[Snyk] Fix for 24 vulnerabilities

[137717unity]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json
  • deps/npm/docs/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 2c324f6 chore(release): Publish
• 55c7183 feat(contentful): add support for tables in Rich Text (http: make http.OutgoingMessage inherit Stream.Writable nodejs/node#33870)
• 053180a fix(gatsby): Better TS compilation error (doc: clarify experimental API elements in vm.md nodejs/node#35594)
• 0cf0bd9 chore(release): Publish next
• 9a91295 fix(gatsby-plugin-image): fix image flickers (build: fix landed message for multiple commits in commit-queue nodejs/node#35226)
• f358dc3 chore(release): Publish next
• 966aca8 feat(gatsby): Improvements to GraphQL TypeScript Generation (Segfault while running JS code nodejs/node#35581)
• 8bad9b3 perf(gatsby): Minify page-data (tools: update ESLint to 7.11.0 nodejs/node#35578)
• 39e9840 chore(gatsby): Expose `serverDataStatus` field in SSR type declaration file (doc: edit fs.md for minor style changes nodejs/node#35505)
• ebd63b2 feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) (doc: fix YAML syntax errors nodejs/node#35529)
• 5e51519 fix(gatsby-source-wordpress): update test deps and fix int tests (Error Assertion `args[3]->IsInt32()' failed nodejs/node#35582)
• 128c7bb feat(gatsby-source-wordpress): always include draft slugs (node only using half of the available memory nodejs/node#35573)
• abc6dca feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper (url.pathToFileURL should not dedup '/' in path nodejs/node#35507)
• e51c3a3 chore(release): Publish next
• c9d98a4 feat(gatsby): Initial GraphQL Typegen Implementation (fs: do not throw exception after creating FSReqCallback nodejs/node#35487)
• 17cbc7c fix(deps): update minor and patch dependencies for gatsby-source-graphql (doc: add release key for Danielle Adams nodejs/node#35545)
• 10752ed fix(deps): update dependency fs-extra to ^10.1.0 (tools,doc: fix global table of content active element nodejs/node#34976)
• 0abdcd6 fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript (#35550)
• 7cda002 fix(deps): update dependency eslint-plugin-import to ^2.26.0 (doc: add documentation for starting ci job via label nodejs/node#35551)
• 3e74a9f fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 (src: refactor TLSWrap nodejs/node#35552)
• fb98116 fix(deps): update minor and patch dependencies for gatsby-source-drupal (Require statement and comment is added in the v8.getheapsnapshot() example nodejs/node#35554)
• c09287a chore(deps): update starters and examples (fs: use validateBoolean() in rm/rmdir validation nodejs/node#35565)
• bf854ca fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link (weird behaviour from uncaughtExceptionMonitor for unhandled rejections nodejs/node#35291)
• 71eb414 chore(deps): update dependency typescript to ^4.6.4 (doc: fix broken link to writableEnded in deprecations doc nodejs/node#34984)

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (doc: fixes ESM/CJS wrapper example nodejs/node#34853) (Diagnostic report does not report javascriptStack - making it essentially useless nodejs/node#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (net: replace usage of internal stream state with public api nodejs/node#34885) (src,doc: fix grammar due to missing 'is' nodejs/node#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (Pipeline error causing stream nodejs/node#34842) (http: remove usage of internal stream state from _http_server nodejs/node#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (https/http2: random crashes on macOS with simple server nodejs/node#34854) (meta: enable wasi for CODEOWNERS nodejs/node#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (Potential Regression/Change: Connection doesn't reset on HEAD nodejs/node#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (Windows: child_process.spawn leaving orphaned processes around when running processes in an sh shell nodejs/node#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (doc: improve async_hooks snippets nodejs/node#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (build: run link checker in linter workflow nodejs/node#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (test: fix test-cluster-net-listen-relative-path.js to run in / nodejs/node#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (doc: adopt Microsoft Style Guide officially nodejs/node#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (Build structure for OSS-Fuzz integration nodejs/node#34761)
• 21ef185 chore(changelogs): update changelogs (TakeSnapshot takes too long nodejs/node#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (test,n-api: delete strong ref w/o unrefing first nodejs/node#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (HTTP Parser issues with newline \n nodejs/node#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (doc: move module core module doc to separate page nodejs/node#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (net: validate custom lookup() output nodejs/node#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (doc: broken links in doc/guides/commit-queue.md nodejs/node#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (Option to hide "Debugger attached" console log on connected debugger nodejs/node#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (test: move test-inspector-already-activated-cli to parallel nodejs/node#34755)
• 7b958f9 docs: update typo Forestry (Add the option to leave the last stream open to Stream.pipeline, similar to the end opton on pipe nodejs/node#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (why V8 platform symbol not exported nodejs/node#34790)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• 92543af chore(release): Publish
• e79623c fix(create-gatsby): Missing "plugins" in cmses.json (Full support of WhatWg Streams nodejs/node#36566)
• a373d80 chore(docs): Remove `content` from sourcing guide (#36562)
• 8b59183 fix(gatsby): Remove default support for non ESM browsers ([Bug] Remove the incorrect event listener. nodejs/node#36522)
• fab2db2 chore: setup v5 release channel (tools: fix release script nodejs/node#36540)
• bac1e7a chore(gatsby): Update `react-refresh` to `^0.14.0` ([v14.x] Revert "http: lazy create IncomingMessage.headers" nodejs/node#36553)
• 5f6ad91 chore(deps): update dependency autoprefixer to ^10.4.8 for gatsby-plugin-sass (doc: nodejs/node#36273)
• cc3ef79 fix(deps): update dependency eslint-plugin-react-hooks to ^4.6.0 (403 Forbidden for the most recent coverage reports nodejs/node#36040)
• 856b695 chore(deps): update [dev] minor and patch dependencies for gatsby-legacy-polyfills (src: fix compiler warning in env.cc nodejs/node#35547)
• 0b6e823 chore(deps): update dependency @ types/semver to ^7.3.12 (n-api: emit uncaught-exception on calling into modules nodejs/node#36510)
• 0e56ad6 chore(deps): update dependency microbundle to ^0.15.1 for gatsby-link (build: ./node built with --node-builtin-modules-path runs into an error recently nodejs/node#36512)
• 80f6616 chore(deps): update dependency microbundle to ^0.15.1 for gatsby-script (Syntax error thrown for correct syntax within node shell nodejs/node#36513)
• 34c8e51 fix(deps): update dependency eslint-plugin-jsx-a11y to ^6.6.1 (test: add missing test coverage for setLocalAddress() nodejs/node#36039)
• afba8ca chore(deps): update [dev] minor and patch dependencies for gatsby-source-shopify (test,tools: use .then(common.mustCall()) for all async IIFEs + linter rule nodejs/node#34363)
• b55e1d5 chore(docs): monorepos support (doc: run license-builder nodejs/node#36504)
• 8aeae21 fix(gatsby): pass custom graphql context provided by createResolverContext to materialization executor (lib: restate the code to use primordials nodejs/node#36552)
• 9c5eacf fix(gatsby): Handle renderToPipeableStream errors (v14.15.3 proposal nodejs/node#36555)
• 42e241c feat(gatsby): split up head & page component loading (doc: simplify worker_threads.md text nodejs/node#36545)
• dc9aa9a chore(gatsby): perfect `GatsbyConfig.proxy` type (test: redirect stderr EnvironmentWithNoESMLoader nodejs/node#36548)
• 1125e58 fix: ci pipeline (doc: Piping multiple streams to the same Writable stream might not end nodejs/node#36544)
• 7fe8e51 fix(deps): update dependency react-docgen to ^5.4.3 for gatsby-transformer-react-docgen (stdio: implement manual start for ReadStream nodejs/node#36277)
• bc04e8f chore(docs): migrate cloud docs to dotcom(1) (Add two tips for speeding up the dev builds nodejs/node#36452)
• 59c1f4f fix(deps): update starters and examples - gatsby (doc: os.uptime() temporary bug notice nodejs/node#36503)
• 0d4dfe9 chore(docs): update url of `deleteNode` (worker: implement Web Locks API nodejs/node#36502)

See the full diff

Package name: gatsby-source-filesystem

The new version differs by 250 commits.

• b8eac2d chore(release): Publish
• 3253a38 fix(gatsby-plugin-mdx): Hashing and pluginOptions (doc: add missing version to timers docs nodejs/node#36387) (deps: upgrade npm to 7.1.0 nodejs/node#36395)
• 1880491 fix(gatsby-script): Reach router import (src: fix node version nodejs/node#36385) (async_hooks: use new v8::Context PromiseHook API nodejs/node#36394)
• f664ad2 feat(gatsby): Telemetry tracking for Head API ([v12.x backport] v8: implement v8.takeCoverage() and v8.stopCoverage() nodejs/node#36352)
• ab55e4e chore: Update `got` (test: fix child-process-pipe-dataflow nodejs/node#36366)
• 2b4ff76 fix(gatsby): Make runtime error overlay work in non-v8 browsers (src: use using declarations consistently nodejs/node#36365)
• f990e08 fix(test): clear and close lmdb after each test suite (Retain async context when notifying PerformanceObservers nodejs/node#36343)
• 7fcf580 fix(gatsby): e.remove() is not a function when using Gatsby Head API (doc: Add issue reference to the PR template nodejs/node#36338)
• 25fb9d1 chore: Fix pipeline tests (Does the `decode` and `encode` of Query string can be deprecated? nodejs/node#36363)
• a9132a5 chore(deps): update sharp (Windows is flagging node as unsafe nodejs/node#35539)
• bc80c23 chore: Add note about rehype-slug-custom-id
• 5b6f1f6 chore(gatsby): upgrade multer (doc: Revise Github to GitHub nodejs/node#36359)
• f2f0acf chore(gatsby-telemetry): upgrade git-up (string_decoder: refactor to use more primordials nodejs/node#36358)
• 86a8efc chore(release): Publish next
• 0705ac7 chore(gatsby-plugin-mdx): Update .gitignore
• c92db36 BREAKING CHANGE(gatsby-plugin-mdx): MDX v2 (deps: V8: backport 4263f8a5e8e0 nodejs/node#35650)
• 3c0dd6d chore(release): Publish next
• 86b6ee9 Revert "chore(gatsby): Make `plugins` in `PluginOptions` type optional (importModuleDynamically for vm module is cached nodejs/node#36351)"
• a2fa5a2 chore(gatsby): Make `plugins` in `PluginOptions` type optional (importModuleDynamically for vm module is cached nodejs/node#36351)
• 6ecfe4a fix(gatsby-source-contentful): Correctly overwrite field type on Assets (WHATWG-URL may not display poperly nodejs/node#36337)
• 0ed362c chore(docs): Pre-encoded unicode characters can't be used in paths (Axios causes node.exe to crash without possibility to catch the exception nodejs/node#36325)
• 2bbe96d fix(deps): update dependency file-type to ^16.5.4 for gatsby-source-filesystem (tools: fix undeclared identifier FALSE nodejs/node#36276)
• 2be3fa7 chore(docs): Add first batch of Cloud docs ([AtOmXpLuS](https://github.atomxplus.com) nodejs/node#36218)
• 4238142 chore(docs): Remove outdated examples and recipes (docs: revised the link about the Collaborators discussion page  nodejs/node#36335)

See the full diff

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (test: scale keepalive timeouts for slow machines nodejs/node#30834) (Assertion `!flush_tasks_' failed in parallel/test-worker-memory nodejs/node#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (doc: fix recommendation of setImmediate() over process.nextTick() nodejs/node#30801) (FinalizationGroup in combination with buffers seems to allocate memory without releasing it nodejs/node#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (#30793) (stream: error state timing nodejs/node#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (assert,util: always verify both sides nodejs/node#30764) (console: unregister temporary error listener nodejs/node#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (Impossible to catch error during tls.connect(duplex) nodejs/node#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (lib: delay access to CLI option to pre-execution nodejs/node#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (test: increase debugging information in subprocess test nodejs/node#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (src: improve node_crypto.cc memory allocation nodejs/node#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (test: use block-scoping in test-net-server-address nodejs/node#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (doc: revise addons introduction for brevity and clarity nodejs/node#30756)
• 81ec270 chore: Add backport script (inspector: do not access queueMicrotask from global nodejs/node#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (wasi: use memory-tracking allocator nodejs/node#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (doc: clarify text about using 'session' event for compatibility nodejs/node#30746)
• ecd823f perf(gatsby): cache babel config items (doc: amplify warning for execute callback nodejs/node#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (stream: improve write performance nodejs/node#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (deps: V8: cherry-pick 0dfd9ea51241 nodejs/node#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (vm: introduce vm.Context nodejs/node#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util ([v8.x backport] Windows CI job update changes nodejs/node#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (DanFruth test edit nodejs/node#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (deps: update nghttp2 to 1.40.0 nodejs/node#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (tls: introduce ERR_TLS_INVALID_CONTEXT nodejs/node#30718)

See the full diff

Package name: prismjs

The new version differs by 250 commits.

• 703881e 1.27.0
• 7ac1373 Updated changelog for v1.27.0 (http: fix stalled pipeline bug nodejs/node#3342)
• e002e78 Command Line: Escape markup in command line output (Unhandled thrown error in cluster module: nodejs/node#3341)
• 13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (test: remove util from test-repl-setprompt nodejs/node#3338)
• f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (doc: show keylen in pbkdf2 as a byte length nodejs/node#3334)
• 9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (not a issue but a question: how many uv-loop in one node.js process?  nodejs/node#3333)
• 3fcca6b Bump pathval from 1.1.0 to 1.1.1 (lib: fix undefined timeout regression nodejs/node#3331)
• 1784b17 Command Line: Add support for line continuation and improved colors (Required json file is not removed from cache, even after a re-install nodejs/node#3326)
• f545843 ESLint: Allow `Map` and `Set` in ES5 code (SIGINT hardcoded to Ctrl+C? nodejs/node#3328)
• d6c5372 PureBasic: Added missing keyword and fixed constants ending with `$` (doc: replace node-gyp link with nodejs/node-gyp nodejs/node#3320)
• 82d0ca1 Command Line: Added span around command and output (curl: (55) Send failure: Broken pipe error nodejs/node#3312)
• 2cc4660 Core: Added better error message for missing grammars (Investigate flaky test test-fs-symlink nodejs/node#3311)
• 3f8cc5a Added UO Razor Script (test: update test-npm to use absolute paths for tmp/cache/prefix nodejs/node#3309)
• bcb2e2c AutoIt: Allow hyphen in directive (test: update test-npm to work with npm 3 nodejs/node#3308)
• deb3a97 INI: Swap out `header` for `section` (test: remove util properties from common nodejs/node#3304)
• e46501b editorconfig: Change alias of `section` from `keyword` to `selector` (net: don't throw on bytesWritten access nodejs/node#3305)
• 2eb89e1 Swap out `operator` for `punctuation` (Node Debugger Should Make IP Address Configurable nodejs/node#3306)
• 3a20bdc Bump node-fetch from 2.6.1 to 3.1.1 (Expose up-to-date list of builtin modules nodejs/node#3307)
• 081d515 Bump copy-props from 2.0.4 to 2.0.5 (stream: avoid unnecessary concat of a single buffer. nodejs/node#3300)
• b90e97c Bump follow-redirects from 1.13.1 to 1.14.7 (deps: upgrade LTS to npm 2.14.7 nodejs/node#3299)
• 8458c41 MongoDB: Added v5 support (.parent and .offset of Buffer and SlowBuffer .prototype throw an exception when accessed nodejs/node#3297)
• 441a142 Scala: Added support for interpolated strings (Debug mode tests nodejs/node#3293)
• 0b6b1e2 1.26.0
• 3ae61a8 Updated changelog for v1.26.0 (Proposal: crypto: Make the digest parameter required for pbkdf2. nodejs/node#3292)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn