[Snyk] Fix for 8 vulnerabilities

[vvvvvv1vvvvvv]

Snyk has created this PR to fix 8 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	****
	Denial of Service (DoS) SNYK-JS-WS-7266574	696
	Improper Restriction of Operations within the Bounds of a Memory Buffer SNYK-JS-SOLANAWEB3JS-6647564	589
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	472
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	462
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	432
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	372

---

[!IMPORTANT]

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF) 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Improper Input Validation

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ledgerhq/cryptoassets@11.4.1	None	0	59.6 MB	ldg-github-ci
npm/@ledgerhq/domain-service@1.2.3	None	0	142 kB	ldg-github-ci
npm/@ledgerhq/evm-tools@1.2.0	None	0	131 kB	ldg-github-ci
npm/@ledgerhq/hw-app-eth@6.35.5	None	0	1.99 MB	ldg-github-ci
npm/@ledgerhq/hw-transport-mocker@6.29.2	None	0	107 kB	ldg-github-ci
npm/@ledgerhq/hw-transport@6.31.2	None	0	132 kB	ldg-github-ci
npm/@ledgerhq/live-env@2.2.0	None	0	262 kB	ldg-github-ci
npm/@ledgerhq/types-live@6.50.0	None	0	372 kB	ldg-github-ci
npm/@trezor/connect-webextension@9.4.0	None	0	291 kB	trezor-ci
npm/fast-equals@5.0.1	None	0	303 kB	planttheidea
npm/history@5.3.0	environment	0	121 kB	mjackson
npm/memoize-one@5.2.1	None	0	21.8 kB	alexreardon
npm/patch-package@7.0.2	environment, filesystem	0	296 kB	ds300
npm/react-resize-detector@8.1.0	None	0	123 kB	maslianok
npm/react-router-dom@6.0.0	environment	0	151 kB	mjackson
npm/react-router@6.0.0	environment	0	429 kB	mjackson
npm/react-smooth@2.0.3	None	0	279 kB	ckifer
npm/recharts-scale@0.4.5	None	0	162 kB	arcthur
npm/recharts@2.7.1	None	0	4.7 MB	ckifer
npm/reduce-css-calc@2.1.8	None	0	144 kB	moox
npm/victory-vendor@36.6.11	None	0	406 kB	victory-ci

🚮 Removed packages: npm/@ledgerhq/cryptoassets@11.1.0, npm/@ledgerhq/domain-service@1.1.14, npm/@ledgerhq/evm-tools@1.0.10, npm/@ledgerhq/hw-app-eth@6.34.9, npm/@ledgerhq/hw-transport-mocker@6.27.20, npm/@ledgerhq/hw-transport@6.29.0, npm/@ledgerhq/live-env@0.6.1, npm/@ledgerhq/live-network@1.1.8, npm/@ledgerhq/live-promise@0.0.2, npm/@ledgerhq/types-live@6.42.0, npm/@trezor/connect-webextension@9.2.2, npm/history@4.10.1, npm/is-ci@2.0.0, npm/mini-create-react-context@0.4.1, npm/patch-package@6.4.7, npm/react-router-dom@5.2.0, npm/react-router@5.2.0, npm/resolve-pathname@3.0.0, npm/tiny-invariant@1.1.0, npm/tiny-warning@1.0.3, npm/value-equal@1.0.1

View full report↗︎