[Snyk] Fix for 14 vulnerabilities

[daniel-schel]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	No	No Known Exploit
	623/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.6	Cross-site Scripting (XSS) SNYK-JS-VUETIFY-3019858	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 53 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request #1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request #1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request #1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request #1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request #1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request #1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: axios

The new version differs by 115 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: jszip

The new version differs by 32 commits.

• e5b3f0d 3.7.0
• e88ba4b Update for version 3.7.0
• 9046487 Disable proto assert that fails in browsers
• 6d029b4 Merge pull request #766 from MichaelAquilina/fix/files-null-prototype
• bb38812 Ensure prototype isn't modified by zip file
• d024c22 test: Add test case for loading zip filenames which shadow method names
• 2235749 fix: Use a null prototype object for this.files
• b7f472d Merge pull request #757: Update license to be valid spdx identifier
• a311039 update license to be valid spdx identifier
• 112fcdb 3.6.0
• 7c75dff Update changelog and build for 3.6.0
• 10035ad Update contributing
• dcc6ff9 Merge pull request #742 from jahed/fix/webpack-5-async-failure
• f4700f9 fix(browser): redirect main to dist on browsers
• 3db5fdc Merge pull request #734 from JayFate/master
• e534454 fix: duplicate require
• 25d401e Merge pull request #703 from vdoubleu/patch-1
• 9f13168 fix small error in read_zip.md
• 7bbcb38 3.5.0
• ff65ad3 Changelog and version changes for 3.5.0
• 9591294 Merge pull request #666 from ffflorian/fix/types/output-string
• 2aad916 Merge pull request #669 from jjhbw/master
• 9d56abc Merge pull request #682 from lubeskih/681-update-nodestream-type
• ed8a758 Merge pull request #544 from mljsgto222/invalid_extra_field_data

See the full diff

Package name: prismjs

The new version differs by 250 commits.

• 703881e 1.27.0
• 7ac1373 Updated changelog for v1.27.0 (#3342)
• e002e78 Command Line: Escape markup in command line output (#3341)
• 13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (#3338)
• f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (#3334)
• 9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (#3333)
• 3fcca6b Bump pathval from 1.1.0 to 1.1.1 (#3331)
• 1784b17 Command Line: Add support for line continuation and improved colors (#3326)
• f545843 ESLint: Allow `Map` and `Set` in ES5 code (#3328)
• d6c5372 PureBasic: Added missing keyword and fixed constants ending with `$` (#3320)
• 82d0ca1 Command Line: Added span around command and output (#3312)
• 2cc4660 Core: Added better error message for missing grammars (#3311)
• 3f8cc5a Added UO Razor Script (#3309)
• bcb2e2c AutoIt: Allow hyphen in directive (#3308)
• deb3a97 INI: Swap out `header` for `section` (#3304)
• e46501b editorconfig: Change alias of `section` from `keyword` to `selector` (#3305)
• 2eb89e1 Swap out `operator` for `punctuation` (#3306)
• 3a20bdc Bump node-fetch from 2.6.1 to 3.1.1 (#3307)
• 081d515 Bump copy-props from 2.0.4 to 2.0.5 (#3300)
• b90e97c Bump follow-redirects from 1.13.1 to 1.14.7 (#3299)
• 8458c41 MongoDB: Added v5 support (#3297)
• 441a142 Scala: Added support for interpolated strings (#3293)
• 0b6b1e2 1.26.0
• 3ae61a8 Updated changelog for v1.26.0 (#3292)

See the full diff

Package name: vuetify

The new version differs by 250 commits.

• fdfb6fc chore(release): publish v2.6.10
• cd193e4 fix(VSelectList): correct mask class
• f50a808 chore: update commit message template
• 89e3850 fix(VDialog): don't try to focus tabindex="-1" or hidden inputs
• 4468e3c refactor(VSelect): render highlight with vnodes instead of innerHTML
• ade1434 fix(VCalendar): prevent XSS from eventName function
• 1be5260 docs(SystemBar): add new promotion
• 69eefd9 chore(ci): set percy base branch
• ac45c98 fix(web-types): add support for VDataTable pattern slots (#15694)
• 464529a fix(VMenu): disabled activatorFixed when attach is enabled (#15709)
• 381fdb5 docs: use "id" in item-value of autocomplete example (#15740)
• a455163 chore: update commit message template
• c8dbfa5 chore(ci): run percy tests on next with nightly build
• 0c90436 docs(i18n): remove the additional Arabic word for "language" (#15662)
• 3680756 docs(support.md): implement kintell booking
• 25a3474 docs(text-fields): clarify that readonly does not affect clearable
• 7a51ad0 fix(VTextField): only show clear icon on hover or when focused
• f8ee680 fix(VTextField): prevent tabbing to clear button
• 170c7d1 chore(release): publish v2.6.9
• 2cd34b4 fix(VCalendar): add aria roles to monthly calendar (#14640)
• 299330c fix(VCalendar): forward all bound events to internal elements (#15592)
• 1e0a4ad fix(VSwitch): only affect control opacity when disabled
• 0cc43e2 fix(VRadio): change icon color when disabled
• 322b670 chore: update @ vue/cli and vue-loader

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Cross-site Scripting (XSS)
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication