[Snyk] Fix for 23 vulnerabilities

[sanyamason]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	449/1000 Why? Has a fix available, CVSS 4.7	Open Redirect SNYK-JS-NEXT-1540422	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	Yes	Proof of Concept
	590/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	Yes	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 41 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: easy-peasy

The new version differs by 15 commits.

• d84b418 Bumps version
• 68fdfff Upgrades dependencies
• f24ab25 Upgrades dev deps
• 8e9ea4f Minor name fix in Thunk docs (Unable to sign in thedevs-network/kutt#635)
• 3f632a0 Fixing broken link (timeout zombie process thedevs-network/kutt#643)
• 618b360 Fix the typo in the action example (chore(deps): bump next from 9.4.4 to 12.1.0 thedevs-network/kutt#650)
• a53dfa2 Remove fast-memoize from docs (Delete Dockerfile thedevs-network/kutt#663)
• 6c90492 Bump elliptic from 6.5.3 to 6.5.4 (Signup has been disabled temporarily thedevs-network/kutt#692)
• 14a20fe Bump browserslist from 4.16.1 to 4.16.8 (login/signup through mail  thedevs-network/kutt#691)
• d85916d Bump ws from 7.3.1 to 7.5.3 (Custom Domain Shows 404/500 Error on Shortend Link thedevs-network/kutt#690)
• cefe614 useLocalStorage: Recreate store if dependencies change (index.tsx: Homepage redirecting to /login when DISALLOW_ANONYMOUS_LINKS is enabled thedevs-network/kutt#685)
• 8fce26b Upgrades dependencies
• 8640563 Fixes docs per PR Sanitize neo4j password thedevs-network/kutt#558
• 444396f Upgrades dependencies, removes previously broken TS comment
• ea98660 Updates dependencies

See the full diff

Package name: envalid

The new version differs by 11 commits.

• 0f8f2a7 6.0.2
• 83f08e8 Update node versions to test on travis (drop 8.x, add 14.x)
• 25ee520 Dependency updates
• 57ddb3b More dependency updates
• 3862f8d Bump acorn from 7.1.0 to 7.1.1 (Add new 3rd Party API packages to README thedevs-network/kutt#119)
• 0412fd6 Improve spec types with generics (Verificate old users thedevs-network/kutt#118)
• 9164e4d Change JSON validator type to allow for stricter types ([docs] Fix in README thedevs-network/kutt#117)
• 3413603 6.0.1
• a55cec8 TS definitions: stricter return type for makeValidator (Add ruby library thedevs-network/kutt#114)
• 5fd76f1 chore: update minimum node version in readme
• 60bab04 Change spec types to allow ReadonlyArray choices (Add CLI client to readme thedevs-network/kutt#112)

See the full diff

Package name: express-validator

The new version differs by 27 commits.

• cd4136e 6.5.0
• 612e2d9 Don't modify requests if oneOf chain didn't succeed (#877)
• 7595c94 chain: comment out isDate for now
• 8b604af chain: add missing methods to Validators interface
• ab6ffe4 npm: upgrade validator to 13.0.0 (#874)
• 29374cb 6.4.1
• 70af46e npm: audit fix dependencies
• efbfe3a Only consider . to be special char for now
• 42819ae npm: update dependencies
• 7736384 Remove console.log
• 3814c0a Fix use of special chars in selectors
• 0c450a9 docs: fix... typo? (#842)
• 246f2ea docs: improve wording in matchedData page (#846)
• 6123155 docs: improve wording in whole-body validation (#845)
• 3124129 docs: fix typo in schema validation and improve wording (#844)
• d85b368 docs: fix verb tense in the custom validator page (#841)
• 19531ec docs: fix verb tense in the validationResult page (#847)
• f868e23 docs: small fixes in the wildcard feature (#843)
• 31d73c2 npm: add build script
• 008a0ae docs: migrate usages of sanitize to check
• 4bbe421 6.4.0
• acb2ad7 npm: run docs:build before git add on versioning
• 5e293cf Compile TS to ES2017 (#826)
• 0163461 npm: upgrade a few packages (#825)

See the full diff

Package name: next

The new version differs by 250 commits.

• 99abb8b v12.0.2
• 9828790 v12.0.2-canary.14
• 39283f1 Update swc (#30685)
• 02e0dbc v12.0.2-canary.13
• 8a6307f Remove isCommonJS check as it has been moved to next-swc (#30677)
• 622a1a5 Provide default fallback _document and _app for for concurrent mode (#30642)
• c12ae5e correct Next.js 11 upgrade instructions (#30665)
• 90fad00 v12.0.2-canary.12
• 4ada314 Add auto-commonjs and update swc (#30661)
• d8cb8c5 Fixed "Expected jsx identifier" error on TypeScript generics & angle bracket type assertions in .ts files (#30619)
• d7d1a05 Ensure native binary is available for release stats (#30649)
• 77e1565 remove Object.fromEntries polyfill for node 10 in test utils (#30657)
• 48874f1 Fix missing dev option for the middleware SSR loader (#30639)
• c730f73 v12.0.2-canary.11
• 18a3991 Fix check compiled step (#30645)
• 097fb3c Revert incremental config to fix missing types (#30644)
• aa70f46 v12.0.2-canary.10
• 599081a Update output tracing to do separate passes (#30637)
• f363cc8 update webpack (#30634)
• b5a8916 Chore/rust workflow (#30577)
• c03e284 make sure "webpack" exists in the repo for typings (#30371)
• c53eaac v12.0.2-canary.9
• 142af81 Relax warning for `next/image` loader width even more (#30624)
• 842a130 Update to latest shell-quote (#30621)

See the full diff

Package name: nodemailer

The new version differs by 50 commits.

• 7e02648 v6.6.1
• 1750c0f v6.6.0
• 0636d58 Merge branch 'master' of github.com:nodemailer/nodemailer
• 058d414 v6.6.0
• fcb0d1f test: 💍 aws ses SDK v3 support
• 2ef39e3 test: 💍 aws ses connection verification
• 6107585 fix: 🐛 ses verify, add support for v3 API
• bf57cf5 Fixes resolveContent with streams overriding data
• 91108d7 v6.5.0
• 87d9b25 Pass through textEncoding to subnodes.
• 271f91b Update index.js
• 9b5fb94 v6.4.18
• 625a9ed Update README.md
• 1d24d8b docs: added rudimentary sponsor quote block
• a455716 Added OhMySMTP to services
• 6e045d1 v6.4.17
• ba31c64 v6.4.16
• 7e7b2b2 v6.4.15
• fca2041 Update CHANGELOG.md
• b4ccfa3 Oups
• 24b93bf Add ethereal.email to well-known/services.json
• 0f132fa doc: make the code a little more accessible with some code comments.
• 1815bad v6.4.14
• dd26ddd v6.4.13

See the full diff

Package name: passport

The new version differs by 100 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• 17111d7 Add option to keep session data on logout.
• a349c2b Add option to keep session data.
• e69834e Add optional options to login and logout.
• 8825a9a Add tests.
• c1991cf Add tests.
• 294f22c Better session detection and exceptions.
• 80cc4e3 Add tests.
• 3001654 Add tests.
• b395106 Clean up tests.
• cfa8259 Add tests.
• ee0bf81 Add tests.
• cc7606c Add tests.
• 71c54f6 Add test.
• 88c1f1b Handle logout without session manager.

See the full diff

Package name: recharts

The new version differs by 250 commits.

• 3115b4d build 2.1.3
• 6f2551e fix: Customized component has no key (#2637)
• f5b8414 Fix XAxis scale propery type (#2641)
• ae02a4d Update README.md (#2649)
• 9aba237 build 2.1.2
• 300f726 Fix fragment children (#2481)
• 2805e0b fixes undefined field reference when optional variables not supplied (#2630)
• 89f3232 build 2.1.1
• c3381af fix: responsive container (#2622)
• 213d4a9 fix: fix format
• 8da1b74 build 2.1.0
• 2093a6b Wrap ResponsiveContainer with forwardRef (#2612)
• 281ea48 Add chart type to tooltip payload (#2599)
• 857663f Fix for recharts issue #1787 (#2604)
• af948a7 build 2.0.10
• 40a18f8 fix: show scatter chart tooltip cross cursor (#2592)
• 94e5808 Update Bar.tsx (#2582)
• e91fad3 Merge pull request #2516 from ckotyan/patch-1
• d857b4e Merge pull request #2512 from andy128k/patch-1
• e90a4e1 Merge pull request #2477 from bsell93/patch-1
• 8340d63 Merge pull request #2457 from anselmpaul/master
• 35840a0 Passthrough position attribute on createLabeledScales
• a0ab49c Fix barchart for a single data point
• d0b5781 allow automated axis padding for "gap" and "no-gap"

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn