[Snyk] Fix for 18 vulnerabilities

[blubfoo]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/with-aws-amplify/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	449/1000 Why? Has a fix available, CVSS 4.7	Open Redirect SNYK-JS-NEXT-1540422	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	Yes	Proof of Concept
	590/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-amplify

The new version differs by 250 commits.

• 8bb1334 Publish
• 440f25e Bumping api-rest and api-graphql versions to match npm
• b4b40aa Merge pull request Could not freeze filename vercel/next.js#5243 from aws-amplify/modularization
• 9f2800d Revert from-package and use conventional commits for master in first release
• 6b1ef79 Force lerna to publish major version from the package.json in unstable and latest release
• 7fef140 Merge branch 'master' into modularization
• c04349b Revert modularization specific circile CI changes
• 4f3b285 Fix exporting the right amplify version
• 815eef4 Publish
• 4002776 Change new version of api-rest and api-graphql modules to 0.1
• a105664 chore(release): Publish [ci skip]
• 30e4c29 Preparing release
• 21a00b4 Upgrade aws-sdk beta clients (Cannot compile code of with-redux-saga example vercel/next.js#5234)
• 31a273e Merge branch 'master' into modularization
• 71044ae fix builds that were broken by new terser 4.6.8 version (next@7 + graphql@0.13.2 prevent React from initialize vercel/next.js#5233)
• 2925d5b Fix unit tests following merge from master
• e201cfd Merge branch 'modularization-Amplifiyer' into modularization
• 082af2d Merge branch 'master' into modularization-Amplifiyer
• d630c34 Added clientMetadata to sendMFACode ( Cannot set property 'toJSON' of undefined when using react-i18next example vercel/next.js#5145)
• 2a7fd81 Upgrade aws-sdk clients from alpha to beta (nextjs 7 TypeError: [BABEL]... vercel/next.js#5209)
• 23d8d41 Export UsernameAttributes enum (Create duplicate services when using PM2 with next.js vercel/next.js#5197)
• fe6aaf6 Fix unit tests as per expiration type change
• 210410f Merge branch 'modularization' into modularization-Amplifiyer
• 047b5a7 Update expiration type to Date as per change in aws-sdk

See the full diff

Package name: immer

The new version differs by 250 commits.

• fa671e5 fix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
• 2e0aa95 Create SECURITY.md
• 050522d chore: fix CI. maybe.
• 1195510 docs: Update example-setstate.mdx (Update babel-generator to version 6.22.0 🚀 vercel/next.js#833)
• 648d39b docs: fixing link to RFC-6902 & fixing typo (Add right link markup vercel/next.js#830)
• bc890f7 docs: Update example-setstate.mdx (Make sure lastAppProps always have some value. vercel/next.js#829)
• 16a3d0f chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website (potential extraneous div surrounding #__next vercel/next.js#822)
• 847492c docs: Extended / updated documenation (Don't overwrite the ignored option on Windows vercel/next.js#824)
• 7f41483 chore: [workflows] don't release from forks
• 3f9a94e chore: let's test before publish
• bfb8dec fix: release missing dist/ folder
• b314b19 chore: fix cpx usage
• a607d6c chore: Remove old shizzle
• 6fd5329 chore: fixes for deploy preview
• 144f886 chore: fix docs deployment attempt 3
• 38964fa chore: semantic-release + GH actions
• 06c6741 chore: fix docs deploy
• ad23da9 chore: fix test job
• b6d92f4 chore: publish docs automatically
• c59576a chore: setup GH action for test
• dc3f66c fix: A bad HTTP response code (404) was received when fetching the script vercel/next.js#807 new undefined properties should end up in result object
• 5412c9f fix: Hot-reloading of custom servers vercel/next.js#791 return 'nothing' should produce undefined patch
• 58b74a6 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website (Check write-access on prototype. vercel/next.js#818)
• c9deb48 chore(deps): bump color-string from 1.5.4 to 1.5.5 in /website (Update styled-jsx to version 0.4.4 🚀 vercel/next.js#817)

See the full diff

Package name: next

The new version differs by 250 commits.

• 99abb8b v12.0.2
• 9828790 v12.0.2-canary.14
• 39283f1 Update swc (Update swc vercel/next.js#30685)
• 02e0dbc v12.0.2-canary.13
• 8a6307f Remove isCommonJS check as it has been moved to next-swc (Remove isCommonJS check as it has been moved to next-swc vercel/next.js#30677)
• 622a1a5 Provide default fallback _document and _app for for concurrent mode (Provide default fallback _document and _app for for concurrent mode vercel/next.js#30642)
• c12ae5e correct Next.js 11 upgrade instructions (correct Next.js 11 upgrade instructions vercel/next.js#30665)
• 90fad00 v12.0.2-canary.12
• 4ada314 Add auto-commonjs and update swc (Add auto-commonjs and update swc vercel/next.js#30661)
• d8cb8c5 Fixed "Expected jsx identifier" error on TypeScript generics & angle bracket type assertions in .ts files (Fixed "Expected jsx identifier" error on TypeScript generics & angle bracket type assertions in .ts files vercel/next.js#30619)
• d7d1a05 Ensure native binary is available for release stats (Ensure native binary is available for release stats vercel/next.js#30649)
• 77e1565 remove Object.fromEntries polyfill for node 10 in test utils (remove Object.fromEntries polyfill for node 10 in test utils vercel/next.js#30657)
• 48874f1 Fix missing dev option for the middleware SSR loader (Fix missing dev option for the middleware SSR loader vercel/next.js#30639)
• c730f73 v12.0.2-canary.11
• 18a3991 Fix check compiled step (Fix check compiled step  vercel/next.js#30645)
• 097fb3c Revert incremental config to fix missing types (Revert incremental config to fix missing types vercel/next.js#30644)
• aa70f46 v12.0.2-canary.10
• 599081a Update output tracing to do separate passes (Update output tracing to do separate passes vercel/next.js#30637)
• f363cc8 update webpack (update webpack vercel/next.js#30634)
• b5a8916 Chore/rust workflow (Chore/rust workflow vercel/next.js#30577)
• c03e284 make sure "webpack" exists in the repo for typings (make sure "webpack" exists in the repo for typings vercel/next.js#30371)
• c53eaac v12.0.2-canary.9
• 142af81 Relax warning for `next/image` loader width even more (Relax warning for next/image loader width even more vercel/next.js#30624)
• 842a130 Update to latest shell-quote (Update to latest shell-quote vercel/next.js#30621)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn