[Snyk] Security upgrade @strapi/strapi from 4.8.2 to 4.15.3

[dsuggs-near]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • cms/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	167/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00043, Social Trends: No, Days since published: 35, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.36, Score Version: V5	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @strapi/strapi

The new version differs by 250 commits.

• 458516e v4.15.3
• f97b1b0 fix: invalid deps
• 81425b4 fix: make peer dep less strict for npm
• 73f1081 Update lock & pkg
• 3f510d0 chore: publish 4.15.2
• bb51089 v4.15.2
• f413c08 fix: add missing prepublish script (#18700)
• 0ca0dff Merge remote-tracking branch 'origin/releases/4.15.2' into releases/4.15.3
• ca1ec5a refactor(admin): add watch-admin flag (#18688)
• 02973d4 Fix: Update AWS (aws-sdk) from deprecated V2 to V3 (#18557)
• 87431e4 feat: allow passing http serverOptions from config (#18591)
• 8403381 Fix: GraphQL validates repeatable component attributes correctly (#18647)
• 03194ce fix(admin): use appropriate loader between jsx and tsx (#18670)
• 477ea8e chore(admin): convert useSettingsMenu to TS (#18616)
• e741a4a fix: import Document directly & add `ignorePrompts` CLI flag (#18668)
• 805908b fix(admin): close webpack watch on reload (#18667)
• 0e69461 fix(admin): build pipeline & deps (#18658)
• 5f65fd6 fix(admin): missing env utilities (#18657)
• f5b09a8 fix(admin): missing env utilities (#18657)
• d6433ae chore: remove extraneous editorconfigs (#18592)
• ae792fb Release 4.15.1 (#18646)
• d482633 refactor(admin): auth pages to TS (#18635)
• b6c0850 v4.15.1
• 6008802 fix(blocks): first click on modifiers doesn't work (#18556)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
developer-console-framework-prod	❌ Failed (Inspect)			Nov 29, 2023 5:58pm

[dsuggs-near]

I've turned off automatic merging altogether until I understand this problem.