[Snyk] Fix for 33 vulnerabilities

[joeholdcroft]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • client/package.json
  • client/package-lock.json
  • client/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-BOOTSTRAP-173700	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	No	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Mature
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767167	No	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767175	No	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767767	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-2946728	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:react-dom:20180802	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 249 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request #1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request #1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request #1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request #1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request #1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request #1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: bootstrap

The new version differs by 250 commits.

• 8fa0d30 Release v4.3.1. (#28252)
• dae20da Remove unneeded glob. (#28249)
• 10b97f6 Fix npm package contents
• 7bc4d2e Add sanitize template option for tooltip/popover plugins.
• bf2515a Update RFS to v8.0.1 (#28245)
• 45ced60 Update font size (#28232)
• 1ded0d6 Release v4.3.0 (#28228)
• 3aa0770 docs snippets: a few more minor tweaks (#28225)
• adf16da toasts.md: Remove useless `div`s.
• 2bfe581 Remove stray parameter from capture.
• bbf8b76 Cosmetic changes in snippets.
• 7a9a8db docs: remove `-ms-overflow-style: -ms-autohiding-scrollbar` (#28220)
• 24253b1 migration.md: use https. (#28221)
• 545f3fa Prevent text selection in placeholder images (#28218)
• 94acdee Revert "Silence mkdir. (#28184)" (#28209)
• 6c7dcc6 placeholder.svg: Partially revert the changes from c0e42cb. (#28216)
• 1145365 Reword footer text.
• bd328bf Use the `site.repo` variable.
• a920429 Change footer link to point to the docs team page
• c56b10c Offcanvas example: transition the transform (#28203)
• 52e6ce4 Update devDependencies. (#28175)
• 93dec4c Fix scrollable modal snippet
• 51375ab Responsive font size implementation (#23816)
• d250567 Remove `-ms-autohiding-scrollbar` to prevent overlapping the table content (#28153)

See the full diff

Package name: jquery-ui

The new version differs by 160 commits.

• d6c028c 1.13.2
• 8cc5bae Checkboxradio: Don't re-evaluate text labels as HTML
• b53e7be All: Remove deprecated .click() usage in demos/tests
• bb00536 Build: Update AUTHORS.txt
• 9d1fc97 Datepicker: Capitalize some Indonesian words
• 1f467ba Selectmenu: Remove a call to the deprecated .focus() method
• ac1866f Build: Update AUTHORS.txt
• 395aa7d Datepicker: Add missing localization for prevText and nextText
• 218c6af Datepicker: Remove symbols in localization
• 3126e12 Datepicker: Remove symbols in localization
• e853971 Build(deps): Bump actions/checkout from 2 to 3
• d55645c Build(deps): Bump actions/cache from 2 to 3
• a4060a2 Build(deps): Bump actions/setup-node from 1 to 3
• d66fdd5 Build: Add dependabot.yml config (GitHub Actions)
• 50d35e6 Build: Update Grunt to resolve CVE-2022-1537
• e21a254 Build: Include all the files published to the CDN in npm/Bower packages
• 54074fc Build: Updating the main version to 1.13.2-pre.
• d2779bd Build: Update some npm dependencies
• 0c5becc Widget: Optimize attachment of the _untrackClassesElement listener
• 4a7cec3 Build: Add Felix to .mailmap, update AUTHORS.txt
• 933ce5d Autocomplete: Rewrite with a delay instead of appending the live region
• e90096e Build: Add extra Github action job for PR required checks configuration
• e0a78d4 Build: Switch from Travis to GitHub actions
• ed637b0 Widget: Make contextless widget construction work

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn