[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request #6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request #6452 from webpack/update_acorn
• 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request #6561 from joshunger/patch-1
• 6e175bc Merge pull request #6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request #6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Package name: winston

The new version differs by 250 commits.

• b47d5d5 3.3.0
• b6bc918 Prepare for v3.3.0
• 9354721 doc: fix whitespace and trailing comma. (#1778)
• 3d07a80 docs: add example of uncaughtRejections logging (#1780)
• df25fa2 fix: change property of handleRejections (#1779)
• 950cbcd Add options to request (#1777)
• 1c75292 Update package-lock.json (#1772)
• e7d13d5 Exclude unnecessary files from npm package (#1768)
• 75f7edf Fix removes a logger when pass undefined transport (#1785)
• 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)
• 73ae01f Update Sentry transport `require` change (#1754)
• 7b67eb0 Fix typo (#1750)
• 1679c49 Fix Issue where winston removes transport on error (#1364) (#1714)
• 0e0cf14 Fix #1690 (#1691)
• 85a250a Node 12 is LTS now
• bea9c34 Update README.md (#1743)
• 319abf1 Add defaultMeta to Logger index.d.ts (#1736)
• c719706 (typo) Missing label import in example (#1733)
• 8944598 Update index.d.ts (#1729)
• 7bb258c Fix `npm` logging levels on README.md (#1737)
• 64744d7 #1567: document common transport options (#1723)
• ae2335b Add Humio transport link to docs (#1705)
• 785bd9e UPDATE levels on readme (http added) (#1650)
• 4f44acb Add PostgresQL transport to list of community transports (#1697)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Directory Traversal