[Snyk] Fix for 6 vulnerabilities

[misike12]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-NEXT-2405694	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NODEFETCH-2964180	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: got

The new version differs by 8 commits.

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport add update index.md github/docs#1543: Initialize globalResponse in case of ignored HTTPError (x github/docs#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (Vcc.com github/docs#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (rohittravels.md github/docs#1739)

See the full diff

Package name: next

The new version differs by 250 commits.

• 8545fd1 v12.1.0
• 1605f30 v12.0.11-canary.21
• 69aedbd Fix typo (Fix typos in Creating Diagrams github/docs#34480)
• f0f322c Remove deprecation for relative URL usage in middlewares (Dev github/docs#34461)
• d4d79b2 Fix chunk buffering for server components (https://github.com/rayhanremoon/-github.git github/docs#34474)
• 74fa4d4 update webpack (Revert "Repo sync" github/docs#34477)
• b70397e Revert "Allow reading request bodies in middlewares (Update basic-writing-and-formatting-syntax.md.freeanjeel github/docs#34294)" (Repo sync github/docs#34479)
• 4202011 Update font-optimization test snapshot (Repo sync github/docs#34478)
• 1edd851 Allow reading request bodies in middlewares (Update basic-writing-and-formatting-syntax.md.freeanjeel github/docs#34294)
• ba78437 fix: don't wrap `profile` in firebase example (afzatipu github/docs#34457)
• f3c3810 Remove hello world RSC example. (Repo sync github/docs#34456)
• 49da8c0 v12.0.11-canary.20
• 2264d35 Fix `.svg` image optimization with a `loader` prop (Repo sync github/docs#34452)
• 59714db Update server-only changes HMR handling (Repo sync github/docs#34298)
• d288d43 Update MDX Guide config example (Repo sync github/docs#34405)
• 54dbeb3 update webpack (Repo sync github/docs#34444)
• 9b38ffe Update 2.example_bug_report.yml
• 86aac3f Update 1.bug_report.yml
• 732b405 v12.0.11-canary.19
• 01524ef Revert swc css bump temporarily (Repo sync github/docs#34440)
• 8a55612 Add image config for `dangerouslyAllowSVG` and `contentSecurityPolicy` (Delete content/authentication/keeping-your-account-and-data-secure/to… github/docs#34431)
• 9639fe7 Ensure we don't poll page in development when notFound: true is returned (Rename index.md to index.md github/docs#34352)
• 7e93a89 Update 2.example_bug_report.yml
• d88793d feat: improve opening a new issue flow (Ftj github/docs#34434)

See the full diff

Package name: node-fetch

The new version differs by 46 commits.

• 2880238 fix: ReDoS referrer (Behance github/docs#1611)
• e87b093 fix(Headers): don't forward secure headers on protocol change (Amazoncloud.tv github/docs#1599)
• bcfb71c chore: remove triple-slash directives from typings (repo sync github/docs#1285) (sudo-mode.md github/docs#1287)
• 95165d5 fix spelling (Don't specify registry specific path github/docs#1602)
• 11b7033 fix: possibly flaky test (add recent localization contributors**1 github/docs#1523)
• 4f43c9e fix: always warn Request.data ([email protected] github/docs#1550)
• 1c5ed6b fix: undefined reference to response.body when aborted (repo sync github/docs#1578)
• a92b5d5 fix: use space in accept-encoding values (Webpage github/docs#1572)
• 0f122b8 docs: fix formdata code example (Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. github/docs#1562)
• 6ae9c76 docs(readme): response.clone() is not async (Favicon might be invisible github/docs#1560)
• 043a5fc Fix leaking listeners (repo sync github/docs#1295) (repo sync github/docs#1474)
• 004b3ac fix: don't uppercase unknown methods (Update configuring-docker-for-use-with-github-packages.md github/docs#1542)
• c33e393 Fix Code of Conduct link in Readme. (Sk_live github/docs#1532)
• 6875205 docs: Fix link markup to Options definition (Instruction list being repeated thrice. github/docs#1525)
• 6425e20 fix: handle bom in text and json (repo sync github/docs#1482)
• a4ea5f9 fix: add missing formdata export to types (Rename contributing/localization-checklist.md to contributing/massto/… github/docs#1518)
• 61b3b5a fix: cancel request example import (Update about-pull-requests.md github/docs#1513)
• 5e78af3 Replace changelog with valid url (Fix typo github/docs#1506)
• 9014db7 types: support `agent: false` (Include work around for wildcards in HTTP Proxy Exclusion list on GHES github/docs#1502)
• 2e1f3a5 chore: fix typo in credential error message (Suggest to avoid "Master branch" instead of "Default branch" github/docs#1496)
• 4ce2ce5 docs(readme): fix typo (Update githubs-products.md github/docs#1489)
• ba23fd2 docs: remove the changelog (repo sync github/docs#1464)
• 8fedc1b core: move support and feature to discussion (repo sync github/docs#1471)
• 0b43b9f docs: update formdata example (repo sync github/docs#1465)

See the full diff

Package name: pa11y-ci

The new version differs by 12 commits.

• efad302 Fix minimum node version in README
• 28f161a Version 3.0.0
• 52fd274 Fix error with absolute paths on Windows (Update "Securing Your Webhooks" to prefer X-Hub-Signature-Sha-256 header github/docs#82)
• 6b2d4f5 Replace chalk with kleur
• 4e5bc51 use https where possible
• 5c842cf Add support for reporters (GitHub App Guide typo github/docs#129)
• 40ba01a Replace make with npm scripts and update Node versions (Use operationId for #anchor tags of REST API endpoint titles github/docs#139)
• 1374cd7 Bump deps to match versions used by pa11y v6
• fb86a33 Update test matrix to LTS node (12, 14, 16)
• edabbeb Update package lock
• e5dbbc7 Replace chalk with kleur
• 96a3882 Chance concurrency and incognito mode defaults

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn