependencies ([Snyk] Security upgrade lodash from 4.17.10 to 4.17.20 #6)
• ec9004e Merge branch 'master' of github.com:matt-d-rat/react-middle-truncate
• 3104743 fix: `measure-text` security vulnerability ([Snyk] Fix for 11 vulnerabilities #5)
• 0bbfd4f Merge branch 'master' of github.com:matt-d-rat/react-middle-truncate
• 2f1dc21 go with class properties all the way ([Snyk] Fix for 11 vulnerabilities #2)
• c192168 chore: Add development setup section to the contributing docs.
• 83ab391 chore: fix typo in README.md

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)