[Snyk] Fix for 12 vulnerabilities

[kampana]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • reactSite/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-OPEN-174041	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Arbitrary Command Injection npm:open:20180512	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request #5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request #5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• ff2874f chore(release): 3.1.11
• b3217ca fix: check origin header for websocket connection (#1603)
• 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
• fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
• 7a3a257 fix(package): update `spdy` v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
• 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
• 55398b5 fix(bin/options): correct check for color support (`options.color`) (#1555)
• 927a2b3 fix(Server): correct `node` version checks (#1543)
• fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
• fe3219f chore(release): 3.1.10
• c12def3 fix(Server): set `tls.DEFAULT_ECDH_CURVE` to `'auto'` (#1531)
• e719959 fix(package): update `sockjs-client` v1.1.5...1.3.0 (`url-parse` vulnerability) (#1537)
• d2f4902 fix(options): add `writeToDisk` option to schema (#1520)
• bb484ad chore(release): 3.1.9
• 8b8b087 chore(package): update `webpack-dev-middleware` v3.3.0...3.4.0 (`dependencies`)
• d0725c9 chore(package): update `webpack-dev-middleware` v3.2.0...3.3.0 (`dependencies`) (#1499)
• cbe6813 refactor(package): cross-platform `prepare` script (`scripts`) (#1498)
• 3d37cc5 chore(release): 3.1.8
• 8fb67c9 fix(package): `yargs` security vulnerability (`dependencies`) (#1492)
• b9d11ca docs: fix typos (#1487)
• 7a6ca47 fix(utils/createLogger): ensure `quiet` always takes precedence (`options.quiet`) (#1486)
• 065978f chore(package): update `import-local` v1.0.0...2.0.0 (`dependencies`) (#1484)
• f37f0a2 chore(release): 3.1.7
• 2d35287 style(utils/addEntries): cleaner variable naming (#1478)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn