[Snyk] Fix for 8 vulnerabilities

[lilmoonlil]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-LIQUIDJS-2952868	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	User Interface (UI) Misrepresentation of Critical Information SNYK-JS-NEXT-2405694	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express

The new version differs by 30 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: qs@6.9.7
• a007863 deps: body-parser@1.19.2
• e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use minimatch@3.0.4 for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: supertest@6.2.2
• 43cc56e build: clean up gitignore
• 1c7bbcc build: Node.js@14.19
• 9cbbc8a deps: cookie@0.4.2
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: liquidjs

The new version differs by 250 commits.

• 9b9ef37 chore(release): 10.0.0 [skip ci]
• 5bbdc08 chore(deps): bump minimatch from 3.0.4 to 3.1.2
• 1380ac9 refactor: more consistent tags to make it easier to iterate over, link "markup reference guide" is broken or missing github/docs#524
• 4e1a30a refactor: `_evalToken` renamed to `evalToken`
• 9299268 refactor: Tag class support in registerTag()
• 1f6ce7c perf: target Node.js 14 for cjs bundle (main entry)
• 7eb6216 refactor: change `ownPropertyOnly` default value to `true`
• ffefd91 refactor: remove `toThenable` export
• b115077 refactor: remove use of internal `Context` class in `evalValue` argument
• bb58d3e refactor: delay creation of `operatorsTrie` and hide this implementation
• ff112a4 chore: rename filters to snake style, docs: add Protectator as a contributor github/docs#487
• 907c4de chore(release): 9.43.0 [skip ci]
• 7a71485 feat: support timezone offset argument for date filter, Update https-cloning-errors.md github/docs#553
• cd918cc chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /docs
• 8061e55 docs: fix tags sidebar translation
• 33e97db docs: update .all-contributorsrc [skip ci]
• 9cfc8fd docs: update README.md [skip ci]
• f62b210 docs: add echo and liquid tags Chinese translation (Incorrect type for labels parameter: "array of undefineds" github/docs#549)
• bf6b5c7 chore(release): 9.42.1 [skip ci]
• a58fe44 chore(deps): bump minimist and hexo-renderer-swig in /docs
• 99516cb chore(deps): bump semver-regex from 2.0.0 to 3.1.4
• 850ab0c chore(deps): bump ansi-regex from 3.0.0 to 3.0.1
• 33c7c8f docs: demo for using LiquidJS with webpack
• 32f613f fix: truncatewords should use at least one word, update github/docs#537

See the full diff

Package name: next

The new version differs by 250 commits.

• 8545fd1 v12.1.0
• 1605f30 v12.0.11-canary.21
• 69aedbd Fix typo (#34480)
• f0f322c Remove deprecation for relative URL usage in middlewares (#34461)
• d4d79b2 Fix chunk buffering for server components (#34474)
• 74fa4d4 update webpack (#34477)
• b70397e Revert "Allow reading request bodies in middlewares (#34294)" (#34479)
• 4202011 Update font-optimization test snapshot (#34478)
• 1edd851 Allow reading request bodies in middlewares (#34294)
• ba78437 fix: don't wrap `profile` in firebase example (#34457)
• f3c3810 Remove hello world RSC example. (#34456)
• 49da8c0 v12.0.11-canary.20
• 2264d35 Fix `.svg` image optimization with a `loader` prop (#34452)
• 59714db Update server-only changes HMR handling (#34298)
• d288d43 Update MDX Guide config example (#34405)
• 54dbeb3 update webpack (#34444)
• 9b38ffe Update 2.example_bug_report.yml
• 86aac3f Update 1.bug_report.yml
• 732b405 v12.0.11-canary.19
• 01524ef Revert swc css bump temporarily (#34440)
• 8a55612 Add image config for `dangerouslyAllowSVG` and `contentSecurityPolicy` (#34431)
• 9639fe7 Ensure we don't poll page in development when notFound: true is returned (#34352)
• 7e93a89 Update 2.example_bug_report.yml
• d88793d feat: improve opening a new issue flow (#34434)

See the full diff

Package name: pa11y-ci

The new version differs by 12 commits.

• efad302 Fix minimum node version in README
• 28f161a Version 3.0.0
• 52fd274 Fix error with absolute paths on Windows (Update "Securing Your Webhooks" to prefer X-Hub-Signature-Sha-256 header github/docs#82)
• 6b2d4f5 Replace chalk with kleur
• 4e5bc51 use https where possible
• 5c842cf Add support for reporters (GitHub App Guide typo github/docs#129)
• 40ba01a Replace make with npm scripts and update Node versions (Use operationId for #anchor tags of REST API endpoint titles github/docs#139)
• 1374cd7 Bump deps to match versions used by pa11y v6
• fb86a33 Update test matrix to LTS node (12, 14, 16)
• edabbeb Update package lock
• e5dbbc7 Replace chalk with kleur
• 96a3882 Chance concurrency and incognito mode defaults

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Remote Code Execution (RCE)