[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • hadoop-ozone/recon/src/main/resources/webapps/recon/ozone-recon-web/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	/1000 Why?	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	/1000 Why?	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	459/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	/1000 Why?	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	/1000 Why?	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	/1000 Why?	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	446/1000 Why? Recently disclosed, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	/1000 Why?	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 58 commits.

• 0d87655 Releasing 0.20.0
• cd27741 Updating changelog for 0.20.0 release
• ffea034 Releasing 0.20.0-0
• fe147fb Updating changlog for 0.20.0 beta release
• 16aa2ce Fixing response with utf-8 BOM can not parse to json (HDDS-5442. Datanode HTTP server fails to start in ozonesecure due to wrong keytab name apache/ozone#2419)
• c4300a8 Adding support for URLSearchParams in node (HDDS-4798. Check before updating container's BCSID apache/ozone#1900)
• bed6783 add table of content (preview) (HDDS-6270. Use a dedicated file instead of /etc/passwd for xcompat acceptance test apache/ozone#3050)
• c70fab9 Fix stale bot config (HDDS-6244. ContainerBalancer metrics don't show updated values in JMX apache/ozone#3049)
• 5b08fc4 Add days and change name to work (HDDS-6252. Datanode Chunk Validator fails on encountering EC pipeline apache/ozone#3035)
• 1768c23 Update close-issues.yml (HDDS-6182 Basic framework for Client and OM versioning apache/ozone#3031)
• 3dbf6a1 Add GitHub actions to close stale issues/prs (HDDS-6239. ozonesecure-mr failing with No URLs in mirrorlist apache/ozone#3029)
• a9010e4 Add GitHub actions to close invalid issues (HDDS-6228. Update config keys for open key cleanup service apache/ozone#3022)
• 36f0ad2 Replace 'blacklist' with 'blocklist' (HDDS-6172: EC: Document the Ozone EC apache/ozone#3006)
• 0d69a79 Refactor mergeConfig without utils.deepMerge (HDDS-5980. [S3- TDE] Get on a key which is overwrite through MPU on a TDE bucket, the data does not match with uploaded data. apache/ozone#2844)
• 4879416 Allow unsetting headers by passing null ([Snyk] Upgrade org.apache.ratis:ratis-grpc from 2.4.2-8b8bdda-SNAPSHOT to 2.5.0 #382) (HDDS-4746. Fix delete container occurs unknown command type. apache/ozone#1845)
• 4b3947a Add test with Node.js 12 (HDDS-4474. [Ozone-Streaming] Use WriteSmallFile to write small file. apache/ozone#2860)
• 0077205 Adding console log on sandbox server startup (HDDS-5178. Update project information of Contribution guideline apache/ozone#2210)
• ee46dff docs(): Detailed config options environment. (HDDS-3752. Patch for o3fs issue with not listing bucket contents WITHOUT trailin… apache/ozone#2088)
• 17a6886 Include axios-data-unpacker in ECOSYSTEM.md (HDDS-5023. Datanodes should always use MLV 0 when no VERSION file is present. apache/ozone#2080)
• 3f2ef03 Allow opening examples in Gitpod (HDDS-4861. [SCM HA Security] Implement generate SCM certificate. apache/ozone#1958)
• f3cc053 Fixing overwrite Blob/File type as Content-Type in browser. (HDDS-4219. Revisit 'static' nature of OM Layout Version Manager. apache/ozone#1773)
• f2b478f Revert "Fixing default transformRequest with buffer pools (HDDS-4123. Integrate OM Open Key Cleanup Service Into Existing Code apache/ozone#1511)" (HDDS-4190. Intermittent failure in TestOMVolumeSetOwnerRequest and TestOMVolumeSetQuotaRequest. apache/ozone#2982)
• d35b5b5 Remove axios.all() and axios.spread() from Readme.md (HDDS-5805. remove containerStateManager V1 code apache/ozone#2727)
• 6d36dbe Update README.md (HDDS-5385. [FSO] Remove ozone.om.metadata.layout config in OM apache/ozone#2887)

See the full diff

Package name: react-scripts

The new version differs by 238 commits.

• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (#11717)
• 657739f chore(test): make all tests install with `npm ci` (#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 69321b0 Remove cached lockfile (#11706)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
• c7627ce Update webpack and dev server (#11646)
• f85b064 The default port used by `serve` has changed (#11619)
• 544befe Update package.json (#11597)
• 9d0369b Fix ESLint Babel preset resolution (#11547)
• d7b23c8 test(create-react-app): assert for exit code (#10973)
• 1465357 Prepare 5.0.0 alpha release
• 3880ba6 Remove dependency pinning (#11474)
• 8b9fbee Update CODEOWNERS
• cacf590 Bump template dependency version (#11415)
• 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
• 50ea5ad allow CORS on webpack-dev-server (#11325)
• 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
• 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
• 134cd3c Resolve dependency issues in v5 alpha (#11294)
• b45ae3c Update CONTRIBUTING.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic