[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-I18NEXT-1065979	Yes	No Known Exploit
	459/1000 Why? Has a fix available, CVSS 4.9	Buffer Overflow SNYK-JS-I18NEXT-575536	Yes	No Known Exploit
	561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8	Prototype Pollution SNYK-JS-I18NEXT-585930	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SEMANTICRELEASE-2866292	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: i18next

The new version differs by 162 commits.

• aeab3ca 19.8.5
• f58c423 new version
• 932f5f6 fix potential prototype pollution when backend plugin resolves a malicious language value
• 2dc8267 Merge pull request #1533 from pravi/update-rollup-plugin-babel
• dae2b32 chore: update build dependency (use @ rollup/plugin-babel)
• 4f9ef14 Merge pull request #1532 from pravi/update-node-resolve-plugin
• a90fb69 chore: update rollup and plugins
• ad88092 use fallbackLng as default lng
• ba564b3 19.8.4
• 1816290 prepare new release
• 1ed5a71 Updated FormatFunction signature to match codebase (#1520)
• 2516e89 Update config.yml
• 94dd384 Update config.yml
• 877e250 commit build result
• fa98508 Merge pull request #1518 from KristjanESPERANTO/patch-1
• 749519e Update URLs
• 03ef4ed 19.8.3
• ed6169f fix prototype pollution with constructor
• 5d808cd updated @ babel/runtime to ^7.12.0, runtime file extensions issue resolved (#1513)
• cb780ad 19.8.2
• d736006 allow nesting recursively with context (could theoretically generate infinite loop, prevented in #1480)
• 685aa0f 19.8.1
• b44f64c log optimizations for clone instances
• ba2613b 19.8.0

See the full diff

Package name: semantic-release

The new version differs by 60 commits.

• 58a226f fix(log-repo): use the original form of the repo url to remove the need to mask credentials (#2459)
• 17d60d3 build(deps): bump npm from 8.3.1 to 8.12.0 (#2447)
• ab45ab1 chore(lint): disabled rules that dont apply to this project (#2408)
• ea389c3 chore(deps): update dependency yargs-parser to 13.1.2 [security] (#2402)
• fa994db build(deps): bump node-fetch from 2.6.1 to 2.6.7 (#2399)
• b79116b build(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• 6fd7e56 build(deps): bump minimist from 1.2.5 to 1.2.6
• 2b94bb4 docs: update broken link to CI config recipes (#2378)
• b4bc191 docs: Correct circleci workflow (#2365)
• 2c30e26 Merge pull request #2333 from semantic-release/next
• 0eca144 fix(npm-plugin): upgraded to the stable version
• 8097afb fix(npm-plugin): upgraded to the latest beta version
• 95af1e4 Merge pull request #2332 from semantic-release/beta
• f634b8c fix(npm-plugin): upgraded to the beta, which upgrades npm to v8
• d9e5bc0 fix: upgrade `marked` to resolve ReDos vulnerability (#2330)
• dd7d664 docs: fix a broken link (#2318)
• cd6136d docs: wrong prerelease example (#2307)
• e62c83d docs: remove repeated 'with' word (#2289)
• 5d78fa4 docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)
• b64855f docs(badge): mentioned referencing the commit convention (#2269)
• 09bcf7a docs: update badges to include preset names (#2266)
• 8e96b23 docs(issue-templates): fixed links to templates for opening issues (#2264)
• 5535268 docs: fix typo (#2262)
• 7f971f3 fix: bump @ semantic-release/commit-analyzer to 9.0.2 (#2258)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn