[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-HANDSONTABLE-1019380	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HANDSONTABLE-1726770	Yes	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767167	No	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767175	No	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767767	No	Proof of Concept
	Insecure Configuration SNYK-JS-VEGAEMBED-567898	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	Cross-site Scripting (XSS) npm:jquery-ui:20160721	No	No Known Exploit

Commit messages

Package name: vega-embed

The new version differs by 250 commits.

• e81d5e2 v6.7.0
• 3d5c5c8 fix: switch to click (Developing 'showeval' Directive RunestoneInteractive/RunestoneComponents#425)
• cb59b76 chore: switch from Travis to GitHub actions (Fix: Use OS-independent path manipulations. RunestoneInteractive/RunestoneComponents#424)
• 2d82d0e Bump jest from 25.5.2 to 25.5.3
• 3e02541 Bump rollup from 2.7.5 to 2.7.6
• 1622758 Bump terser from 4.6.12 to 4.6.13
• 4a0997e Bump jest from 25.5.1 to 25.5.2
• 9ec8ecd Only allow post data to specific origin.
• 1aa5594 Upgrade deps
• 8f6f713 Bump jest from 25.4.0 to 25.5.0
• c041fe4 Bump rollup from 2.7.2 to 2.7.3
• c801e6e Upgrade deps, fix typo
• 659b794 Test supported node versions (Can't remove a question from an assignment without refreshing page RunestoneInteractive/RunestoneComponents#415)
• 9750916 Bump terser from 4.6.11 to 4.6.12
• 2de73bd Bump concurrently from 5.1.0 to 5.2.0
• 20b0e52 Bump node-sass from 4.13.1 to 4.14.0
• 4a64229 Bump rollup from 2.7.1 to 2.7.2
• f2ff5c4 Bump vega-lite from 4.10.5 to 4.11.0
• 42679f5 Bump rollup from 2.6.1 to 2.7.1
• 0f8defa Bump jest from 25.3.0 to 25.4.0
• 46918df Bump vega-lite from 4.10.4 to 4.10.5
• 60b5a35 Bump @ rollup/plugin-json from 4.0.2 to 4.0.3
• dcc1616 Bump ts-jest from 25.3.1 to 25.4.0
• cad6bb0 v6.6.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic