[Snyk] Fix for 17 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • webapp/client/package.json
  • webapp/client/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	497/1000 Why? Proof of Concept exploit, CVSS 7.8	Command Injection SNYK-JS-GITPARSE-1290380	No	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	467/1000 Why? Proof of Concept exploit, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	No	Proof of Concept
	280/1000 Why? CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	No	No Known Exploit
	376/1000 Why? CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	No	No Known Exploit
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	492/1000 Why? Proof of Concept exploit, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	No	Proof of Concept
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @testing-library/jest-dom

The new version differs by 17 commits.

• 7921e4a feat: Enhance toHaveStyle to accept JS as css (updated pom and configutils #196)
• 3b3a3d3 docs: add benmonro as a contributor (Minor pom changes to fix server build #195)
• a053cdd docs: add JPBlancoDB as a contributor (Server installation - did not succeed on my Ubuntu 16.04 #194)
• 69aee34 docs: add koala-lava as a contributor (update osx instructions on scikit readme #193)
• 5f3f9c7 docs: add jzarzeckis as a contributor (add support for thrift 0.10.0  #192)
• 0d60a25 docs: add MichaelDeBoey as a contributor ([Installation] Make ModelDB compatible with thrift 0.10.0 #191)
• c9a8664 chore: Update dependencies (comment fix #190)
• e4d61c2 fix: toBeVisible ignoring Details element (fix comment #184)
• d87dfee Simplify README code usage examples (Frontend #188)
• 030da62 fix: Add @ types/testing-library__jest-dom dependency (Added notes about compatibility, added hard symlink #189)
• d13bb90 docs: Tiny typo (Docs #181)
• c919520 docs: Remove lines about using fireEvent to gain focus or blur (Frontend #187)
• 760409a Merge pull request edit path for simple workflow #183 from testing-library/next
• d68ccd7 Add matchers module in the package root
• c76f8c5 Remove extend-expect typings (Add samples #182)
• 27c1056 Add jest extensions on main module (Added test for FitSync bugfix #175)
• 8e14dc1 docs: Update examples using document.querySelector (Default should* parameters in Spark client to false #168)

See the full diff

Package name: @testing-library/react

The new version differs by 9 commits.

• f26b8df chore: cleanup repo (throw 404 when getLatestDatasetVersionByDatasetId on Dataset without a version associated with it #600)
• 7942f68 fix: remove deprecated cleanup-after-each (Fix bug: Top-level blob locations are getting duplicated into a subfolder #598)
• 9fc8581 feat: Flush microtasks in cleanup (commented the location_prefix field which is currently not in used #519)
• fccc2cf fix(node): drop Node 8 support (VR-3974: don't upload artifact in log_training_data() #576)
• 435098c feat: update @ testing-library/dom
• 0890ccc docs: add juangl as a contributor (Fix typo #609)
• 3d48019 chore: fix typo (Specify required client version for webinar #608)
• 2613d66 docs: add stevenfitzpatrick as a contributor (Add May Webinar #604)
• 04e64bb docs: add MichaelDeBoey as a contributor (MDB returns conflict when none exists #599)

See the full diff

Package name: apollo

The new version differs by 215 commits.

• 18da273 Release
• d79aef1 Prep for release
• 8335682 Changelog cleanup
• 99948f9 chore(deps): update dependency glob to v7.2.0 (Verify that a user's custom model has completely implemented VertaModelBase #2450)
• ef1f15d chore(deps): update cimg/node docker tag to v16.12.0 ([VR-11858] Fix bug where zip-unzip magic was broken for directory names with periods #2420)
• 04d9801 chore(deps): update cimg/go docker tag to v1.17.2 (Enable adding+getting data types as RMV attrs #2441)
• 5e1008c chore(deps): update cimg/node docker tag to v14.18.1 (Fix summary sample doc #2435)
• 54d113a chore(deps): update cimg/node docker tag to v12.22.7 ([VR-11876] Profile training data #2434)
• 97cfc4e Merge pull request Fix backend tests #2456 from IvanGoncharov/interfacesOnInterfaces
• 8c579a2 fix(apollo-graphql): Add support for interface on interfaces to transformSchema
• b921705 Merge pull request Revert "Removed backgroundUtils count logic" #2459 from apollographql/email-update
• 5fce73f Update types to fix "Generate types locally and compare type files" job
• b15417b Bump Windows node version to fix failing tests
• 3af8005 Switching to a new email inbox for author
• 6d69f22 chore(deps): update dependency @ babel/types (Fix setRoleBindings for entities from MDB #2411)
• de7f543 chore(deps): update win orb to v2.4.1 (Revert unintended test fixture changes #2424)
• c4fdfec chore(deps): update dependency lint-staged to v11.1.2 (Fix test config for the test setup #2409)
• c3ee992 chore(deps): update dependency @ types/lodash to v4.14.172 (Fix incorrect assumption in test #2408)
• 89c72dd chore(deps): update dependency @ types/core-js to v2.5.5 (Fix MDB service wake up which broken due to config changes #2412)
• 2822a61 chore(deps): update dependency git-parse to v1.0.5 (Fix errors while telemetry initialization due to hibernate auto commit=true #2430)
• 5feb4a3 chore(deps): update dependency @ oclif/plugin-help to v3.2.3 (Add in an explicit call to initiate shutdown when terminating after migrations. #2419)
• a95e6a7 chore(deps): update cimg/node docker tag to v14.17.5 (Revert "Fix MDB service wake up which broken due to config changes" #2418)
• 4869780 chore(deps): update cimg/node docker tag to v12.22.5 ([VR-11819] Create a dummy organization for the duration of a test session #2417)
• 9fcf051 chore(deps): update cimg/go docker tag to v1.16.7 (Fix test cases #2413)

See the full diff

Package name: axios

The new version differs by 41 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (chore: [VRD-1075] Update orchestrator for new pipeline defn #4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (chore(deps): bump com.microsoft.sqlserver:mssql-jdbc from 9.5.0.jre11-preview to 12.4.0.jre11-preview #3981)
• 5b45711 Security fix for ReDoS (chore(deps): bump aws.version from 1.12.477 to 1.12.519 #3980)
• 5bc9ea2 Update ECOSYSTEM.md (chore: add github actions build publish test #3817)
• e72813a Fixing README.md (chore: back port add github actions build publish test  #3818)
• e10a027 Fix README typo under Request Config (chore(deps): bump lombok from 1.18.26 to 1.18.28 #3825)
• e091491 Update README.md (HTTPError 503, connection refused #3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (fix: Remove use of types.GenericAlias #3953)
• 4fbeecb Adding CI on Github Actions. (refactor: Reword "input" to "predecessor" #3938)
• e9965bf Fixing the sauce labs tests (chore(deps): bump aws.version from 1.12.444 to 1.12.473 #3813)
• dbc634c Remove charset in tests (chore(deps): bump build-helper-maven-plugin from 3.3.0 to 3.4.0 #3807)
• 3958e9f Add explanation of cancel token (chore(deps): bump aws.version from 1.12.444 to 1.12.466 #3803)
• 69949a6 Adding custom return type support to interceptor (chore(deps): bump aws.version from 1.12.444 to 1.12.459 #3783)
• 49509f6 Create FUNDING.yml (chore: Publish client v0.23.0 #3796)
• 199c8aa Adding parseInt to config.timeout (docs: Change 0.22.3 -> 0.23.0 #3781)
• 94fc4ea Adding isAxiosError typeguard documentation (chore(deps): bump jackson-bom from 2.14.2 to 2.15.0 #3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (chore(deps): bump aws.version from 1.12.444 to 1.12.448 #3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (chore!: [VRD-718] Remove deprecated elements from DeployedModel class #3772)
• 59fa614 [Updated] follow-redirects to the latest version (chore(deps): bump kotlin-stdlib from 1.8.20 to 1.8.21 #3771)
• 7821ed2 Feat/json improvements (chore(deps): bump sphinx from 5.2.3 to 6.2.0 in /client/verta #3763)

See the full diff

Package name: lodash

The new version differs by 1 commits.

• c6e281b Bump to v4.17.21

See the full diff

Package name: react-markdown

The new version differs by 18 commits.

• 45b9977 5.0.0
• eeea3c2 Update `changelog.md`
• 5d6c9f1 Refactor scripts
• d29478f Add type tests
• 4f5dbe2 Add note
• 7a5e3a1 Add `allowDangerousHtml`, preferred over `escapeHtml`
• 2675ae2 Remove docs on `source`
• 34b0883 Change default branch to `main`
• 22a5e49 Refactor and test for 100% coverage
• b3aa6e0 Rewrite readme for unified, more examples
• a9f163d Move demo to `website` branch
• 4f1a407 Change to clean project, update, refactor scripts
• ebebf51 Upgrade remark to version 8, unified to version 9
• e400f6f Upgrade to remark-parse@6
• 3260f57 Run tests on node 12
• 6eff8d1 Pass AST node to all non-tag/non-fragment renderers as prop
• ca25be1 Fix link to demo in readme
• 9b4eb84 Updated remark-parse github link ([Do not merge till part 1 is deployed] entity owner migration part 2 #447)

See the full diff

Package name: react-scripts

The new version differs by 125 commits.

• ed95893 Publish
• 88ca4f6 Prepare 4.0.0 release
• d23d615 Update react dom in error overlay
• 95265c3 Update CHANGELOG
• 523b416 Add link to Open Collective (#9864)
• af616ab Update CHANGELOG
• 014ca01 Prepare 4.0.0 release
• 2b1161b Pass JSX runtime setting to Babel preset in Jest config (#9865)
• f2aef41 Prepare 4.0.0 alpha release
• 4bc639c Upgrade to React 17 (#9863)
• d61347d Use new JSX setting with TypeScript 4.1.0 (#9734)
• e63de79 New JSX Transform opt out (#9861)
• fe785b2 feat: Update all dependencies (#9857)
• 85ab02b feat: remove unused React imports (#9853)
• 329f392 feat: Update ESLint dependencies (#9856)
• 10fa972 feat(eslint-config-react-app): Add jest & testing-library rules (#8963)
• ed919b1 Make eslint-plugin-jest an optional peerDependency (#9670)
• 0a93e32 Fix refreshOverlayInterop module scope error (#9805)
• 7965594 Bump resolve-url-loader version (#9841)
• b1f8536 Add 3.4.4 to the changelog
• d07b7d0 Replace deprecated eslint-loader with eslint-webpack-plugin (#9751)
• 6f3e32e Upgrade Docusaurus to latest version (#9728)
• 1f2d387 fix: resolve new JSX runtime issues (#9788)
• 6a51dcd Add AVIF image support (#9611)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic