[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json
  • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: hexo

The new version differs by 250 commits.

• 1489074 release: 5.0.0 (fix: LSDV-5314: Persist collapse panel state HumanSignal/label-studio#4423)
• add6c00 chore(deps): update hexo-cli from 3.0.0 to 4.0.0 (docs: Add release notes for 2.4.8-1 HumanSignal/label-studio#4445)
• 8404b3c chore(deps): update hexo-front-matter from 1.0.0 to 2.0.0 (fix: LSDV-5340: Storage links creation for Remove duplicates HumanSignal/label-studio#4439)
• 562e97e Merge pull request docs: LSDV-5343: Docs for visibleWhen; remove FF_DEV_1372 HumanSignal/label-studio#4443 from curbengh/rexcerpt
• de63ab9 fix(excerpt): stricter regex
• 49ff2b2 refactor(meta_generator): no longer ignore empty head (Error when adding local source storage path HumanSignal/label-studio#4442)
• a29d609 perf(external_link): optimized regexp (Scroll only list of labels when labeling bboxes HumanSignal/label-studio#4440)
• 9076422 chore(deps): update hexo-util from 2.0.0 to 2.2.0 (A recipe directory and improved documentation with input/output examples for all tasks HumanSignal/label-studio#4438)
• 12c3536 perf(tag): rendering optimization (docs: Update logo to HumanSignal HumanSignal/label-studio#4418)
• f1eb90c perf(external_link): regexp & condition (fix: LSDV-4719: improve performance of project annotations HumanSignal/label-studio#4436)
• a34a7e2 merge(Update labeling.md - Remove Audio hotkeys HumanSignal/label-studio#4420): from SukkaW/tag-error-source
• 3a56d29 test(benchmark): optimize for local & render post support (fix: LSDV-4937: Label missing from outliner when multiple labels are selected HumanSignal/label-studio#4428)
• 850ffbc refactor(external_link): migrate config during load_config (#4414)
• 97cb698 feat(post_link): better error message for post not found (Cancel skip when Webhook is attached is raising error HumanSignal/label-studio#4426)
• b8b9d4a Update test case
• 2a92807 post_link should throw error if no slug/post found
• 821ef12 feat(tag): show source of the error & beautify
• 064daa4 test(mocha): run tests in parallel (chore: cherry-pick LSDV-5259 LSDV-5001 into lse-release/2.4.8 HumanSignal/label-studio#4374)
• 5b2808c merge(When I click the submit button, it will not automatically jump to the next image HumanSignal/label-studio#4422): from sukkaw/test-coverage-2
• 0b28f80 test: improve coverage
• 27684d0 fix(migrator): fix help message
• a8d918b test: improve coverage (label-studio sentry-cdn times out on airgapped computer HumanSignal/label-studio#4421)
• 89b2a9a perf(titlecase): lazy require (ci: SRE-542: Use org vars for Docker Hub HumanSignal/label-studio#4417)
• e3baad9 merge(ci: SRE-541: Local workflow call HumanSignal/label-studio#4416): from sukkaw/lazy-require

See the full diff

Package name: hexo-cli

The new version differs by 86 commits.

• 737b96e Merge pull request Playing wave form rendering scales overlay with play position in AudioPlus HumanSignal/label-studio#195 from curbengh/4.0.0
• d454da5 release: 4.0.0
• b8ecb86 chore: requires Node 10.13+
• 9dbfead chore(deps-dev): bump eslint from 7.4.0 to 7.5.0 (Tiff file extension as .tif is not detected HumanSignal/label-studio#221)
• 64a8ba6 merge(Require some input formats have label config HumanSignal/label-studio#223): from curbengh/gh-action
• 32da61c docs: add git submodule instruction
• 2db127e ci: add GitHub Actions
• 639662e chore(deps): bump hexo-util from 2.0.0 to 2.1.0 (Onboarding highlight HumanSignal/label-studio#196)
• 49a7252 chore(deps): bump hexo-fs from 3.0.1 to 3.1.0 (Keyboard Shortcuts HumanSignal/label-studio#201)
• 9ae7f2c chore(deps-dev): bump eslint from 7.2.0 to 7.4.0 (To Add supporting html and hocr format for ocr converted scanned images HumanSignal/label-studio#219)
• ceaf1fc chore(deps): bump acorn from 7.2.0 to 7.3.1 (3D-based annotations? HumanSignal/label-studio#210)
• c567236 chore(deps): [security] bump lodash from 4.17.14 to 4.17.19 (Docker Run Error about config file HumanSignal/label-studio#220)
• 4c7babf chore(deps): bump hexo-log from 1.0.0 to 2.0.0 (Labelling page does not work with HTTPS redirect HumanSignal/label-studio#217)
• 02e8273 chore(deps-dev): bump hexo-renderer-marked from 2.0.0 to 3.0.0 (fix vulnerability in docs HumanSignal/label-studio#216)
• 2b07acb fix(permission): caused by Input data fixes HumanSignal/label-studio#200 (Changing the label of an existing (image) annotation HumanSignal/label-studio#213)
• 7407649 chore(deps): bump chalk from 4.0.0 to 4.1.0 (Custom Hotkey for Submit HumanSignal/label-studio#208)
• 6506e26 chore(deps-dev): bump nyc from 15.0.1 to 15.1.0 (Loading Images from Local Directory Fails HumanSignal/label-studio#205)
• ce3ed5f chore(deps-dev): bump eslint from 7.0.0 to 7.2.0 (Fix typo HumanSignal/label-studio#207)
• b43f94a chore(deps): remove acorn (Video Classifier example in templates HumanSignal/label-studio#211)
• af92881 fix(init): init error with a number target project name (Input data fixes HumanSignal/label-studio#200)
• a6d44ce chore(deps-dev): bump mocha from 7.2.0 to 8.0.1 (Various fixes HumanSignal/label-studio#209)
• f518198 feat: detailed information for `hexo not found` (Docs max HumanSignal/label-studio#206)
• 1acb025 chore(deps-dev): bump mocha from 7.1.2 to 7.2.0 (Doesn't support python 3.8 because of Pillow HumanSignal/label-studio#203)
• 71debfb chore(deps): bump acorn from 7.1.1 to 7.2.0 (Fix misspell HumanSignal/label-studio#198)

See the full diff

Package name: hexo-renderer-marked

The new version differs by 76 commits.

• c742ef2 Merge pull request JSON import bugfix & speedup HumanSignal/label-studio#155 from curbengh/v3.0.0
• bfa348b release: 3.0.0
• 411bfd6 chore: requires Node 10+
• 2aaaba7 ci(travis): drop deprecated Node 13
• a2cf33e Merge pull request Fix/disabled ui HumanSignal/label-studio#152 from hexojs/dependabot/npm_and_yarn/mocha-8.0.1
• 27a9820 chore(deps-dev): bump mocha from 7.2.0 to 8.0.1
• 3f5c08f Merge pull request version bump HumanSignal/label-studio#154 from curbengh/fix-test
• b6dd143 test: fix failing test after deps update
• 75956a0 chore(deps): bump hexo-util from 1.9.0 to 2.1.0 (NPM ignore HumanSignal/label-studio#148)
• dc20bdb chore(deps-dev): bump eslint from 6.8.0 to 7.2.0 (Feature/pairwise comparison HumanSignal/label-studio#151)
• 54a2e8c ci(travis): drop Node 8 and add Node 14 (typo: selelectWithoutLabel HumanSignal/label-studio#146)
• 024f6d1 revert: feat: promisify (Multiple tasks in the same page HumanSignal/label-studio#145)
• f685924 chore(deps): bump marked from 0.8.2 to 1.0.0 (Release/0.3.0 alpha HumanSignal/label-studio#144)
• 40d8ca4 chore(deps-dev): bump mocha from 6.2.2 to 7.0.0 (disable editing, this is useful for read-only completions or predict… HumanSignal/label-studio#135)
• c8cc683 refactor: remove marked.setOptions.highlight (audio hotkey for play/pause HumanSignal/label-studio#134)
• 7c7f513 Merge pull request Grid view for completions and predictions HumanSignal/label-studio#133 from curbengh/marked-filter-docs
• 3877cb0 style: minor typo
• cc9be71 Merge pull request Connect your running models for prediction prelabeling, active learning and retraining HumanSignal/label-studio#127 from curbengh/modifyAnchors-type
• b8f4a3c docs: marked:renderer filter
• a93ebeb Merge pull request Release 0.2.2 HumanSignal/label-studio#132 from curbengh/async
• 2b85dd0 fix: register renderer in async mode
• 262324d test: remove extra async keyword
• f5ee328 chore(dev-deps): update eslint-config-hexo from 4.0 to 4.1
• a9afdd9 feat: promisify

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic