[Snyk] Fix for 12 vulnerabilities

[ryan-ally]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 ([DOCS] Minor grammatical fixes yugabyte/yugabyte-db#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process ([Docs] [Drivers and ORM's] Restructure rust pages  yugabyte/yugabyte-db#13242)
• 401a687 Chore: fix rules list for prereleases (Support for Passphrase on private key for Encryption  yugabyte/yugabyte-db#13230)
• 4ef6158 Breaking: espree@7.0.0 ([YSQL][LST] ERROR: Not implemented: Not supported to restart DDL transaction yugabyte/yugabyte-db#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency ([doc] PR for Why use YB encryption at rest over filesystem level encryption  yugabyte/yugabyte-db#13267)
• 356fdb4 Docs: add migration guide (UBSAN error in AlterTableWithConcurrentTxnTest.TServerLeaderChange yugabyte/yugabyte-db#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs [Docs] Add documentation for yb-ts-cli reload_certificates yugabyte/yugabyte-db#12334) ([DocDB] Tserver process rpc_tp_TabletSe crashes in rocksdb::Block::NewIterator()  yugabyte/yugabyte-db#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes [YSQL][LST] ERROR: could not open relation with OID 55086 yugabyte/yugabyte-db#12883) ([docs] release 2.15.0.0 yugabyte/yugabyte-db#13052)
• 2ce6bed Chore: added tests for nested arrays ([Docs][#13144] Updating the reference documentation for yugabyted. yugabyte/yugabyte-db#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs [Docs] Add documentation for yb-ts-cli reload_certificates yugabyte/yugabyte-db#12334) ([doc] PR for Remove reference to portal.dev from public docs yugabyte/yugabyte-db#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes [CDCSDK]move the TestXClusterLogGCedWithTabletBootStrap to Xcluster related file yugabyte/yugabyte-db#13190) ([Docs] [Explore] Example required for Read replicas for YSQL. yugabyte/yugabyte-db#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) ([OSSexp] [yugabyted] Adding alert and admin page to Yugabyted UI yugabyte/yugabyte-db#12939)
• 3eeae56 Upgrade: some (dev) deps ([Docs] Command blocks take multiple lines yugabyte/yugabyte-db#13155)
• 6b7030b Chore: Run tests on Node.js v14 ([Docs] PR for Add Universe Creation UI changes for NTP Enhancements to the documentation yugabyte/yugabyte-db#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (Generate gFlags metadata xml at build time and include it in the yugabyte package yugabyte/yugabyte-db#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs [Docs] Add documentation for yb-ts-cli reload_certificates yugabyte/yugabyte-db#12334) ([docs] [migrate] changes to import and export sections using the COPY command. yugabyte/yugabyte-db#13164)
• 56d2bee Docs: fix typos (Better fsync tracking. yugabyte/yugabyte-db#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer ([Docs] [YSQL] The newly-introduced docs regime has broken the omnibus YSQL syntax diagram page yugabyte/yugabyte-db#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline ([docs][cloud] Slow queries known issue yugabyte/yugabyte-db#13161)

See the full diff

Package name: eslint-plugin-import

The new version differs by 85 commits.

• b0131d2 Bump to v2.25.0
• 7463de2 utils: v2.7.0
• 900ac9a [resolvers/webpack] [deps] update `is-core-module`
• c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
• 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
• 62e2d88 [New] Support `eslint` v8
• 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
• dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
• 4f0f560 [Docs] `no-namespace`: fix a typo
• 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
• 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
• 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
• 471790f [Tests] fix skip usage
• fd85369 [Tests] skip failing test on eslint < 6 + node < 8
• 64423e9 [Tests] add passing test for export-star
• 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
• 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
• 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
• 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
• 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
• 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
• 7c382f0 [New] `no-unused-modules`: support dynamic imports
• 7579748 [utils] [new] add `visit`, to support dynamic imports
• 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: node-sass

The new version differs by 33 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 ([YW] Edit Universe did not pick the last 3 nodes in the list when downsizing yugabyte/yugabyte-db#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 ([docdb] QLTabletTest.OperationMemTracking is flaky yugabyte/yugabyte-db#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request ([yugabyted] Start takes a long time if yb-ctl cluster already running yugabyte/yugabyte-db#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (Fix k8s encryption itest yugabyte/yugabyte-db#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (Add a timeout to itest run  yugabyte/yugabyte-db#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 ([docs] Update note on yugabyted reference page yugabyte/yugabyte-db#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default ([Platform] Charts repo should be deployable to a specified namespace yugabyte/yugabyte-db#3149)
• e80d4af chore: Drop EOL Node 15 (v2.0.7 fresh install won't run in Ubuntu yugabyte/yugabyte-db#3122)
• d753397 feat: Add Node 17 support ([yugabyted] Issues when running on a public cloud instance yugabyte/yugabyte-db#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request az group deployment create is deprecated  yugabyte/yugabyte-db#11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request [docs][cloud]Release notes yugabyte/yugabyte-db#11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request [Doc] PR for Update kubernetes config page yugabyte/yugabyte-db#11690 from webpack/bugfix/11673
• 234373e Merge pull request [YSQL][PgstatCollector][TSan] ThreadSanitizer: data race in reaper yugabyte/yugabyte-db#11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request [docs] create a new contributors' guide yugabyte/yugabyte-db#11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request [docs] Improve page - 'Troubleshooting performance issues' to include details of troubleshooting P99 latency issues. yugabyte/yugabyte-db#11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request [YSQL] Protobuf Log Line Spamming (String field contains invalid UTF-8 data) yugabyte/yugabyte-db#11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request [docs] Update kubernetes.md yugabyte/yugabyte-db#11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @ babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request [YCQL] Statements doesn't run serially by default in YCQL transaction block yugabyte/yugabyte-db#11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request [docs][core] update quick starts with new dataset yugabyte/yugabyte-db#11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability ([yugabyted] don't mess up shell prompt on crash yugabyte/yugabyte-db#3676)
• cdcabb2 fix: respect protocol from browser for manual setup ([Phase 3][Colocation] Tablet Server UI shows only colocated parent table yugabyte/yugabyte-db#3675)
• 1768d6b fix: initial reloading for lazy compilation ([docs] Change Hasura docs to use gflag ysql_suppress_unsupported_error yugabyte/yugabyte-db#3662)
• 4f5bab1 docs: improve examples ([Test failures] Fix CQL TSAN test failures yugabyte/yugabyte-db#3672)
• f2d87fb fix: improve https CLI output (Update CONTRIBUTORS.md yugabyte/yugabyte-db#3673)
• 0277c5e chore: remove redundant console statements ([docs] Disk space relief when adding new node to cluster yugabyte/yugabyte-db#3671)
• 16fcdbc docs: add `ipc` example (Thirdparty package compile error while using GCC8 yugabyte/yugabyte-db#3667)
• 8915fb8 test: add e2e tests for built in routes ([docdb] TS crash due to 2 tablets in cache with the same partition_key_start yugabyte/yugabyte-db#3669)
• 4d1cbe1 docs: ask `version` information in issue template (Show backfill progress as a task at master/tasks yugabyte/yugabyte-db#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (disk utilization of MANIFEST file increases after the restart yugabyte/yugabyte-db#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (LogCache is reporting memory usage on followers yugabyte/yugabyte-db#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API ([docs] Set up for TLS in Kubernetes yugabyte/yugabyte-db#3660)
• d8bdd03 test: fix stability ([docs] Add documentation for colocated tables yugabyte/yugabyte-db#3661)
• 22b1414 refactor: remove `killable` (Improve analyzing slow queries yugabyte/yugabyte-db#3657)
• 75bafbf test: add e2e tests for module federation (TSAN failures with CassandraDriver tests yugabyte/yugabyte-db#3658)
• 493ccbd chore(deps): update `ws` (added gke helm and updated oss helm instructions yugabyte/yugabyte-db#3652)
• ae8c523 test: add e2e test for universal compiler (Transactional data load performance improvements yugabyte/yugabyte-db#3656)
• f94b84f chore(deps): update ([docs] Update titles and naming yugabyte/yugabyte-db#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (yugabyted UI does not show metrics yugabyte/yugabyte-db#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option ([docs] Fix formatting issues yugabyte/yugabyte-db#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging ([docs] Fix image references yugabyte/yugabyte-db#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)