[Snyk] Fix for 18 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • client/package.json
  • client/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @testing-library/jest-dom

The new version differs by 17 commits.

• 7921e4a feat: Enhance toHaveStyle to accept JS as css (#196)
• 3b3a3d3 docs: add benmonro as a contributor (#195)
• a053cdd docs: add JPBlancoDB as a contributor (#194)
• 69aee34 docs: add koala-lava as a contributor (#193)
• 5f3f9c7 docs: add jzarzeckis as a contributor (#192)
• 0d60a25 docs: add MichaelDeBoey as a contributor (#191)
• c9a8664 chore: Update dependencies (#190)
• e4d61c2 fix: toBeVisible ignoring Details element (#184)
• d87dfee Simplify README code usage examples (#188)
• 030da62 fix: Add @ types/testing-library__jest-dom dependency (#189)
• d13bb90 docs: Tiny typo (#181)
• c919520 docs: Remove lines about using fireEvent to gain focus or blur (#187)
• 760409a Merge pull request #183 from testing-library/next
• d68ccd7 Add matchers module in the package root
• c76f8c5 Remove extend-expect typings (#182)
• 27c1056 Add jest extensions on main module (#175)
• 8e14dc1 docs: Update examples using document.querySelector (#168)

See the full diff

Package name: axios

The new version differs by 41 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: react-scripts

The new version differs by 238 commits.

• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (#11717)
• 657739f chore(test): make all tests install with `npm ci` (#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
• 69321b0 Remove cached lockfile (#11706)
• 3afbbc0 Update all dependencies (#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
• e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (#11686)
• c7627ce Update webpack and dev server (#11646)
• f85b064 The default port used by `serve` has changed (#11619)
• 544befe Update package.json (#11597)
• 9d0369b Fix ESLint Babel preset resolution (#11547)
• d7b23c8 test(create-react-app): assert for exit code (#10973)
• 1465357 Prepare 5.0.0 alpha release
• 3880ba6 Remove dependency pinning (#11474)
• 8b9fbee Update CODEOWNERS
• cacf590 Bump template dependency version (#11415)
• 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 (#11476)
• 50ea5ad allow CORS on webpack-dev-server (#11325)
• 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (#11338)
• 960b21e Bump immer from 8.0.4 to 9.0.6 (#11364)
• 134cd3c Resolve dependency issues in v5 alpha (#11294)
• b45ae3c Update CONTRIBUTING.md

See the full diff

Package name: validator

The new version differs by 182 commits.

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
• 45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
• 83cb7f8 chore: merge conflict clean-up
• f17e220 feat(isMobilePhone): add El Salvador es-SV locale
• 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
• a3faa83 feat(isMobilePhone): add Botswana en-BW locale
• 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
• 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
• f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
• 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
• ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
• c96d805 feat(isMobilePhone): add Maldives dv-MV locale
• 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
• fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (#1770)
• 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
• af2b43c feat(isUUID): add support for validation of version v1 and v2 (#1848)
• 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (#1836)
• f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (#1772)
• 5773869 feat(isVAT): add dutch NL locale (#1825)
• de1cb29 fix: Russian passport number regex (#1810)
• 7bee611 add CDN use option with unpkg (#1844)
• 57cc14e feat(isIdentityCard): add finnish locale (#1838)
• 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (#1837)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution 🦉 Prototype Pollution 🦉 Remote Code Execution (RCE)

[codecov-commenter]

Codecov Report

Merging #152 (2b67091) into develop (2c8ed29) will decrease coverage by 14.23%. The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop    #152       +/-   ##
===========================================
- Coverage    15.86%   1.62%   -14.24%     
===========================================
  Files           56      20       -36     
  Lines         1305     492      -813     
  Branches       227      66      -161     
===========================================
- Hits           207       8      -199     
+ Misses        1098     484      -614     

Flag	Coverage Δ
unittest	1.62% <ø> (-14.24%)	:arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
client/src/components/profile/editavatar.js
client/src/components/footer/footer.js
...ient/src/components/pagenotfound/page-not-found.js
client/src/components/vocab/vocab.js
client/src/components/private/private.js
client/src/services/auth.header.js
client/src/serviceWorker.js
client/src/components/navbar/navbar.js
client/src/components/contrib/profile-card.js
client/src/components/lobby/join-game.js
... and 26 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 2c8ed29...2b67091. Read the comment docs.

[codecov-commenter]

Codecov Report

Merging #152 (2b67091) into develop (2c8ed29) will decrease coverage by 0.13%. The diff coverage is n/a.

@@             Coverage Diff             @@
##           develop     #152      +/-   ##
===========================================
- Coverage    15.86%   15.72%   -0.14%     
===========================================
  Files           56       56              
  Lines         1305     1316      +11     
  Branches       227      238      +11     
===========================================
  Hits           207      207              
- Misses        1098     1109      +11     

Flag	Coverage Δ
unittest	15.72% <ø> (-0.14%)	:arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
client/src/components/vocab/ScrollTop.js	55.55% <0.00%> (-3.27%)	:arrow_down:
client/src/components/contrib/contrib.js	63.63% <0.00%> (-3.04%)	:arrow_down:
client/src/components/password/reset-password.js	38.63% <0.00%> (-0.90%)	:arrow_down:
client/src/components/login/login.js	29.33% <0.00%> (-0.81%)	:arrow_down:
client/src/components/profile/editprofile.js	7.27% <0.00%> (-0.14%)	:arrow_down:
client/src/components/profile/editavatar.js	1.51% <0.00%> (-0.03%)	:arrow_down:
client/src/serviceWorker.js	0.00% <0.00%> (ø)
client/src/services/auth.header.js	0.00% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 2c8ed29...2b67091. Read the comment docs.