[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 111 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request Fixes #1190 github/docs#1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request Fix the table overflowing sidebar github/docs#1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request Improve documentation issue no #1034 github/docs#1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request repo sync github/docs#1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request calebromadan token contribution github/docs#1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request repo sync github/docs#1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (Seo github/docs#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 ([GitHub Desktop] Update preference/options menu github/docs#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (Affan0078 github/docs#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (https://www.google.com/url?sa=t&source=web&rct=j&url=https://github.c… github/docs#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (Update githubs-products.md github/docs#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (This issue is stale because it has been open 60 days with no activity. github/docs#3542)

See the full diff

Package name: eslint

The new version differs by 33 commits.

• 145aec1 7.16.0
• 83518a5 Build: changelog update for 7.16.0
• a62ad6f Update: fix false negative of no-extra-parens with NewExpression (Delete README.md github/docs#13930)
• f85b4c7 Fix: require-atomic-updates false positive across await (fixes Gh-sot github/docs#11954) (Update keyboard shortcuts to meet new style guidelines github/docs#13915)
• 301d0c0 Fix: no-constant-condition false positives with unary expressions (Frostie'$/bitore.sig github/docs#13927)
• 555c128 Fix: false positive with await and ** in no-extra-parens (fixes #12739) (Update basic-writing-and-formatting-syntax.md github/docs#13923)
• d93c935 Docs: update JSON Schema links (Ku.yml github/docs#13936)
• 8d0c93a Upgrade: [email protected] (Update index.md github/docs#13920)
• 9247683 Docs: Remove for deleted npm run profile script (#13931)
• ab240d4 Fix: prefer-exponentiation-operator invalid autofix with await (Update index.md github/docs#13924)
• dc76911 Chore: Add .pre-commit-hooks.yaml file (#13628)
• 2124e1b Docs: Fix wrong rule name (Update keyboard shortcut to meet new style guidelines github/docs#13913)
• 06b5809 Sponsors: Sync README with website
• 26fc12f Docs: Update README team and sponsors
• 902a032 7.15.0
• 6356778 Build: changelog update for 7.15.0
• 5c11aab Upgrade: @ eslint/esintrc and espree for bug fixes (refs Update keyboard shortcuts to meet the new GitHub content style guide github/docs#13878) (Update keyboard shortcuts to meet new style guidelines github/docs#13908)
• 0eb7957 Upgrade: [email protected] (Update self-review.md github/docs#13877)
• 683ad00 New: no-unsafe-optional-chaining rule (fixes Tr726kls github/docs#13431) (Nate/repos/octocat/Hello-World/issues/1347 github/docs#13859)
• cbc57fb Fix: one-var autofixing for export (fixes Rename environment-variables.md to environment-variables.md to my Acc… github/docs#13834) (Update keyboard shortcuts to meet the new GitHub content style guide github/docs#13891)
• 110cf96 Docs: Fix a broken link in working-with-rules.md (Update link-check-all.yml github/docs#13875)
• 0cb81a9 7.14.0
• fb3a594 Build: changelog update for 7.14.0
• 5f09073 Update: fix 'skip' options in no-irregular-whitespace (fixes Update github-developer-program.md github/docs#13852) (C3sarwiew github/docs#13853)

See the full diff

Package name: husky

The new version differs by 58 commits.

• b9a0917 4.3.7
• 839d84a update pkg-dir dependency and some devDependencies
• 6a1b3da Upgrade find-versions to 4.0.0 (<SEC-DOCUMENT>9999999995-20-002969.txt : 20201027 <SEC-HEADER>9999999… github/docs#837)
• cbb0af7 4.3.6
• eb1eeb8 fix prepare-commit-msg on windows (fix endpoints-available-for-github-apps page github/docs#737)
• 65bc6e5 Update README.md
• cbd0e06 add prepare-commit-msg test
• 992c1e0 4.3.5
• 642af0c rollback do not exit with 1 if install fails
• ccb71b2 Update README.md
• 3c43bd5 4.3.4
• 1e1b289 update error message
• b29ee2b 4.3.3
• fd0233e ignore tsconfig.tsbuildinfo
• a5f1259 4.3.2
• 41472b7 provide workaround for npm7
• 6dc9a51 4.3.1
• 033a2ae exit with 1 if husky fails to install/uninstall
• 38a7163 update gitignore
• eff9aa3 Update README.md
• b616d84 Changed create-react-app repo url (Gh github/docs#759)
• bb0c414 Update README.md
• b05e72f Update node.js.yml
• 44e02bd Update node.js.yml

See the full diff

Package name: lodash

The new version differs by 1 commits.

• c6e281b Bump to v4.17.21

See the full diff

Package name: node-fetch

The new version differs by 7 commits.

• 1ef4b56 backport of Lukáš  github/docs#1449 (repo sync github/docs#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (repo sync github/docs#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (Adding your SSH key to the ssh-agent still shows "$ ssh-add ~/.ssh/id_rsa" when it should show "$ ssh-add ~/.ssh/id_ed25519" github/docs#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (Add new example to Actions Code examples github/docs#1303)
• 18193c5 fix v2.6.3 that did not sending query params (Update about-custom-domains-and-github-pages.md github/docs#1301)
• ace7536 fix: properly encode url with unicode characters (Update and rename content/github/collaborating-with-issues-and-pull-r… github/docs#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (repo sync github/docs#1274)

See the full diff

Package name: start-server-and-test

The new version differs by 4 commits.

• ab5aa14 fix(deps): update dependency wait-on to v5.2.1
• 0d91ce9 fix(deps): update dependency debug to v4.3.1
• 0d3d11e fix: handle case when not running in a nodejs module dir ([Snyk] Security upgrade node from 18.19.1-alpine to 18.20.0-alpine #284)
• 6a72aa7 fix(deps): update dependency debug to v4.2.0

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (Is it possible to migrate an OAuth app to Github app without asking users to re-authenticate? github/docs#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests ($fuckchrisknight 041215663 1318664565848 github/docs#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (content/rest/index.mdUpdate index.md github/docs#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Improve docs to be more explanatory github/docs#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Explain how to use environment variables in a test matrix github/docs#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (Explain how to use environment variables in a test matrix github/docs#1254)
• a7cba2f chore: project maintanance and typescript fix (repo sync github/docs#1247)
• 7748472 chore: ignore package-lock.json and remove its references (Remove extraneous grammar period which breaks the compare URL github/docs#1252)
• a014aa7 docs: fix supported arguments & commands link in README (Dashboard github/docs#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (repo sync github/docs#1238)
• 6cc6a49 chore: post refactor CLI (Update restriction github/docs#1237)
• 358651e chore: move cli under lerna package (Update about-the-dependency-graph.md github/docs#1225)
• 2dc495a fix(init): fix webpack config scaffold (Avoid use branch for example workflows github/docs#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (repo sync github/docs#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (SystemformNuch1991 github/docs#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (Fix the table overflowing sidebar github/docs#1234)
• 35d1381 tests(generator): enable init generator test (index.md github/docs#1233)
• 66cdcb6 chore(generator): remove transpiled tests (Fixes #1190 github/docs#1229)
• f29a170 fix(init): fix the invalid package name (Issue: Improve existing docs github/docs#1228)
• 8c3a66d chore(cli): updated changelog of v3 (Add note that secret scanning endpoints should be able to handle larg… github/docs#1224)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)