[Snyk] Fix for 7 vulnerabilities

[naiba4]

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	221
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	169
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	112
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	80
	Cross-site Scripting SNYK-JS-SEND-7926862	80
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	80
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	67

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Uncontrolled resource consumption
🦉 Cross-site Scripting

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Sep 18, 2024 11:49am
gutenberg-wd9x	❌ Failed (Inspect)			Sep 18, 2024 11:49am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1de5b86

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@actions/[email protected]	environment, filesystem Transitive: network	+2	260 kB	thboop
npm/@actions/[email protected]	environment, filesystem Transitive: network	+13	4.49 MB	thboop
npm/@ariakit/[email protected]	None	+5	3.57 MB	ariakit-bot
npm/@ariakit/[email protected]	None	+1	1.46 MB	ariakit-bot
npm/@axe-core/[email protected]	None	0	44.4 kB	npmdeque
npm/@babel/[email protected]	environment, filesystem, unsafe	+32	8.06 MB	nicolo-ribaudo
npm/@babel/[email protected]	unsafe	+1	127 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	+2	18.8 kB	nicolo-ribaudo
npm/@babel/[email protected]	None	+1	14.6 kB	nicolo-ribaudo
npm/@babel/[email protected]	unsafe Transitive: environment	+5	2.57 MB	nicolo-ribaudo
npm/@babel/[email protected]	None	0	216 kB	nicolo-ribaudo
npm/@babel/[email protected]	Transitive: environment	+18	5.56 MB	nicolo-ribaudo
npm/@emotion/[email protected]	environment	+7	2.78 MB	emotion-release-bot
npm/@emotion/[email protected]	environment	+3	151 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+10	3.2 MB	emotion-release-bot
npm/@emotion/[email protected]	environment	+2	144 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+3	212 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+2	587 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+1	65.6 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	+1	227 kB	emotion-release-bot
npm/@emotion/[email protected]	environment	0	18.3 kB	emotion-release-bot
npm/@geometricpanda/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+48	10.1 MB	geometricpandadev
npm/@octokit/[email protected]	None	0	21.9 kB	octokitbot
npm/@octokit/[email protected]	Transitive: network	+6	2.81 MB	octokitbot
npm/@octokit/[email protected]	None	+1	1.76 MB	octokitbot
npm/@octokit/[email protected]	None	0	162 kB	octokitbot
npm/@octokit/[email protected]	None	0	210 kB	octokitbot
npm/@playwright/[email protected]	None	0	25.3 kB	aslushnikov
npm/@pmmmwh/[email protected]	environment, filesystem Transitive: network	+2	441 kB	pmmmwh
npm/@react-native-clipboard/[email protected]	None	0	176 kB	naturalclar
npm/@react-native-community/[email protected]	None	0	300 kB	titozzz
npm/@react-native-community/[email protected]	None	0	0 B
npm/@react-native-masked-view/[email protected]	None	0	58.2 kB	naturalclar
npm/@react-native/[email protected]	None	0	155 kB	react-native-bot
npm/@react-navigation/[email protected]	environment	0	971 kB	satya164
npm/@react-navigation/[email protected]	environment	+3	1.49 MB	satya164
npm/@react-navigation/[email protected]	None	0	237 kB	satya164
npm/@react-navigation/[email protected]	Transitive: environment	+1	1.14 MB	satya164
npm/@react-spring/[email protected]	environment	+5	448 kB	tdfka_rick
npm/@storybook/[email protected]	Transitive: environment, eval, network	+42	8.7 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, network	+39	8.51 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+48	10 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+79	23.5 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, network	+39	8.49 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, network	+39	8.5 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, eval, filesystem, network, shell, unsafe	+122	21.3 MB	shilman
npm/@storybook/[email protected]	Transitive: environment, filesystem, network, unsafe	+16	3.94 MB	shilman
npm/@storybook/[email protected]	filesystem	+3	351 kB	shilman

🚮 Removed packages: npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@mdx-js/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

Report is too large to display inline.
View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@kwsites/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@aw-web-design/[email protected]
• @SocketSecurity ignore npm/@babel/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@humanwhocodes/[email protected]
• @SocketSecurity ignore npm/@react-native-community/[email protected]
• @SocketSecurity ignore npm/@react-native-community/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@react-native-community/[email protected]
• @SocketSecurity ignore npm/@react-native-community/[email protected]
• @SocketSecurity ignore npm/@react-native-community/[email protected]
• @SocketSecurity ignore npm/@jest/[email protected]
• @SocketSecurity ignore npm/@react-native-community/[email protected]
• @SocketSecurity ignore npm/@react-native/[email protected]
• @SocketSecurity ignore npm/@react-native/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]
• @SocketSecurity ignore npm/@emotion/[email protected]

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Vulnerable Libraries (2)

Severity	Details
High	pkg:npm/[email protected] (t) upgrade to: > 1.35.2
High	pkg:npm/[email protected] (t) upgrade to: > 2.0.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.