[Snyk] Fix for 7 vulnerabilities #41

jmatsushita · 2023-12-19T16:03:06Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	Yes	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 161 commits.

e4f7551 v3.12.0
371185c v3.12.0-RC.2 (#3540)
d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
a722237 Remove lib folder from git (#3531)
e0f5c1a Move changelog to root (#3530)
f7bdce7 Duplicate dist files in root for older links (#3529)
0925cf1 Test-data module (#3525)
51fb02b Fixes #3504 / organizes tests (#3523)
efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
95b9007 Update changelog
6238bbc Fixes #3508 (#3509)
8338366 Update README.md
6313bc5 Update changelog
53bf877 Remove tree caching in import manager (#3498)
0f271f3 issue#3481 ignore missing debugInfo (#3482)
3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
0715d90 fix: Use make-dir instead of mkdirp (#3490)
2634494 Properly exit calc mode after use (#3493)
096dd22 Convert to auto-changelog (#3477)
842386b Fixes #3469 - Include tslib dependency (#3475)
1adaadb 3.11.0 (#3468)

Package name: next

The new version differs by 250 commits.

5201cdb v10.0.6
f8f2a17 v10.0.6-canary.12
232209b Remove note about Yarn 2 support. (#21665)
5be31f5 Update CI publish step to trigger after build (#21661)
5582892 v10.0.6-canary.11
843252b Add note about Yarn 2 support. (#21657)
8f21c28 Experimental feature changes (#21646)
08846cf v10.0.6-canary.10
652a1e8 Improvements to webpack tracing, including hot-reload (#21652)
5a73859 Update docs and Create Next App to use API Middlewares by default. (#21639)
8f0c155 Grammatical fixes (#21644)
e75f611 v10.0.6-canary.9
87ed37d Ensure prerender-manifest contains all i18n revalidate values (#21404)
b785fbc chore: upgrade webpack5 (#21563)
35efe8d Remove branches filter from actions cancel workflow (#21564)
cca2000 Update CI docs change diff check (#21558)
e1fe28c Fix and add test filterModuleRules for next-plugin-storybook (#17306)
0370c03 Update links that go to vercel.com/now (#21556)
dc2de37 Font optimization - Pass nonce to inlined font definition (#21346)
004ad62 Allow `undefined` body sent to `sendData()` (#20981)
07d4af9 suppressing eslint warning (#21163)
7aa397f Add Kontent example to preview section (#21542)
a47d47e Change type of GetServerSidePropsContext.req.cookies the be the same as NextApiRequest.cookies (#21336)
f6cc0de Remove mkdirp (#21365)