[Snyk] Security upgrade snyk from 1.437.3 to 1.996.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYK-3037342	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[guardrails]

⚠️ We detected 63 security issues in this pull request:

Mode: paranoid | Total findings: 63 | Considered vulnerability: 63

Vulnerable Libraries (63)

Severity	Details
High	pkg:npm/clean-css@4.2.1@4.2.1 (t) - no patch available
High	pkg:npm/decompress@4.2.0@4.2.0 (t) - no patch available
Medium	pkg:npm/path-parse@1.0.6@1.0.6 (t) upgrade to: 1.0.7
Critical	pkg:npm/unset-value@1.0.0@1.0.0 (t) - no patch available
Medium	pkg:npm/sharp@0.23.4@0.23.4 (t) upgrade to: 0.30.5
High	pkg:npm/lodash.template@4.5.0@4.5.0 (t) - no patch available
Low	pkg:npm/request@2.88.0@2.88.0 (t) - no patch available
High	pkg:npm/url-regex@4.1.1@4.1.1 (t) - no patch available
Medium	pkg:npm/kind-of@6.0.2@6.0.2 (t) - no patch available
Medium	pkg:npm/%40hapi/hoek@8.5.0@8.5.0 (t) - no patch available
Critical	pkg:npm/set-value@2.0.1@2.0.1 (t) - no patch available
High	pkg:npm/glob-parent@5.1.0@5.1.0 (t) upgrade to: 5.1.2
N/A	pkg:npm/jpeg-js@0.3.6@0.3.6 (t) upgrade to: 0.4.0
N/A	pkg:npm/acorn@7.1.0@7.1.0 (t) - no patch available
Medium	pkg:npm/react@16.12.0@16.12.0 (t) - no patch available
High	pkg:npm/trim-newlines@1.0.0@1.0.0 (t) upgrade to: 3.0.1,4.0.1
Critical	pkg:npm/lodash@4.17.15@4.17.15 (t) - no patch available
High	pkg:npm/follow-redirects@1.5.10@1.5.10 (t) upgrade to: 1.14.7
High	pkg:npm/sanitize-html@1.20.1@1.20.1 (t) - no patch available
High	pkg:npm/semver-regex@2.0.0@2.0.0 (t) upgrade to: 3.1.3,4.0.1
High	pkg:npm/file-type@8.1.0@8.1.0 (t) - no patch available
High	pkg:npm/tar@5.0.5@5.0.5 (t) upgrade to: 3.2.2,4.4.14,5.0.6,6.1.1
Medium	pkg:npm/color-string@1.5.3@1.5.3 (t) upgrade to: 1.5.5
High	pkg:npm/is-svg@3.0.0@3.0.0 (t) upgrade to: 4.2.2
N/A	pkg:npm/dot-prop@4.2.0@4.2.0 (t) - no patch available
Medium	pkg:npm/ajv@6.10.2@6.10.2 (t) upgrade to: 6.12.3
High	pkg:npm/simple-get@3.1.0@3.1.0 (t) - no patch available
High	pkg:npm/ansi-regex@5.0.0@5.0.0 (t) - no patch available
Critical	pkg:npm/json-schema@0.2.3@0.2.3 (t) upgrade to: 0.4.0
Medium	pkg:npm/got@8.3.2@8.3.2 (t) - no patch available
High	pkg:npm/nth-check@1.0.2@1.0.2 (t) upgrade to: 2.0.1
Medium	pkg:npm/postcss@7.0.26@7.0.26 (t) upgrade to: 8.2.13,7.0.36
Medium	pkg:npm/bl@3.0.0@3.0.0 (t) upgrade to: 1.2.3,2.2.1,3.0.1,4.0.3
High	pkg:npm/ini@1.3.5@1.3.5 (t) upgrade to: 1.3.6
High	pkg:npm/hosted-git-info@2.8.5@2.8.5 (t) - no patch available
Medium	pkg:npm/underscore.string@3.3.5@3.3.5 (t) - no patch available
High	@hapi/hoek@8.5.0 (t) upgrade to: >8.5.0
High	acorn@7.1.0 (t) upgrade to: >7.1.0
Medium	ajv@6.10.2 (t) upgrade to: >=6.12.3
High	ansi-regex@5.0.0 (t) upgrade to: 3.0.0 || >4.1.0 || 5.0.0
High	async@2.6.3 (t) upgrade to: >2.6.3
Medium	bl@3.0.0 (t) upgrade to: >=1.2.3 || =3.0.0
Medium	browserslist@4.8.3 (t) upgrade to: >4.16.4
High	cheerio@1.0.0-rc.3 (t) upgrade to: >1.0.0-rc.3
Medium	color-string@1.5.3 (t) upgrade to: >=1.5.5
Critical	decompress@4.2.0 (t) upgrade to: >=4.2.1
High	dot-prop@4.2.0 (t) upgrade to: >=4.2.1
High	get-urls@8.0.0 (t) upgrade to: >9.2.1
Medium	google-fonts-plugin@2.0.2 (t) upgrade to: ***
Medium	hosted-git-info@2.8.5 (t) upgrade to: >=2.8.9
High	ini@1.3.5 (t) upgrade to: >=1.3.6
Critical	jsprim@1.4.1 (t) upgrade to: >1.4.1 || >2.0.1
High	kind-of@6.0.2 (t) upgrade to: >6.0.2
High	lodash@4.17.15 (t) upgrade to: >4.17.20
High	mdast-util-to-hast@3.0.4 (t) upgrade to: >6.0.2
High	meow@3.7.0 (t) upgrade to: >5.0.0
Medium	path-parse@1.0.6 (t) upgrade to: >=1.0.7
Medium	postcss@7.0.26 (t) upgrade to: >7.0.35
High	postcss-svgo@4.0.2 (t) upgrade to: >5.0.0-rc.2
Medium	potrace@2.1.2 (t) upgrade to: >2.1.6
High	remark@10.0.1 (t) upgrade to: >12.0.1
High	simple-get@3.1.0 (t) upgrade to: >3.1.0
High	tar@5.0.5 (t) upgrade to: >5.0.9

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.