[Snyk] Fix for 7 vulnerabilities

[zwongstjude]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Improper Encoding or Escaping of Output SNYK-JS-KATEX-6483831	No	No Known Exploit
	561/1000 Why? Recently disclosed, Has a fix available, CVSS 5.5	Incomplete List of Disallowed Inputs SNYK-JS-KATEX-6483834	No	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483835	No	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Unchecked Input for Loop Condition SNYK-JS-KATEX-6483836	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (#852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (#851)
• 7e6a86b Upload OpsLevel YAML (#849)
• 74d5719 docs: update references vercel/ms references (All ChatGPT Web struggle to log in, and Gemini Web struggles to answer. josStorer/chatGPTBox#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (Make all the "Selection Tools" functions optional and configurable josStorer/chatGPTBox#754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (Right-click "Open Side Panel" feature not working. josStorer/chatGPTBox#704)
• 88cb9df Replace tilde-indexOf with includes (希望可以添加多个自定义模型 josStorer/chatGPTBox#647)
• a6235fa Adds not to README on decoded payload validation (extension has snot worked for nearly 2 weeks josStorer/chatGPTBox#646)
• 5ed1f06 docs: fix tiny style change in readme (Feature request: option to disable selection tools josStorer/chatGPTBox#622)
• 9fb90ca style: add missing semicolon (getCoreContentText for any websites using mozilla/readability josStorer/chatGPTBox#641)
• a9e38b8 ci: use circleci (Support for MyAnimeList forums. josStorer/chatGPTBox#589)

See the full diff

Package name: katex

The new version differs by 16 commits.

• ab32359 chore(release): 0.16.10 [ci skip]
• fc5af64 fix: force protocol to be lowercase for better protocol filtering
• 085e21b fix: maxExpand limit with Unicode sub/superscripts
• e88b4c3 fix: \edef bypassing maxExpand via exponential blowup
• c5897fc fix: escape \includegraphics src and alt
• 5677f37 chore: fix some typos (#3936)
• d9640f1 chore(deps): update dependency json-stable-stringify to v1.1.1 [skip netlify] (#3885)
• 9a1f2f2 chore(deps): update dependency css-loader to v6.10.0 [skip netlify] (#3887)
• 1851860 chore(deps): update dependency cssnano to v5.1.15 [skip netlify] (#3883)
• e69d8b1 chore(deps): update dependency browserslist to v4.23.0 [skip netlify] (#3886)
• 3208440 chore(deps): update dependency @ semantic-release/changelog to v6.0.3 [skip netlify] (#3882)
• 58f2435 chore(deps): update dependency got to v11.8.6 [skip netlify] (#3884)
• 8910f16 chore: upgrade to Yarn 4.1.1 and Node 20 in CI (#3934)
• 3d5de92 docs(users): add bearbei (#3897)
• e89f5d7 chore(deps): update dependency caniuse-lite to v1.0.30001550 [skip netlify] (#3881)
• effb102 chore(deps): update dependency postcss to v8.4.31 [security] (#3871)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication
🦉 Use of a Broken or Risky Cryptographic Algorithm