[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • front/package.json
  • front/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nivo/core

The new version differs by 250 commits.

• 56db9cb v0.81.0
• 6d94660 fix: Relax constraints on `@ react-spring/web` (#2280)
• f987fa6 Bugfix/website/bar add legends fix (#2282)
• 408d46f Add mouse events to line slices
• 4240e36 bugfix: fix CustomLayerProps lineGenerator type by removing unnecessary Array type
• aacd7ed chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1
• 62ded37 fix(jest): update jest config for d3-color
• 0224904 chore(deps): bump d3-color from 2.0.0 to 3.1.0
• 3c2d615 chore(deps): bump loader-utils from 1.4.0 to 1.4.2
• fdc9ab1 chore(deps): bump qs from 6.5.2 to 6.5.3
• 7d802cc chore(deps): bump ua-parser-js from 0.7.31 to 0.7.33
• b35ef90 Run lint
• 0cdfedf Check if ResizeObserver is defined instead of checking window object
• 1d8dcf4 chore(deps): bump socket.io-parser from 4.0.4 to 4.0.5
• c6f2e92 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2
• 4bb3a06 chore(deps): bump express from 4.17.1 to 4.17.3
• c2ef241 chore(deps): bump json5 from 1.0.1 to 1.0.2
• 91a775f chore(deps): bump luxon from 1.28.0 to 1.28.1
• 3e639a2 fix(website): minor docs fix for specifying color (#2139)
• e1d8555 fix(website): remove orient prop from axisBottom and axisLeft
• 4ccb8df fix(canvas): fix getRelativeCursor for non SVG implementations
• df352b8 v0.80.0
• fb6cc9f chore(deps): update yarn.lock
• 95a81d5 fix(bar): align d3-shape version with other packages (#2076)

See the full diff

Package name: @nivo/line

The new version differs by 250 commits.

• 56db9cb v0.81.0
• 6d94660 fix: Relax constraints on `@ react-spring/web` (#2280)
• f987fa6 Bugfix/website/bar add legends fix (#2282)
• 408d46f Add mouse events to line slices
• 4240e36 bugfix: fix CustomLayerProps lineGenerator type by removing unnecessary Array type
• aacd7ed chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1
• 62ded37 fix(jest): update jest config for d3-color
• 0224904 chore(deps): bump d3-color from 2.0.0 to 3.1.0
• 3c2d615 chore(deps): bump loader-utils from 1.4.0 to 1.4.2
• fdc9ab1 chore(deps): bump qs from 6.5.2 to 6.5.3
• 7d802cc chore(deps): bump ua-parser-js from 0.7.31 to 0.7.33
• b35ef90 Run lint
• 0cdfedf Check if ResizeObserver is defined instead of checking window object
• 1d8dcf4 chore(deps): bump socket.io-parser from 4.0.4 to 4.0.5
• c6f2e92 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2
• 4bb3a06 chore(deps): bump express from 4.17.1 to 4.17.3
• c2ef241 chore(deps): bump json5 from 1.0.1 to 1.0.2
• 91a775f chore(deps): bump luxon from 1.28.0 to 1.28.1
• 3e639a2 fix(website): minor docs fix for specifying color (#2139)
• e1d8555 fix(website): remove orient prop from axisBottom and axisLeft
• 4ccb8df fix(canvas): fix getRelativeCursor for non SVG implementations
• df352b8 v0.80.0
• fb6cc9f chore(deps): update yarn.lock
• 95a81d5 fix(bar): align d3-shape version with other packages (#2076)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)