[Snyk] Fix for 2 vulnerabilities

[NikolayS]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/docusaurus/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-dev-utils

The new version differs by 238 commits.

• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (#11717)
• 657739f chore(test): make all tests install with `npm ci` (#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 69321b0 Remove cached lockfile (#11706)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
• c7627ce Update webpack and dev server (#11646)
• f85b064 The default port used by `serve` has changed (#11619)
• 544befe Update package.json (#11597)
• 9d0369b Fix ESLint Babel preset resolution (#11547)
• d7b23c8 test(create-react-app): assert for exit code (#10973)
• 1465357 Prepare 5.0.0 alpha release
• 3880ba6 Remove dependency pinning (#11474)
• 8b9fbee Update CODEOWNERS
• cacf590 Bump template dependency version (#11415)
• 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
• 50ea5ad allow CORS on webpack-dev-server (#11325)
• 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
• 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
• 134cd3c Resolve dependency issues in v5 alpha (#11294)
• b45ae3c Update CONTRIBUTING.md

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (Docusaurus + /docs takes hours to build on Github actions facebook/docusaurus#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (fix(v2): add missing 'react' and 'webpack' peer dependencies facebook/docusaurus#3675)
• 1768d6b fix: initial reloading for lazy compilation (fix(v2): navbar dropdown crash when item.to is undefined facebook/docusaurus#3662)
• 4f5bab1 docs: improve examples (include external sourced files into build facebook/docusaurus#3672)
• f2d87fb fix: improve https CLI output (test(e2e): dogfood Yarn with enableGlobalCache facebook/docusaurus#3673)
• 0277c5e chore: remove redundant console statements (refactor(v2): improve regex matching code-block title facebook/docusaurus#3671)
• 16fcdbc docs: add `ipc` example (fix(v2): Fix typo in BaseUrlSuggestionWarning facebook/docusaurus#3667)
• 8915fb8 test: add e2e tests for built in routes (fix(v2): make scrollbar styles consistent facebook/docusaurus#3669)
• 4d1cbe1 docs: ask `version` information in issue template (Proposal: upgrade Remark to v13.0.0 facebook/docusaurus#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (fix(v2): make optional title for footer links column facebook/docusaurus#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (refactor(v2): allow adding plugins depending on condition facebook/docusaurus#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (How swizzle all themes facebook/docusaurus#3660)
• d8bdd03 test: fix stability (what's the most robust way of importing the default CSS from an html static page? facebook/docusaurus#3661)
• 22b1414 refactor: remove `killable` ("TypeError: Cannot read property 'replace' of undefined" when docusaurus build facebook/docusaurus#3657)
• 75bafbf test: add e2e tests for module federation (feat(v2): onBrokenMarkdownLinks config facebook/docusaurus#3658)
• 493ccbd chore(deps): update `ws` ("Docs markdown link couldn't be resolved" infinite loop on build or start facebook/docusaurus#3652)
• ae8c523 test: add e2e test for universal compiler (Get status theme mode realtime facebook/docusaurus#3656)
• f94b84f chore(deps): update (Purge CSS Docusaurus Plugin facebook/docusaurus#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (fix(v2): handle multiple asset links in one line properly facebook/docusaurus#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (docs(v1): fix typo on Add Versions doc page facebook/docusaurus#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (fix: add repository metadata to all packages facebook/docusaurus#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption