[Snyk] Fix for 27 vulnerabilities

[marcjansen]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-I18NEXT-1065979	Yes	No Known Exploit
	459/1000 Why? Has a fix available, CVSS 4.9	Buffer Overflow SNYK-JS-I18NEXT-575536	Yes	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Prototype Pollution SNYK-JS-I18NEXT-585930	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PAPAPARSE-564258	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-543307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @terrestris/react-geo

The new version differs by 250 commits.

• c6cf1b7 chore(release): 15.1.4 [skip ci]
• dea9bfe Merge pull request #2322 from terrestris/bump-node-npm-versions
• 96f2e38 chore: bump ol-util to v5.0.0
• 890e457 fix: update structure to lockfileVersion 2
• f408ad0 breaking: drop node support < v14, drop npm support < v7
• 83ddc96 chore(release): 15.1.3 [skip ci]
• 116029f Merge pull request #2321 from terrestris/fix-typo
• 14b6395 fix: avoid duplicated build stage on release
• 9d1707b use plural form for plugins block
• 9ce0840 Merge pull request #2320 from terrestris/releaserc
• 3f294f9 fix: extract release config to .releaserc file
• a650bf5 Merge pull request #2319 from terrestris/fix-semantic-release-plugin-order
• ac50191 fix: fix semantic release plugin order
• deb1310 Merge pull request #2318 from terrestris/dependabot/npm_and_yarn/tar-6.1.11
• 4336def build(deps): bump tar from 6.1.8 to 6.1.11
• 971c3d4 Merge pull request #2314 from terrestris/add-deprecated-note
• 6274272 Merge pull request #2312 from terrestris/npm-audit-fix
• 2f95df3 docs: Add deprecation note
• 4880006 chore: Auto fix several vulnerabilities
• cb8b5d6 Merge pull request #2299 from terrestris/split-digitize-button
• f6a900f docs: new functions in DigitizeUtil.ts
• 64b60ec fix: default class name
• f782b2f fix: always use own interaction instead of a shared one
• 98ce0c9 test: add rtl draw button tests

See the full diff

Package name: antd

The new version differs by 250 commits.

• 08beabf chore: fix remote checking
• f6c1582 docs: use star emoji
• bb90c4f Bump 3.16.4
• e521b32 Merge pull request #16206 from ant-design/release-3.16.4
• 4f0403c Add 3.16.4 changelog
• 8ec3831 Merge pull request #16203 from saxenanihal95/code_refactor
• 1569ab3 prettier md demo (#16188)
• 2b0723f update script (#16204)
• 73188ac fix: Table `rowSelection.columnWidth` should work (#16180)
• 9fd4b2d Refactor: created InputIcon of common code in RangePicker and WeekPicker
• 5987792 fix: typescript definition update (#16202)
• 35da7ce Merge pull request #16197 from ant-design/chores
• 4b17591 📝 Remove webpack@1 instruction
• ac5868c 🆙 upgrade stylelint-order
• 27045c5 Merge pull request #16196 from aaroncawte/master
• 4cd0c74 Documentation - Tree Component
• 7333506 Documentation - Timeline Component
• 8833f0b Documentation - Tag Component
• 719aff7 Documentation - Table Component
• 0c7b3ce Documentation - List Component
• a89c228 Documentation - Comment Component
• e8e29f7 Documentation - Collapse Component
• 0fc9b86 Documentation - Badge Component
• f30aee5 Documentation - Avatar Component

See the full diff

Package name: i18next

The new version differs by 250 commits.

• aeab3ca 19.8.5
• f58c423 new version
• 932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
• 2dc8267 Merge pull request #1533 from pravi/update-rollup-plugin-babel
• dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
• 4f9ef14 Merge pull request #1532 from pravi/update-node-resolve-plugin
• a90fb69 chore: update rollup and plugins
• ad88092 use fallbackLng as default lng
• ba564b3 19.8.4
• 1816290 prepare new release
• 1ed5a71 Updated FormatFunction signature to match codebase (#1520)
• 2516e89 Update config.yml
• 94dd384 Update config.yml
• 877e250 commit build result
• fa98508 Merge pull request #1518 from KristjanESPERANTO/patch-1
• 749519e Update URLs
• 03ef4ed 19.8.3
• ed6169f fix prototype pollution with constructor
• 5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (#1513)
• cb780ad 19.8.2
• d736006 allow nesting recursively with context (could theoretically generate infinite loop, prevented in #1480)
• 685aa0f 19.8.1
• b44f64c log optimizations for clone instances
• ba2613b 19.8.0

See the full diff

Package name: papaparse

The new version differs by 72 commits.

• 4b192de Minor version bump
• 235a127 Avoid ReDOS on float dynamic typing (#779)
• a4cf371 Improve downloadRequestBody documentation
• e934deb Support POST method when download is true
• 7ec146c Using self instead of this to preserve binding. (#769)
• 3497ded Patch version bump
• ae73d2a Use chunk size to determine the processed length
• a318396 Reword newline docs
• 47b356d #727 update delimiter and newline index if they are earlier than the current position before tested. (#728)
• 7ad8dda Address deepEqual using compare by JSON strings. (#724)
• e536351 Refactor substr calls to substring calls. (#725)
• e0b474d Correct small typo (#723)
• 6f7e43e Fix step callback function when skipping empty lines (#714)
• ec26e72 Bump open from 0.0.5 to 7.0.0 (#721)
• 5219809 Minor version bump
• 9b54b11 Fix Range Header processing logic for NetworkStreamer (#709)
• 94d7bf9 Fix CSV parsing issue when first cell is empty (#707)
• bacf4f2 Adds Hua Explore to list of lovers (#705)
• 45c1455 Fix README typos (#704)
• 80a1044 Implement quotes config optionally as function (#703)
• 874161a Fix misplaced quotes parsing (#702)
• 98e3102 Use latest PapaParse version on demo page
• d2206b3 Update download version from webpage
• 788631f Patch version bump

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn