Dependabot Alert: Github Security Advisory: Consider using devDependency grunt 1.5.3 instead of 1.4.1

[rossaddison]

Jquery-ui is using Grunt version 1.4.1 (package.json) which makes it vulnerable to the following:

GHSA-rm36-94g8-835r

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root.

Fix available: gruntjs/grunt@58016ff

[mgol]

Thanks for the report. PR: #2091.