[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	501/1000 Why? Recently disclosed, Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 115 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 145aec1 7.16.0
• 83518a5 Build: changelog update for 7.16.0
• a62ad6f Update: fix false negative of no-extra-parens with NewExpression (#13930)
• f85b4c7 Fix: require-atomic-updates false positive across await (fixes #11954) (#13915)
• 301d0c0 Fix: no-constant-condition false positives with unary expressions (#13927)
• 555c128 Fix: false positive with await and ** in no-extra-parens (fixes #12739) (#13923)
• d93c935 Docs: update JSON Schema links (#13936)
• 8d0c93a Upgrade: [email protected] (#13920)
• 9247683 Docs: Remove for deleted npm run profile script (#13931)
• ab240d4 Fix: prefer-exponentiation-operator invalid autofix with await (#13924)
• dc76911 Chore: Add .pre-commit-hooks.yaml file (#13628)
• 2124e1b Docs: Fix wrong rule name (#13913)
• 06b5809 Sponsors: Sync README with website
• 26fc12f Docs: Update README team and sponsors
• 902a032 7.15.0
• 6356778 Build: changelog update for 7.15.0
• 5c11aab Upgrade: @ eslint/esintrc and espree for bug fixes (refs #13878) (#13908)
• 0eb7957 Upgrade: [email protected] (#13877)
• 683ad00 New: no-unsafe-optional-chaining rule (fixes #13431) (#13859)
• cbc57fb Fix: one-var autofixing for export (fixes #13834) (#13891)
• 110cf96 Docs: Fix a broken link in working-with-rules.md (#13875)
• 0cb81a9 7.14.0
• fb3a594 Build: changelog update for 7.14.0
• 5f09073 Update: fix 'skip' options in no-irregular-whitespace (fixes #13852) (#13853)

See the full diff

Package name: react-scripts

The new version differs by 238 commits.

• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (#11717)
• 657739f chore(test): make all tests install with `npm ci` (#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 69321b0 Remove cached lockfile (#11706)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
• c7627ce Update webpack and dev server (#11646)
• f85b064 The default port used by `serve` has changed (#11619)
• 544befe Update package.json (#11597)
• 9d0369b Fix ESLint Babel preset resolution (#11547)
• d7b23c8 test(create-react-app): assert for exit code (#10973)
• 1465357 Prepare 5.0.0 alpha release
• 3880ba6 Remove dependency pinning (#11474)
• 8b9fbee Update CODEOWNERS
• cacf590 Bump template dependency version (#11415)
• 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
• 50ea5ad allow CORS on webpack-dev-server (#11325)
• 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
• 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
• 134cd3c Resolve dependency issues in v5 alpha (#11294)
• b45ae3c Update CONTRIBUTING.md

See the full diff

Package name: serve

The new version differs by 19 commits.

• c630db7 13.0.1
• 07cc160 Switch to npm (#681)
• 389e9a4 security(deps): [email protected] to fix CVE-2021-3807 (#676)
• 247b383 13.0.0
• 168d4b2 Change default port from `5000` to `3000` (#680)
• 30b0673 12.0.1
• 79ca17c Fix network not being shown anymore (#661)
• e3f1e84 HTTPS: Adding Ability to Send Passphrase to createServer (#655)
• d941baa 12.0.0
• 6341041 Breaking: Update `clipboardy` to v2.3.0 (drops support for Node 8, end of life) (#612)
• 3281c57 Bump lodash from 4.17.19 to 4.17.21 (#654)
• a85bd9d Add flag for disabling port switching (#579)
• b71af1a Fix undefined local network address (#572)
• e3fe70a Fix spacing for CORS documentation (#610)
• 818b5e9 Add `-p` port flag to the help command output. (#607)
• 61731b1 Update repo location in package.json to be vercel/serve (#641)
• fbf6376 fix: Bump ajv to 6.12.6 (#635)
• cd7dcf2 Bump ini from 1.3.5 to 1.3.7 (#638)
• 850cc0b Bump lodash from 4.17.15 to 4.17.19 (#619)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic