[Snyk] Fix for 12 vulnerabilities

[atherdon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | No | Proof of Concept  | **761/1000**
**Why?** Mature exploit, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-DICER-2311764](https://snyk.io/vuln/SNYK-JS-DICER-2311764) | Yes | Mature  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | No | No Known Exploit  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-INI-1048974](https://snyk.io/vuln/SNYK-JS-INI-1048974) | No | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASHSET-1320032](https://snyk.io/vuln/SNYK-JS-LODASHSET-1320032) | No | Proof of Concept  | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Prototype Pollution
[SNYK-JS-MINIMIST-2429795](https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795) | No | Proof of Concept  | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-MINIMIST-559764](https://snyk.io/vuln/SNYK-JS-MINIMIST-559764) | No | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Authorization Bypass Through User-Controlled Key
[SNYK-JS-PARSEPATH-2936439](https://snyk.io/vuln/SNYK-JS-PARSEPATH-2936439) | No | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF)
[SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | No | Proof of Concept  | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: graphql-yoga

The new version differs by 249 commits.

• 05a00ef Upcoming Release Changes (#1005)
• 0fa6f8d e2e deployment testing (#979)
• 144d1e9 Revert "chore: major bump test (#1007)" (#1008)
• af653b3 chore: major bump test (#1007)
• 9256319 Add false as possible config option to typings (#998)
• 9411e9a Recipe for other envs (#1004)
• a8b619b fix(node): make sure socket object is valid before configuring it (#1006)
• 1e6e2e6 chore: remove beta mode (#1001)
• a69fc6e chore: do not publish lambda example (#1003)
• e508968 chore: do not publish aws lambda example (#1002)
• af8f2a1 chore(release): update monorepo packages versions (beta) (#978)
• f8bce0b Docs for Context (#1000)
• 6d60ebf feat: add tabs (#997)
• 5b6f025 feat(yoga-cli): fallback to default schema and add mock parameter
• 391bc3c fix: apply masked errors last (#993)
• 0424fe3 Simpler Integration/Usage (#991)
• 3c82b57 feat(node): respect parsed request bodies (e.g. graphql-upload, aws lambda) (#971)
• 2b6916f Add missing content-type and data property for error responses (#990)
• ee2938f Simplify next-auth example and update next docs (#989)
• d60f79f fix(node): resolve sendNodeResponse correctly when stream has been finished (#981)
• 9f628e5 :sparkles: NEW: credentials on graphiql-yoga & some improvements (#980)
• 5bba860 docs: fix markdown link (#988)
• fd6ebf1 docs: update homepage wording (#987)
• d12f3d1 docs: change some wordings to be more engaging and less redundant (#985)

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
• 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
• 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
• 95631e7 test: migrate is-docker to jest
• babe22a test: migrate old-snyk-format to jest
• e22e94f feat: Snyk CLI is bundled with Webpack
• dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
• e7c314f Merge pull request #2178 from snyk/test/server-close
• 5e824c0 fix(protect): skip previously patched files
• ca2177a fix(protect): catch and log unexpected errors
• c9ddb44 chore(protect): move api url warnings to stderr
• e8fed38 refactor(protect): move stdout logs to top level
• 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
• 1522c5f test: server.close uses callbacks, not promises
• 13dce51 test: increase timeout for slow oauth test
• 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
• a1e3992 chore: don't run tests on master
• 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
• f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
• 1ed7d11 refactor: replace cc parser with split functions
• 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
• dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
• 7973015 fix: support quoted keys in inline tables
• 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/atherdon/project/c1e1a59c-263e-406a-90d2-5040c138cdf1?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/atherdon/project/c1e1a59c-263e-406a-90d2-5040c138cdf1?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"738c55b9-c26c-4c5e-916c-ddad780251ab","prPublicId":"738c55b9-c26c-4c5e-916c-ddad780251ab","dependencies":[{"name":"graphql-yoga","from":"1.18.3","to":"2.0.0"},{"name":"jest","from":"25.2.7","to":"27.0.0"},{"name":"snyk","from":"1.305.0","to":"1.685.0"}],"packageManager":"npm","projectPublicId":"c1e1a59c-263e-406a-90d2-5040c138cdf1","projectUrl":"https://app.snyk.io/org/atherdon/project/c1e1a59c-263e-406a-90d2-5040c138cdf1?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-DICER-2311764","SNYK-JS-GOT-2932019","SNYK-JS-INI-1048974","SNYK-JS-LODASHSET-1320032","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-PARSEPATH-2936439","SNYK-JS-REQUEST-3361831","SNYK-JS-SEMVER-3247795","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNSETVALUE-2400660"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-DICER-2311764","SNYK-JS-GOT-2932019","SNYK-JS-INI-1048974","SNYK-JS-LODASHSET-1320032","SNYK-JS-MINIMIST-2429795","SNYK-JS-MINIMIST-559764","SNYK-JS-PARSEPATH-2936439","SNYK-JS-REQUEST-3361831","SNYK-JS-SEMVER-3247795","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-UNSETVALUE-2400660"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,761,484,686,686,506,601,686,646,696,646,589],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Open Redirect](https://learn.snyk.io/lesson/open-redirect/?loc=fix-pr) 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)