[Snyk] Security upgrade immer from 8.0.4 to 9.0.6

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/strapi-plugin-upload/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: immer

The new version differs by 46 commits.

• fa671e5 fix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
• 2e0aa95 Create SECURITY.md
• 050522d chore: fix CI. maybe.
• 1195510 docs: Update example-setstate.mdx (introduction of userObj #833)
• 648d39b docs: fixing link to RFC-6902 & fixing typo (Wysiwyg preview #830)
• bc890f7 docs: Update example-setstate.mdx (Fixes #828 #829)
• 16a3d0f chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website (Split project setup process #822)
• 847492c docs: Extended / updated documenation (Optimize the build process time #824)
• 7f41483 chore: [workflows] don't release from forks
• 3f9a94e chore: let's test before publish
• bfb8dec fix: release missing dist/ folder
• b314b19 chore: fix cpx usage
• a607d6c chore: Remove old shizzle
• 6fd5329 chore: fixes for deploy preview
• 144f886 chore: fix docs deployment attempt 3
• 38964fa chore: semantic-release + GH actions
• 06c6741 chore: fix docs deploy
• ad23da9 chore: fix test job
• b6d92f4 chore: publish docs automatically
• c59576a chore: setup GH action for test
• dc3f66c fix: Update styles.scss #807 new undefined properties should end up in result object
• 5412c9f fix: Field names can clash with API code, causing errors when creating records #791 return 'nothing' should produce undefined patch
• 58b74a6 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website (Wysiwyg #818)
• c9deb48 chore(deps): bump color-string from 1.5.4 to 1.5.5 in /website ((doc) fix collection name in many-to-many example #817)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[strapi-cla]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[codecov]

Codecov Report

Merging #10861 (755cbfd) into master (d91569c) will not change coverage.
The diff coverage is n/a.

❗ Current head 755cbfd differs from pull request most recent head 45ec235. Consider uploading reports for the commit 45ec235 to get more accurate results

@@           Coverage Diff           @@
##           master   #10861   +/-   ##
=======================================
  Coverage   58.12%   58.12%           
=======================================
  Files         185      185           
  Lines        6429     6429           
  Branches     1395     1395           
=======================================
  Hits         3737     3737           
  Misses       2230     2230           
  Partials      462      462           

Flag	Coverage Δ
front	?
unit	58.12% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d91569c...45ec235. Read the comment docs.