[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • openam-ui/openam-ui-ria/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-GETOBJECT-1054932	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Command Injection SNYK-JS-NODENOTIFIER-1035794	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 82 commits.

• 6f49017 1.3.0
• faab6be Merge pull request #1720 from gruntjs/update-changelog-deps
• 520fedb Update Changelog and legacy-util dependency
• 7e669ac Merge pull request #1719 from gruntjs/yaml-refactor
• e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
• 7125f49 Merge pull request #1718 from gruntjs/legacy-log-bumo
• 00d5907 Bump legacy-log
• 3b75085 1.2.1
• ae11839 Changelog update
• 9d23cb6 Merge pull request #1715 from sibiraj-s/remove-path-is-absolute
• e789b1f Remove path-is-absolute dependency
• 27bc5d9 Merge pull request #1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request #1570 from bhldev/feature-options-keys
• ee70306 Merge pull request #1697 from philz/1696
• 05c0634 Merge pull request #1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request #1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request #1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request #1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request #1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link

See the full diff

Package name: karma-notify-reporter

The new version differs by 11 commits.

• 9716b7a bump version to 1.1.0
• 50267a1 Update node-notifier dependency, fix broken variable name ([Snyk] Security upgrade jsdoc from 3.4.3 to 3.6.8 #13)
• 2189ca3 report back to success, [Snyk] Security upgrade karma from 1.3.0 to 2.0.0 #1 ([Snyk] Upgrade jsdoc from 3.4.3 to 3.6.7 #5)
• c2e8639 bump node-notifier version ([Snyk] Security upgrade grunt-eslint from 19.0.0 to 20.0.0 #12)
• bf04cb5 fix: package.json & .snyk to reduce vulnerabilities ([Snyk] Security upgrade grunt-eslint from 19.0.0 to 22.0.0 #11)
• fa44914 fix: package.json & .snyk to reduce vulnerabilities ([Snyk] Security upgrade grunt-eslint from 19.0.0 to 23.0.0 #10)
• e500798 Merge pull request [Snyk] Security upgrade mocha from 3.2.0 to 4.0.0 #8 from neagle/update-readme
• 01de291 Merge pull request [Snyk] Fix for 13 vulnerabilities #9 from ManuelRauber/patch-1
• a526cce Corrected typo
• 8c2335c Update README
• 6f3ddaa Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[pull-request-quantifier-deprecated]

This PR has 4 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +2 -2
Percentile : 1.6%

Total files changed: 1

Change summary by file extension:
.json : +2 -2

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.