[Snyk] Fix for 10 vulnerabilities

[lilmoonlil]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-LIQUIDJS-2952868	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-NEXT-2405694	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express

The new version differs by 30 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: [email protected]
• a007863 deps: [email protected]
• e98f584 Revert "build: use [email protected] for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use [email protected] for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: [email protected]
• 43cc56e build: clean up gitignore
• 1c7bbcc build: [email protected]
• 9cbbc8a deps: [email protected]
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: got

The new version differs by 8 commits.

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport add update index.md github/docs#1543: Initialize globalResponse in case of ignored HTTPError (x github/docs#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (Vcc.com github/docs#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (rohittravels.md github/docs#1739)

See the full diff

Package name: liquidjs

The new version differs by 250 commits.

• 9b9ef37 chore(release): 10.0.0 [skip ci]
• 5bbdc08 chore(deps): bump minimatch from 3.0.4 to 3.1.2
• 1380ac9 refactor: more consistent tags to make it easier to iterate over, link "markup reference guide" is broken or missing github/docs#524
• 4e1a30a refactor: `_evalToken` renamed to `evalToken`
• 9299268 refactor: Tag class support in registerTag()
• 1f6ce7c perf: target Node.js 14 for cjs bundle (main entry)
• 7eb6216 refactor: change `ownPropertyOnly` default value to `true`
• ffefd91 refactor: remove `toThenable` export
• b115077 refactor: remove use of internal `Context` class in `evalValue` argument
• bb58d3e refactor: delay creation of `operatorsTrie` and hide this implementation
• ff112a4 chore: rename filters to snake style, docs: add Protectator as a contributor github/docs#487
• 907c4de chore(release): 9.43.0 [skip ci]
• 7a71485 feat: support timezone offset argument for date filter, Update https-cloning-errors.md github/docs#553
• cd918cc chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /docs
• 8061e55 docs: fix tags sidebar translation
• 33e97db docs: update .all-contributorsrc [skip ci]
• 9cfc8fd docs: update README.md [skip ci]
• f62b210 docs: add echo and liquid tags Chinese translation (Incorrect type for labels parameter: "array of undefineds" github/docs#549)
• bf6b5c7 chore(release): 9.42.1 [skip ci]
• a58fe44 chore(deps): bump minimist and hexo-renderer-swig in /docs
• 99516cb chore(deps): bump semver-regex from 2.0.0 to 3.1.4
• 850ab0c chore(deps): bump ansi-regex from 3.0.0 to 3.0.1
• 33c7c8f docs: demo for using LiquidJS with webpack
• 32f613f fix: truncatewords should use at least one word, update github/docs#537

See the full diff

Package name: next

The new version differs by 250 commits.

• 8545fd1 v12.1.0
• 1605f30 v12.0.11-canary.21
• 69aedbd Fix typo (Fix typos in Creating Diagrams github/docs#34480)
• f0f322c Remove deprecation for relative URL usage in middlewares (Dev github/docs#34461)
• d4d79b2 Fix chunk buffering for server components (https://github.com/rayhanremoon/-github.git github/docs#34474)
• 74fa4d4 update webpack (Revert "Repo sync" github/docs#34477)
• b70397e Revert "Allow reading request bodies in middlewares (Update basic-writing-and-formatting-syntax.md.freeanjeel github/docs#34294)" (Repo sync github/docs#34479)
• 4202011 Update font-optimization test snapshot (Repo sync github/docs#34478)
• 1edd851 Allow reading request bodies in middlewares (Update basic-writing-and-formatting-syntax.md.freeanjeel github/docs#34294)
• ba78437 fix: don't wrap `profile` in firebase example (afzatipu github/docs#34457)
• f3c3810 Remove hello world RSC example. (Repo sync github/docs#34456)
• 49da8c0 v12.0.11-canary.20
• 2264d35 Fix `.svg` image optimization with a `loader` prop (Repo sync github/docs#34452)
• 59714db Update server-only changes HMR handling (Repo sync github/docs#34298)
• d288d43 Update MDX Guide config example (Repo sync github/docs#34405)
• 54dbeb3 update webpack (Repo sync github/docs#34444)
• 9b38ffe Update 2.example_bug_report.yml
• 86aac3f Update 1.bug_report.yml
• 732b405 v12.0.11-canary.19
• 01524ef Revert swc css bump temporarily (Repo sync github/docs#34440)
• 8a55612 Add image config for `dangerouslyAllowSVG` and `contentSecurityPolicy` (Delete content/authentication/keeping-your-account-and-data-secure/to… github/docs#34431)
• 9639fe7 Ensure we don't poll page in development when notFound: true is returned (Rename index.md to index.md github/docs#34352)
• 7e93a89 Update 2.example_bug_report.yml
• d88793d feat: improve opening a new issue flow (Ftj github/docs#34434)

See the full diff

Package name: pa11y-ci

The new version differs by 12 commits.

• efad302 Fix minimum node version in README
• 28f161a Version 3.0.0
• 52fd274 Fix error with absolute paths on Windows (Update "Securing Your Webhooks" to prefer X-Hub-Signature-Sha-256 header github/docs#82)
• 6b2d4f5 Replace chalk with kleur
• 4e5bc51 use https where possible
• 5c842cf Add support for reporters (GitHub App Guide typo github/docs#129)
• 40ba01a Replace make with npm scripts and update Node versions (Use operationId for #anchor tags of REST API endpoint titles github/docs#139)
• 1374cd7 Bump deps to match versions used by pa11y v6
• fb86a33 Update test matrix to LTS node (12, 14, 16)
• edabbeb Update package lock
• e5dbbc7 Replace chalk with kleur
• 96a3882 Chance concurrency and incognito mode defaults

See the full diff

Package name: rss-parser

The new version differs by 26 commits.

• 74bdfd2 3.13.0
• 0413e12 Build distribution
• 2de2c40 Merge pull request . github/docs#247 from Arisamiga/master
• 3265b41 lockfileVersion 3 ->2 for backwards compatibility
• 986f163 Merge branch 'master' into master
• 861855f Merge pull request ui update support buttons github/docs#248 from rbren/rb/update-actions
• 49b7a41 Update node.js.yml
• 8e962eb Fix for dependency collision
• 46667c1 Updated Dependencies
• 4c1a0dc Merge pull request https://github.com/github/docs/issues/226#issue-716944332 github/docs#242 from d-line/master
• f76cc42 Merge pull request [Snyk] Security upgrade rss-parser from 3.12.0 to 3.13.0 #2 from d-line/node-bump
• e51b7be fix: use 3 most recent LTS releases in worklow
• 54ac781 Merge pull request [Snyk] Security upgrade debian from 9.5-slim to 11.6-slim #1 from d-line/tests-fix
• 12f3cd2 fix: carefully handle when 'rdf:about' is not there. regenerate test mocks
• e2e2f4d Merge pull request Licensing is unclear github/docs#203 from yuiseki/rdf-about
• b8cff02 Merge pull request Update configuring-network-settings.md github/docs#209 from drublic/master
• 697af31 Merge pull request Testing an issue automation! github/docs#200 from KevinFerm/patch-1
• 18dd399 Add field in item: episodeType on itunes data
• ef4f4a2 fix typo
• 67c3dbb add `rdf:about` field to item on `parseItemRss`
• 2e0244a Update index.d.ts
• 33a9a42 Merge pull request Update running-code-scanning-in-your-ci-system.md github/docs#195 from Booligoosh/patch-1
• f50421d Merge pull request Update exploring-the-dependencies-of-a-repository.md github/docs#196 from drublic/master
• af6a5ad Fix breakting keywords and categories if there are attributes `text`

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn