[Snyk] Fix for 7 vulnerabilities

[sbarbeau-od]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/with-aws-amplify/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-amplify

The new version differs by 250 commits.

• 8bb1334 Publish
• 440f25e Bumping api-rest and api-graphql versions to match npm
• b4b40aa Merge pull request Could not freeze filename vercel/next.js#5243 from aws-amplify/modularization
• 9f2800d Revert from-package and use conventional commits for master in first release
• 6b1ef79 Force lerna to publish major version from the package.json in unstable and latest release
• 7fef140 Merge branch 'master' into modularization
• c04349b Revert modularization specific circile CI changes
• 4f3b285 Fix exporting the right amplify version
• 815eef4 Publish
• 4002776 Change new version of api-rest and api-graphql modules to 0.1
• a105664 chore(release): Publish [ci skip]
• 30e4c29 Preparing release
• 21a00b4 Upgrade aws-sdk beta clients (Cannot compile code of with-redux-saga example vercel/next.js#5234)
• 31a273e Merge branch 'master' into modularization
• 71044ae fix builds that were broken by new terser 4.6.8 version (next@7 + graphql@0.13.2 prevent React from initialize vercel/next.js#5233)
• 2925d5b Fix unit tests following merge from master
• e201cfd Merge branch 'modularization-Amplifiyer' into modularization
• 082af2d Merge branch 'master' into modularization-Amplifiyer
• d630c34 Added clientMetadata to sendMFACode ( Cannot set property 'toJSON' of undefined when using react-i18next example vercel/next.js#5145)
• 2a7fd81 Upgrade aws-sdk clients from alpha to beta (nextjs 7 TypeError: [BABEL]... vercel/next.js#5209)
• 23d8d41 Export UsernameAttributes enum (Create duplicate services when using PM2 with next.js vercel/next.js#5197)
• fe6aaf6 Fix unit tests as per expiration type change
• 210410f Merge branch 'modularization' into modularization-Amplifiyer
• 047b5a7 Update expiration type to Date as per change in aws-sdk

See the full diff

Package name: immer

The new version differs by 250 commits.

• fa671e5 fix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
• 2e0aa95 Create SECURITY.md
• 050522d chore: fix CI. maybe.
• 1195510 docs: Update example-setstate.mdx (Update babel-generator to version 6.22.0 🚀 vercel/next.js#833)
• 648d39b docs: fixing link to RFC-6902 & fixing typo (Add right link markup vercel/next.js#830)
• bc890f7 docs: Update example-setstate.mdx (Make sure lastAppProps always have some value. vercel/next.js#829)
• 16a3d0f chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website (potential extraneous div surrounding #__next vercel/next.js#822)
• 847492c docs: Extended / updated documenation (Don't overwrite the ignored option on Windows vercel/next.js#824)
• 7f41483 chore: [workflows] don't release from forks
• 3f9a94e chore: let's test before publish
• bfb8dec fix: release missing dist/ folder
• b314b19 chore: fix cpx usage
• a607d6c chore: Remove old shizzle
• 6fd5329 chore: fixes for deploy preview
• 144f886 chore: fix docs deployment attempt 3
• 38964fa chore: semantic-release + GH actions
• 06c6741 chore: fix docs deploy
• ad23da9 chore: fix test job
• b6d92f4 chore: publish docs automatically
• c59576a chore: setup GH action for test
• dc3f66c fix: A bad HTTP response code (404) was received when fetching the script vercel/next.js#807 new undefined properties should end up in result object
• 5412c9f fix: Hot-reloading of custom servers vercel/next.js#791 return 'nothing' should produce undefined patch
• 58b74a6 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website (Check write-access on prototype. vercel/next.js#818)
• c9deb48 chore(deps): bump color-string from 1.5.4 to 1.5.5 in /website (Update styled-jsx to version 0.4.4 🚀 vercel/next.js#817)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn