From c53a98ced63e52aa8585d33490b8db0dd9cbe229 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 2 Mar 2022 07:13:14 +0000
Subject: [PATCH] fix: webapp/package.json & webapp/package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-XMLDOM-1084960
---
 webapp/package-lock.json | 164 +++++++++++++++++++++++++++++----------
 webapp/package.json      |   2 +-
 2 files changed, 124 insertions(+), 42 deletions(-)

diff --git a/webapp/package-lock.json b/webapp/package-lock.json
index 8af9b10b49d..fca5a265ac6 100644
--- a/webapp/package-lock.json
+++ b/webapp/package-lock.json
@@ -15,7 +15,7 @@
 				"@fullcalendar/daygrid": "^5.10.0",
 				"@fullcalendar/interaction": "^5.10.0",
 				"@fullcalendar/react": "^5.10.0",
-				"@mattermost/compass-icons": "^0.1.10",
+				"@mattermost/compass-icons": "^0.1.22",
 				"@reduxjs/toolkit": "^1.6.0",
 				"color": "^4.0.0",
 				"draft-js": "^0.11.7",
@@ -1593,20 +1593,59 @@
 			}
 		},
 		"node_modules/@mattermost/compass-icons": {
-			"version": "0.1.19",
-			"resolved": "https://registry.npmjs.org/@mattermost/compass-icons/-/compass-icons-0.1.19.tgz",
-			"integrity": "sha512-lNDWdKwFUEmWL3GmLuCp0C2bEeFE5j4IEDAHoB7Ipz9SaIFP68s4Un2K8lwc+nXLAvrmJeV6IrlJx91UcyRiCw==",
+			"version": "0.1.22",
+			"resolved": "https://registry.npmjs.org/@mattermost/compass-icons/-/compass-icons-0.1.22.tgz",
+			"integrity": "sha512-/Fd5xkS+BiHoVffX+s8PCKvCXILmmsf0ibXfs3KEkUMEn2j6lP7XzFM/LBIkQy6R/ZUjWYBrpJxyXRj4ZptA6w==",
+			"dependencies": {
+				"esm": "3.2.25",
+				"fontello-batch-cli": "4.0.0",
+				"fontello-cli": "0.6.2",
+				"lodash": "4.17.21",
+				"needle": "3.0.0",
+				"open": "8.4.0",
+				"svgpath": "2.5.0",
+				"unzip": "0.1.11",
+				"xmldom": "0.6.0"
+			}
+		},
+		"node_modules/@mattermost/compass-icons/node_modules/debug": {
+			"version": "3.2.7",
+			"resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+			"integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
 			"dependencies": {
-				"esm": "^3.2.25",
-				"fontello-batch-cli": "^4.0.0",
-				"fontello-cli": "^0.6.2",
-				"lodash": "^4.17.21",
-				"needle": "^2.6.0",
-				"open": "^7.4.2",
-				"svgpath": "^2.3.1",
-				"typescript": "^4.4.4",
-				"unzip": "^0.1.11",
-				"xmldom": "^0.3.0"
+				"ms": "^2.1.1"
+			}
+		},
+		"node_modules/@mattermost/compass-icons/node_modules/needle": {
+			"version": "3.0.0",
+			"resolved": "https://registry.npmjs.org/needle/-/needle-3.0.0.tgz",
+			"integrity": "sha512-eGr0qnfHxAjr+Eptl1zr2lgUQUPC1SZfTkg2kFi0kxr1ChJonHUVYobkug8siBKMlyUVVp56MSkp6CSeXH/jgw==",
+			"dependencies": {
+				"debug": "^3.2.6",
+				"iconv-lite": "^0.4.4",
+				"sax": "^1.2.4"
+			},
+			"bin": {
+				"needle": "bin/needle"
+			},
+			"engines": {
+				"node": ">= 4.4.x"
+			}
+		},
+		"node_modules/@mattermost/compass-icons/node_modules/open": {
+			"version": "8.4.0",
+			"resolved": "https://registry.npmjs.org/open/-/open-8.4.0.tgz",
+			"integrity": "sha512-XgFPPM+B28FtCCgSb9I+s9szOC1vZRSwgWsRUA5ylIxRTgKozqjOCrVOqGsYABPYK5qnfqClxZTFBa8PKt2v6Q==",
+			"dependencies": {
+				"define-lazy-prop": "^2.0.0",
+				"is-docker": "^2.1.1",
+				"is-wsl": "^2.2.0"
+			},
+			"engines": {
+				"node": ">=12"
+			},
+			"funding": {
+				"url": "https://github.com/sponsors/sindresorhus"
 			}
 		},
 		"node_modules/@nodelib/fs.scandir": {
@@ -5823,6 +5862,14 @@
 				"node": ">=0.10.0"
 			}
 		},
+		"node_modules/define-lazy-prop": {
+			"version": "2.0.0",
+			"resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz",
+			"integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==",
+			"engines": {
+				"node": ">=8"
+			}
+		},
 		"node_modules/define-properties": {
 			"version": "1.1.3",
 			"resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz",
@@ -17541,9 +17588,9 @@
 			}
 		},
 		"node_modules/svgpath": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/svgpath/-/svgpath-2.3.1.tgz",
-			"integrity": "sha512-wNz6lCoj+99GMoyU7SozTfPqiLHz6WcJYZ30Z+F4lF/gPtxWHBCpZ4DhoDI0+oZ0dObKyYsJdSPGbL2mJq/qCg=="
+			"version": "2.5.0",
+			"resolved": "https://registry.npmjs.org/svgpath/-/svgpath-2.5.0.tgz",
+			"integrity": "sha512-o/vohwqjUO9nDAh4rcjE3KaW/v//At8UJu2LJMybXidf5QLQLVA4bxH0//4YCsr+1H4Gw1Wi/Jc62ynzSBYidw=="
 		},
 		"node_modules/symbol-observable": {
 			"version": "1.2.0",
@@ -18244,6 +18291,7 @@
 			"version": "4.4.4",
 			"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.4.tgz",
 			"integrity": "sha512-DqGhF5IKoBl8WNf8C1gu8q0xZSInh9j1kJJMqT3a94w1JzVaBU4EXOSMrz9yDqMT0xt3selp83fuFMQ0uzv6qA==",
+			"dev": true,
 			"bin": {
 				"tsc": "bin/tsc",
 				"tsserver": "bin/tsserver"
@@ -19273,10 +19321,9 @@
 			"dev": true
 		},
 		"node_modules/xmldom": {
-			"version": "0.3.0",
-			"resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.3.0.tgz",
-			"integrity": "sha512-z9s6k3wxE+aZHgXYxSTpGDo7BYOUfJsIRyoZiX6HTjwpwfS2wpQBQKa2fD+ShLyPkqDYo5ud7KitmLZ2Cd6r0g==",
-			"deprecated": "Deprecated due to CVE-2021-21366 resolved in 0.5.0",
+			"version": "0.6.0",
+			"resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.6.0.tgz",
+			"integrity": "sha512-iAcin401y58LckRZ0TkI4k0VSM1Qg0KGSc3i8rU+xrxe19A/BN1zHyVSJY7uoutVlaTSzYyk/v5AmkewAP7jtg==",
 			"engines": {
 				"node": ">=10.0.0"
 			}
@@ -20789,20 +20836,49 @@
 			}
 		},
 		"@mattermost/compass-icons": {
-			"version": "0.1.19",
-			"resolved": "https://registry.npmjs.org/@mattermost/compass-icons/-/compass-icons-0.1.19.tgz",
-			"integrity": "sha512-lNDWdKwFUEmWL3GmLuCp0C2bEeFE5j4IEDAHoB7Ipz9SaIFP68s4Un2K8lwc+nXLAvrmJeV6IrlJx91UcyRiCw==",
+			"version": "0.1.22",
+			"resolved": "https://registry.npmjs.org/@mattermost/compass-icons/-/compass-icons-0.1.22.tgz",
+			"integrity": "sha512-/Fd5xkS+BiHoVffX+s8PCKvCXILmmsf0ibXfs3KEkUMEn2j6lP7XzFM/LBIkQy6R/ZUjWYBrpJxyXRj4ZptA6w==",
 			"requires": {
-				"esm": "^3.2.25",
-				"fontello-batch-cli": "^4.0.0",
-				"fontello-cli": "^0.6.2",
-				"lodash": "^4.17.21",
-				"needle": "^2.6.0",
-				"open": "^7.4.2",
-				"svgpath": "^2.3.1",
-				"typescript": "^4.4.4",
-				"unzip": "^0.1.11",
-				"xmldom": "^0.3.0"
+				"esm": "3.2.25",
+				"fontello-batch-cli": "4.0.0",
+				"fontello-cli": "0.6.2",
+				"lodash": "4.17.21",
+				"needle": "3.0.0",
+				"open": "8.4.0",
+				"svgpath": "2.5.0",
+				"unzip": "0.1.11",
+				"xmldom": "0.6.0"
+			},
+			"dependencies": {
+				"debug": {
+					"version": "3.2.7",
+					"resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz",
+					"integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==",
+					"requires": {
+						"ms": "^2.1.1"
+					}
+				},
+				"needle": {
+					"version": "3.0.0",
+					"resolved": "https://registry.npmjs.org/needle/-/needle-3.0.0.tgz",
+					"integrity": "sha512-eGr0qnfHxAjr+Eptl1zr2lgUQUPC1SZfTkg2kFi0kxr1ChJonHUVYobkug8siBKMlyUVVp56MSkp6CSeXH/jgw==",
+					"requires": {
+						"debug": "^3.2.6",
+						"iconv-lite": "^0.4.4",
+						"sax": "^1.2.4"
+					}
+				},
+				"open": {
+					"version": "8.4.0",
+					"resolved": "https://registry.npmjs.org/open/-/open-8.4.0.tgz",
+					"integrity": "sha512-XgFPPM+B28FtCCgSb9I+s9szOC1vZRSwgWsRUA5ylIxRTgKozqjOCrVOqGsYABPYK5qnfqClxZTFBa8PKt2v6Q==",
+					"requires": {
+						"define-lazy-prop": "^2.0.0",
+						"is-docker": "^2.1.1",
+						"is-wsl": "^2.2.0"
+					}
+				}
 			}
 		},
 		"@nodelib/fs.scandir": {
@@ -24389,6 +24465,11 @@
 			"integrity": "sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==",
 			"dev": true
 		},
+		"define-lazy-prop": {
+			"version": "2.0.0",
+			"resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz",
+			"integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og=="
+		},
 		"define-properties": {
 			"version": "1.1.3",
 			"resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz",
@@ -33858,9 +33939,9 @@
 			}
 		},
 		"svgpath": {
-			"version": "2.3.1",
-			"resolved": "https://registry.npmjs.org/svgpath/-/svgpath-2.3.1.tgz",
-			"integrity": "sha512-wNz6lCoj+99GMoyU7SozTfPqiLHz6WcJYZ30Z+F4lF/gPtxWHBCpZ4DhoDI0+oZ0dObKyYsJdSPGbL2mJq/qCg=="
+			"version": "2.5.0",
+			"resolved": "https://registry.npmjs.org/svgpath/-/svgpath-2.5.0.tgz",
+			"integrity": "sha512-o/vohwqjUO9nDAh4rcjE3KaW/v//At8UJu2LJMybXidf5QLQLVA4bxH0//4YCsr+1H4Gw1Wi/Jc62ynzSBYidw=="
 		},
 		"symbol-observable": {
 			"version": "1.2.0",
@@ -34429,7 +34510,8 @@
 		"typescript": {
 			"version": "4.4.4",
 			"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.4.tgz",
-			"integrity": "sha512-DqGhF5IKoBl8WNf8C1gu8q0xZSInh9j1kJJMqT3a94w1JzVaBU4EXOSMrz9yDqMT0xt3selp83fuFMQ0uzv6qA=="
+			"integrity": "sha512-DqGhF5IKoBl8WNf8C1gu8q0xZSInh9j1kJJMqT3a94w1JzVaBU4EXOSMrz9yDqMT0xt3selp83fuFMQ0uzv6qA==",
+			"dev": true
 		},
 		"ua-parser-js": {
 			"version": "0.7.31",
@@ -35243,9 +35325,9 @@
 			"dev": true
 		},
 		"xmldom": {
-			"version": "0.3.0",
-			"resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.3.0.tgz",
-			"integrity": "sha512-z9s6k3wxE+aZHgXYxSTpGDo7BYOUfJsIRyoZiX6HTjwpwfS2wpQBQKa2fD+ShLyPkqDYo5ud7KitmLZ2Cd6r0g=="
+			"version": "0.6.0",
+			"resolved": "https://registry.npmjs.org/xmldom/-/xmldom-0.6.0.tgz",
+			"integrity": "sha512-iAcin401y58LckRZ0TkI4k0VSM1Qg0KGSc3i8rU+xrxe19A/BN1zHyVSJY7uoutVlaTSzYyk/v5AmkewAP7jtg=="
 		},
 		"xtend": {
 			"version": "4.0.2",
diff --git a/webapp/package.json b/webapp/package.json
index 2e706ecaef1..aaa6673077f 100644
--- a/webapp/package.json
+++ b/webapp/package.json
@@ -30,7 +30,7 @@
 		"@fullcalendar/daygrid": "^5.10.0",
 		"@fullcalendar/interaction": "^5.10.0",
 		"@fullcalendar/react": "^5.10.0",
-		"@mattermost/compass-icons": "^0.1.10",
+		"@mattermost/compass-icons": "^0.1.22",
 		"@reduxjs/toolkit": "^1.6.0",
 		"color": "^4.0.0",
 		"draft-js": "^0.11.7",