[Snyk] Fix for 28 vulnerabilities

[kissofire]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	608/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBY-5671647	Yes	Proof of Concept
	608/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBYCLI-5671903	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBYPLUGINSHARP-5425803	Yes	No Known Exploit
	608/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBYPLUGINSHARP-5671648	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Arbitrary Code Injection SNYK-JS-GATSBYTRANSFORMERREMARK-3228581	Yes	Proof of Concept
	608/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBYTRANSFORMERREMARK-5671901	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	Yes	No Known Exploit
	684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	No	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (readline: numeric strings converted to integers in cursorTo nodejs/node#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (async_hooks: fix Promises with later enabled hooks nodejs/node#13242)
• 401a687 Chore: fix rules list for prereleases (. nodejs/node#13230)
• 4ef6158 Breaking: espree@7.0.0 (doc: fix doc styles nodejs/node#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (small question about cluster. SCHED_RR nodejs/node#13267)
• 356fdb4 Docs: add migration guide (test: add hasCrypto check to test-cli-node-options nodejs/node#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs net: refactor onSlaveClose in Server.close nodejs/node#12334) (test: shorten test-benchmark-http nodejs/node#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes test: favor deepStrictEqual over deepEqual nodejs/node#12883) (tracking issue: full VS2017 support nodejs/node#13052)
• 2ce6bed Chore: added tests for nested arrays (doc: don't use useless constructors in stream.md nodejs/node#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs net: refactor onSlaveClose in Server.close nodejs/node#12334) (async_hooks: implement C++ embedder API nodejs/node#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes src: correct endif comment SRC_NODE_API_H__ nodejs/node#13190) (src: add comment for TicketKeyCallback nodejs/node#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (zlib: expose amount of data read for compression/decompression nodejs/node#12939)
• 3eeae56 Upgrade: some (dev) deps (events: improve performance for emit(), on(), and listeners() nodejs/node#13155)
• 6b7030b Chore: Run tests on Node.js v14 (Date parse behavior change in node-v8 ? nodejs/node#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (What does SecureContext::EnableTicketKeyCallback do? nodejs/node#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs net: refactor onSlaveClose in Server.close nodejs/node#12334) (test: refactor event-emitter-check-listener-leaks nodejs/node#13164)
• 56d2bee Docs: fix typos (write EPIPE nodejs/node#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (gdljuigu nodejs/node#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (OpenSSL 1.0.2l this week nodejs/node#13161)

See the full diff

Package name: gatsby

The new version differs by 250 commits.

• 0c6cd61 chore(release): Publish
• 5e8e621 chore: Update main README (module: ESM loader approach nodejs/node#36954)
• 7130cd4 test(gatsby): Slices API integration tests (Running JS linter... never completes nodejs/node#36747)
• 6496eed chore(release): Publish next
• bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (deps: update ICU to 68.2 nodejs/node#36980)
• 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
• cc1ee9b chore(release): Publish next
• 6a53861 chore(gatsby-link): Correct type export (Import are case insensitive in window 10 nodejs/node#36968)
• 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (test: fixup flaky test-crypto-x509 on windows nodejs/node#36966)
• 964265c chore(release): Publish next
• b624442 chore: Update peerDeps (#36965)
• b2ab092 chore(release): Publish next
• e2a14bf feat(gatsby): Slices <> partial hydration interop (doc: remove pull-requests.md preamble nodejs/node#36960)
• 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (Add CodeQL security analysis to GitHub Actions workflows nodejs/node#36957)
• 68e9cab chore(changelogs): update changelogs (Math.min NOT work with 123021 numbers nodejs/node#36958)
• b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (doc: add miladfarca to collaborators nodejs/node#36934)
• 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (test: skip internet for test-npm-install nodejs/node#36933)
• a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal ([v14.x Backport] http: don't cork noop .end() nodejs/node#36940)
• c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (module: deprecate "main" index and extension lookups nodejs/node#36918)
• d5c775a feat(gatsby): handle graphql-import-node bundling (doc: add iansu to collaborators nodejs/node#36951)
• 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
• c8a7dda chore(docs): Valhalla Content Hub Reference Guide (events.once creates an error listener that is not removed on abort. nodejs/node#36949)
• 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (test: improve coverage for Module getters nodejs/node#36950)
• 10abdcb chore(release): Publish next

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (doc: fixes ESM/CJS wrapper example nodejs/node#34853) (Diagnostic report does not report javascriptStack - making it essentially useless nodejs/node#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (net: replace usage of internal stream state with public api nodejs/node#34885) (src,doc: fix grammar due to missing 'is' nodejs/node#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (Pipeline error causing stream nodejs/node#34842) (http: remove usage of internal stream state from _http_server nodejs/node#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (https/http2: random crashes on macOS with simple server nodejs/node#34854) (meta: enable wasi for CODEOWNERS nodejs/node#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (Potential Regression/Change: Connection doesn't reset on HEAD nodejs/node#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (Windows: child_process.spawn leaving orphaned processes around when running processes in an sh shell nodejs/node#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (doc: improve async_hooks snippets nodejs/node#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (build: run link checker in linter workflow nodejs/node#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (test: fix test-cluster-net-listen-relative-path.js to run in / nodejs/node#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (doc: adopt Microsoft Style Guide officially nodejs/node#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (Build structure for OSS-Fuzz integration nodejs/node#34761)
• 21ef185 chore(changelogs): update changelogs (TakeSnapshot takes too long nodejs/node#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (test,n-api: delete strong ref w/o unrefing first nodejs/node#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (HTTP Parser issues with newline \n nodejs/node#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (doc: move module core module doc to separate page nodejs/node#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (net: validate custom lookup() output nodejs/node#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (doc: broken links in doc/guides/commit-queue.md nodejs/node#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (Option to hide "Debugger attached" console log on connected debugger nodejs/node#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (test: move test-inspector-already-activated-cli to parallel nodejs/node#34755)
• 7b958f9 docs: update typo Forestry (Add the option to leave the last stream open to Stream.pipeline, similar to the end opton on pipe nodejs/node#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (why V8 platform symbol not exported nodejs/node#34790)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• ceb5527 chore(release): Publish
• 5bd48a5 chore(docs): update algolia guide (v10.24.1 proposal nodejs/node#38085)
• 89a3232 chore(gatsby-source-contentful): Fix docs pageLimit default value (v14.16.1 proposal nodejs/node#38082)
• 7501d18 chore(docs): Typo in v4 to v5 migration guide (Add the ability to wire-up listeners before starting a child process nodejs/node#38081)
• cbc0b35 feat(create-gatsby): Add Tailwind as a styling choice (fs: introduce readJSON functions nodejs/node#37944)
• 768581f chore(changelogs): update changelogs (async_hooks: fatalError(e) function checking error Object nodejs/node#38077)
• 9284520 fix(deps): update starters and examples gatsby packages to ^5.9.1 (#38073)
• 22394b9 fix(deps): update e2e tests (major) (test: skip test-hash-seed on armv6 and armv7 nodejs/node#38071)
• 9bb9037 chore(deps): update starters and examples (src: remove KeyObjectData::CreateSecret overload nodejs/node#38067)
• ed5855e fix(gatsby): don't serve codeframes for files outside of compilation (test: fix flaky test-hash-seed nodejs/node#38059)
• 4cd23bf chore(release): Publish next
• dfdeed4 fix(gatsby-source-drupal): add image cdn support for `files` type and `typePrefix` (Small contributing.md change nodejs/node#38057)
• e5e2bb7 fix(gatsby-source-drupal): find mimetype field (Make docs more welcoming and descriptive for newcomers nodejs/node#38056)
• 38fae7a chore(docs): Improve wording in main tutorial part 6 (test: fix flaky test-vm-memleak nodejs/node#38054)
• a9c54f7 chore(release): Publish next
• d611439 fix(deps): update minor and patch dependencies for gatsby-source-graphql (module: add --package flag for implicit config testing nodejs/node#38028)
• 213d8b0 fix(deps): update minor and patch dependencies for gatsby-plugin-mdx (test: fix test-tls-no-sslv3 for OpenSSL 3 nodejs/node#38027)
• 272dacd fix(gatsby): handle cyclic chunkgroup children (test: improve code coverage in webcrypto API nodejs/node#38052)
• a83ed19 fix(deps): update minor and patch dependencies for gatsby (Backport node v15 Apple Silicon support to v14.x nodejs/node#38005)
• d7cccfe fix(deps): update dependency sharp to ^0.32.1 (src: fix typos in crypto comments nodejs/node#38024)
• 2d2b7c2 chore: Fix dirty lock file
• 1a4b234 chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.18 for gatsby-legacy-polyfills (Worker exits with code 0 (and not 7) when throwing inside uncaughtException nodejs/node#37996)
• ccecd9d chore(deps): update dependency rimraf to v5 for gatsby-page-utils (doc: incorrect readline.question promisify example  nodejs/node#38039)
• 94099a9 chore(deps): update dependency rimraf to v5 for gatsby-plugin-utils (local fatal error for test/js-native-api/test_object/test.js nodejs/node#38040)

See the full diff

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• ceb5527 chore(release): Publish
• 5bd48a5 chore(docs): update algolia guide (v10.24.1 proposal nodejs/node#38085)
• 89a3232 chore(gatsby-source-contentful): Fix docs pageLimit default value (v14.16.1 proposal nodejs/node#38082)
• 7501d18 chore(docs): Typo in v4 to v5 migration guide (Add the ability to wire-up listeners before starting a child process nodejs/node#38081)
• cbc0b35 feat(create-gatsby): Add Tailwind as a styling choice (fs: introduce readJSON functions nodejs/node#37944)
• 768581f chore(changelogs): update changelogs (async_hooks: fatalError(e) function checking error Object nodejs/node#38077)
• 9284520 fix(deps): update starters and examples gatsby packages to ^5.9.1 (#38073)
• 22394b9 fix(deps): update e2e tests (major) (test: skip test-hash-seed on armv6 and armv7 nodejs/node#38071)
• 9bb9037 chore(deps): update starters and examples (src: remove KeyObjectData::CreateSecret overload nodejs/node#38067)
• ed5855e fix(gatsby): don't serve codeframes for files outside of compilation (test: fix flaky test-hash-seed nodejs/node#38059)
• 4cd23bf chore(release): Publish next
• dfdeed4 fix(gatsby-source-drupal): add image cdn support for `files` type and `typePrefix` (Small contributing.md change nodejs/node#38057)
• e5e2bb7 fix(gatsby-source-drupal): find mimetype field (Make docs more welcoming and descriptive for newcomers nodejs/node#38056)
• 38fae7a chore(docs): Improve wording in main tutorial part 6 (test: fix flaky test-vm-memleak nodejs/node#38054)
• a9c54f7 chore(release): Publish next
• d611439 fix(deps): update minor and patch dependencies for gatsby-source-graphql (module: add --package flag for implicit config testing nodejs/node#38028)
• 213d8b0 fix(deps): update minor and patch dependencies for gatsby-plugin-mdx (test: fix test-tls-no-sslv3 for OpenSSL 3 nodejs/node#38027)
• 272dacd fix(gatsby): handle cyclic chunkgroup children (test: improve code coverage in webcrypto API nodejs/node#38052)
• a83ed19 fix(deps): update minor and patch dependencies for gatsby (Backport node v15 Apple Silicon support to v14.x nodejs/node#38005)
• d7cccfe fix(deps): update dependency sharp to ^0.32.1 (src: fix typos in crypto comments nodejs/node#38024)
• 2d2b7c2 chore: Fix dirty lock file
• 1a4b234 chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.18 for gatsby-legacy-polyfills (Worker exits with code 0 (and not 7) when throwing inside uncaughtException nodejs/node#37996)
• ccecd9d chore(deps): update dependency rimraf to v5 for gatsby-page-utils (doc: incorrect readline.question promisify example  nodejs/node#38039)
• 94099a9 chore(deps): update dependency rimraf to v5 for gatsby-plugin-utils (local fatal error for test/js-native-api/test_object/test.js nodejs/node#38040)

See the full diff

Package name: prismjs

The new version differs by 250 commits.

• 703881e 1.27.0
• 7ac1373 Updated changelog for v1.27.0 (http: fix stalled pipeline bug nodejs/node#3342)
• e002e78 Command Line: Escape markup in command line output (Unhandled thrown error in cluster module: nodejs/node#3341)
• 13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (test: remove util from test-repl-setprompt nodejs/node#3338)
• f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (doc: show keylen in pbkdf2 as a byte length nodejs/node#3334)
• 9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (not a issue but a question: how many uv-loop in one node.js process?  nodejs/node#3333)
• 3fcca6b Bump pathval from 1.1.0 to 1.1.1 (lib: fix undefined timeout regression nodejs/node#3331)
• 1784b17 Command Line: Add support for line continuation and improved colors (Required json file is not removed from cache, even after a re-install nodejs/node#3326)
• f545843 ESLint: Allow `Map` and `Set` in ES5 code (SIGINT hardcoded to Ctrl+C? nodejs/node#3328)
• d6c5372 PureBasic: Added missing keyword and fixed constants ending with `$` (doc: replace node-gyp link with nodejs/node-gyp nodejs/node#3320)
• 82d0ca1 Command Line: Added span around command and output (curl: (55) Send failure: Broken pipe error nodejs/node#3312)
• 2cc4660 Core: Added better error message for missing grammars (Investigate flaky test test-fs-symlink nodejs/node#3311)
• 3f8cc5a Added UO Razor Script (test: update test-npm to use absolute paths for tmp/cache/prefix nodejs/node#3309)
• bcb2e2c AutoIt: Allow hyphen in directive (test: update test-npm to work with npm 3 nodejs/node#3308)
• deb3a97 INI: Swap out `header` for `section` (test: remove util properties from common nodejs/node#3304)
• e46501b editorconfig: Change alias of `section` from `keyword` to `selector` (net: don't throw on bytesWritten access nodejs/node#3305)
• 2eb89e1 Swap out `operator` for `punctuation` (Node Debugger Should Make IP Address Configurable nodejs/node#3306)
• 3a20bdc Bump node-fetch from 2.6.1 to 3.1.1 (Expose up-to-date list of builtin modules nodejs/node#3307)
• 081d515 Bump copy-props from 2.0.4 to 2.0.5 (stream: avoid unnecessary concat of a single buffer. nodejs/node#3300)
• b90e97c Bump follow-redirects from 1.13.1 to 1.14.7 (deps: upgrade LTS to npm 2.14.7 nodejs/node#3299)
• 8458c41 MongoDB: Added v5 support (.parent and .offset of Buffer and SlowBuffer .prototype throw an exception when accessed nodejs/node#3297)
• 441a142 Scala: Added support for interpolated strings (Debug mode tests nodejs/node#3293)
• 0b6b1e2 1.26.0
• 3ae61a8 Updated changelog for v1.26.0 (Proposal: crypto: Make the digest parameter required for pbkdf2. nodejs/node#3292)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Information Exposure
🦉 Arbitrary Code Injection
🦉 More lessons are available in Snyk Learn

---

This change is