[Snyk] Fix for 1 vulnerabilities

[gbarba]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/botonic-plugin-contentful/package.json
  • packages/botonic-plugin-contentful/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: contentful

The new version differs by 250 commits.

• d497590 Merge pull request Full stack/refactor internal session vars - adapt frontend code to botState data model #1967 from contentful/chore/bump-axios-1.x
• 0c420a5 Merge branch 'master' into chore/bump-axios-1.x
• 5462ba0 build(deps): bump type-fest from 4.0.0 to 4.1.0 (feat(react): refactor to allow hostId to be changed at runtime #1976)
• f7386ab build(deps-dev): bump core-js from 3.31.1 to 3.32.0 (feat(core): Add plugins as an argument in pre and post calls of a plugin #1975)
• 0e6f33f build(deps-dev): bump eslint-config-prettier from 8.8.0 to 8.9.0 ([Snyk] Upgrade contentful-management from 7.39.0 to 7.41.0 #1974)
• 09af8f4 chore: increase max bundle size
• c48c5a9 all scripts working as expected
• 8caf835 feat: bump axios 1.x [NONE]
• 198333a build(deps-dev): bump tslib from 2.6.0 to 2.6.1 ([Snyk] Upgrade axios from 0.21.3 to 0.21.4 #1971)
• 570804d build(deps): bump contentful-sdk-core from 7.1.0 to 8.1.0 (fix(react): add mouse wheel event to scrollable content #1968)
• 0c33234 build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (Full stack/refactor internal session vars - adapt backend code to botState data model #1966)
• 857d04a build(deps-dev): bump webpack from 5.88.1 to 5.88.2 (Change DialogFlow query language #1965)
• 31316a5 build(deps): bump type-fest from 3.13.0 to 4.0.0 (chore(deps): bump ws from 7.5.4 to 8.2.3 #1962)
• fc966fa Merge pull request [Snyk] Upgrade axios from 0.21.3 to 0.21.4 #1949 from contentful/fix/validation-message-null-type
• e653e6a fix: allow null type for validation message
• c12397b build(deps-dev): bump nodemon from 2.0.22 to 3.0.1 (chore(deps): bump @babel/plugin-transform-runtime from 7.15.0 to 7.15.8 #1960)
• bd7e8ff build(deps): bump type-fest from 3.12.0 to 3.13.0 (chore(deps): bump typescript from 4.3.4 to 4.4.4 #1959)
• 53cc6b4 build(deps): bump tough-cookie from 4.0.0 to 4.1.3 (chore(deps): bump contentful from 8.5.8 to 9.1.3 #1958)
• a859a3e build(deps-dev): bump core-js from 3.31.0 to 3.31.1 (chore(deps): bump bufferutil from 4.0.3 to 4.0.5 #1957)
• 62d476b build(deps-dev): bump semantic-release from 21.0.6 to 21.0.7 (I think whether there is a scroll bar that needs to be made configurable #1954)
• c45fcff fix: downgrade browseslist to support old browsers [PHX-2717] (Full stack/refactor internal session vars - preparation: move files to be changed into experimental #1948)
• 03883b4 build(deps-dev): bump ts-loader from 9.4.3 to 9.4.4 ([Snyk] Upgrade csv-parse from 4.16.0 to 4.16.3 #1952)
• 9c9edd4 build(deps-dev): bump semantic-release from 21.0.5 to 21.0.6 ([Snyk] Upgrade @babel/runtime from 7.14.8 to 7.15.4 #1950)
• bd3a5ec build(deps-dev): bump webpack from 5.88.0 to 5.88.1 ([Snyk] Upgrade contentful-import from 8.1.25 to 8.2.9 #1951)

See the full diff

Package name: contentful-import

The new version differs by 84 commits.

• b1a2114 build(deps): bump contentful-management from 7.45.7 to 10.14.0
• f4c25aa build(deps-dev): bump eslint-plugin-import from 2.25.3 to 2.26.0
• 41aaa02 build(deps-dev): bump jest from 27.4.3 to 29.0.3
• bc72fd9 build(deps): bump yargs from 17.3.0 to 17.5.1
• 4f70f7d build(deps-dev): bump @ babel/core from 7.16.0 to 7.19.1
• 80191f7 build(deps): bump joi from 17.5.0 to 17.6.0
• fff3bc7 build(deps-dev): bump eslint-plugin-promise from 5.2.0 to 6.0.1
• 34cdb83 build(deps): bump semver-regex from 3.1.3 to 3.1.4
• 8b265f6 build(deps): bump minimist from 1.2.5 to 1.2.6
• fd3a605 build(deps): bump node-fetch from 2.6.6 to 2.6.7
• c85181c build(deps): bump follow-redirects from 1.14.6 to 1.15.2
• 119dec5 build(deps-dev): bump semantic-release from 18.0.1 to 19.0.5
• e6e32ba build(deps-dev): bump @ babel/cli from 7.16.0 to 7.18.10
• 5d21cc4 build(deps-dev): bump @ babel/preset-env from 7.18.2 to 7.19.1
• f8644f1 build(deps-dev): bump eslint-plugin-jest from 25.3.0 to 27.0.4
• 08ec601 build(deps-dev): bump babel-jest from 27.4.2 to 29.0.3
• 0aefcaf build(deps): bump contentful-batch-libs from 9.4.1 to 9.4.2
• 1dd9dcd build(deps): bump date-fns from 2.28.0 to 2.29.3
• 7caec1c build(deps-dev): bump husky from 4.3.8 to 8.0.1
• 3754714 fix: Merge pull request chore(deps): bump aws-sdk from 2.628.0 to 2.630.0 #605 from ToppleTheNun/update-contentful-batch-libs
• 216c9b8 chore(deps): update contentful-batch-libs to v9.4.1
• 00f3570 Merge pull request Contentful/csv export #604 from Brad-Turner/feat/add-babel-preset-env
• a18afd3 Merge pull request feat(core): add handoff options for shadowing, cancelHandoff and deleteUser #603 from Brad-Turner/fix/x-platform-unit-tests
• 1f12529 chore(build): add babel preset-env

See the full diff

Package name: contentful-management

The new version differs by 250 commits.

• 8280588 feat(deliveryFunctions): Allow CCA to upload delivery functions [MONET-1336] (chore(deps): bump node-json-db from 1.3.0 to 1.4.1 #1926)
• 48fdbe1 Upgrade to webpack 5 (chore(deps): bump @vendia/serverless-express from 4.3.9 to 4.3.11 #1896)
• 357683d build(deps-dev): bump eslint-config-prettier from 8.10.0 to 9.0.0 (chore(deps): bump d3 from 6.7.0 to 7.0.4 #1914)
• 57d5d82 build(deps-dev): bump @ types/node from 20.4.6 to 20.4.8 (chore(deps): bump @types/jest from 26.0.23 to 27.0.2 #1915)
• f35be80 build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.28.0 (chore(deps): bump @tensorflow/tfjs from 2.8.6 to 3.9.0 #1908)
• e436087 build(deps-dev): bump eslint-config-prettier from 8.9.0 to 8.10.0 (chore(deps): bump css-loader from 5.2.7 to 6.3.0 #1912)
• 8ec45ff build(deps-dev): bump @ types/sinon from 10.0.15 to 10.0.16 (chore(deps-dev): bump contentful-cli from 1.8.22 to 1.9.20 #1910)
• c8f57f9 build(deps-dev): bump @ types/node from 20.4.5 to 20.4.6 (chore(deps): bump @types/node from 15.12.1 to 16.10.1 #1911)
• 03c9f40 chore: bump axios to 1.x [PHX-2741] (chore(deps): bump contentful-management from 7.31.0 to 7.39.0 #1892)
• 5dc5151 build(deps-dev): bump eslint from 8.45.0 to 8.46.0 (chore(deps): bump @aws-sdk/client-cloudfront from 3.27.0 to 3.34.0 #1907)
• a2d1887 build(deps-dev): bump eslint-config-prettier from 8.8.0 to 8.9.0 ([Snyk] Upgrade contentful-import from 8.1.25 to 8.2.1 #1904)
• 50e32a0 build(deps-dev): bump @ babel/node from 7.22.5 to 7.22.6 ([Snyk] Upgrade csv-parse from 4.16.0 to 4.16.2 #1905)
• 63cf962 build(deps-dev): bump @ babel/eslint-parser from 7.22.5 to 7.22.9 (Contentful: custom content model #1900)
• 977b159 build(deps-dev): bump @ babel/core from 7.22.5 to 7.22.9 (ci: configure pre-commit workflow #PLA-695 #1888)
• 4bd26f2 build(deps-dev): bump @ types/lodash from 4.14.192 to 4.14.196 ([Snyk] Upgrade contentful-management from 7.31.0 to 7.36.0 #1902)
• e3c9748 build(deps-dev): bump nodemon from 2.0.22 to 3.0.1 ([Snyk] Upgrade contentful from 8.4.2 to 8.5.0 #1903)
• 3b81cdf build(deps-dev): bump @ types/node from 20.4.2 to 20.4.5 ([Snyk] Upgrade react-router-dom from 5.2.0 to 5.2.1 #1901)
• 9e12887 build(deps-dev): bump webpack-bundle-analyzer from 4.8.0 to 4.9.0 (Feat/add payload to non message top content type #BOT-573 #1887)
• d34a771 build(deps): bump type-fest from 3.12.0 to 4.0.0 (chore(deps): bump prettier from 2.2.1 to 2.4.1 #1897)
• 62d0ae9 build(deps-dev): bump @ babel/cli from 7.22.5 to 7.22.9 (chore(deps): bump natural from 2.4.5 to 5.1.1 #1895)
• 784120b build(deps-dev): bump @ types/node from 20.3.3 to 20.4.2 (chore(deps): bump csv-parse from 4.16.0 to 4.16.3 #1893)
• 51fcbb6 build(deps-dev): bump mocha-junit-reporter from 2.2.0 to 2.2.1 (chore(deps): bump xlsx from 0.17.1 to 0.17.2 #1891)
• c65b1f2 build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (chore(deps-dev): bump @types/marked from 2.0.4 to 3.0.1 #1890)
• 43d70b4 build(deps-dev): bump @ typescript-eslint/parser from 5.60.1 to 5.62.0 ([Snyk] Upgrade tslib from 2.3.0 to 2.3.1 #1885)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)