[Snyk] Fix for 8 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • geonode/static/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bootstrap-multiselect

The new version differs by 50 commits.

• 3ddf263 1.1.0
• b3f8172 Updates packages
• 228d33c Merge pull request wms buffer #1 from davidstutz/master
• 56a5688 Regenerated minified css/js, update copyright.
• 6244e61 Merge pull request Make django-admin name configurable in packages #1180 from tiesont/master
• 2b7cd0b Merge pull request Setup autodoc and apidoc properly #1177 from s-eckard/master
• b1408c4 Updates for npm publish
• 8e09bbd Merge branch 'develop'
• 0fba011 Fix onDropdownShow callback
• e71dd6f Merge pull request this patch allows anonymous access to the batch download while restricting access to the rest of the REST API #9 from s-eckard/develop
• 5bf0418 Synchronize popup width when popup is shown
• 8ba21e7 Merge pull request "Provided by" field in expander on data search is wrong #8 from s-eckard/develop
• 483dcad Cleanup code
• 82f28d8 Merge branch 'feature/SynchronizeWidth' into develop
• d18174f Add option for synchronizing the popup width with the button and an option for text alignment in the button
• a17c846 Merge pull request Write section on testing in geonode #1171 from s-eckard/master
• 512e719 Merge pull request Date picker in metadata form #7 from s-eckard/develop
• ea1de51 Merge branch 'develop' into feature/SynchronizeWidth
• 048fe56 Fix select all behavior for collapsed option groups
• 73cf096 Merge pull request Write section on paver commands #1169 from s-eckard/master
• 9f0a982 Update types definition file and extend further examples in documentation
• 0dd9143 Add new option synchronizeWidth to synchronizes the width of the button and to popup
• b519de3 Merge pull request Autologin after account activation #6 from s-eckard/develop
• c1fbb4f Fix select width

See the full diff

Package name: openlayers

The new version differs by 250 commits.

• a73170c Merge pull request [Backport to 3.2.x][Fixes #7456]Update of a GeoApp metadata returns a JSON message instead of redirecting to the GeoApp page #7458 from tschaub/release-v4.5.0
• c811bd4 Collapsed list of dependency changes
• ce051b7 Update package version to 4.5.0
• 1103779 Changelog for v4.5.0
• bbec759 Merge pull request Update of a GeoApp metadata returns a JSON message instead of redirecting to the GeoApp page #7456 from tschaub/connect-retries
• a2c5ce6 Retry if sauce connect fails
• 54c69ae Merge pull request [Backport Fixes #7440] Migration for setting resource_type #7455 from openlayers/greenkeeper/eslint-4.11.0
• 0bd989e chore(package): update eslint to version 4.11.0
• 93abd6f Merge pull request Bump python-slugify from 4.0.1 to 5.0.0 #7447 from openlayers/greenkeeper/rollup-plugin-commonjs-8.2.6
• 3d8f398 Merge pull request Bump boto3 from 1.17.61 to 1.17.62 #7448 from openlayers/greenkeeper/debounce-1.1.0
• b2ef54d chore(package): update debounce to version 1.1.0
• 09a324b chore(package): update rollup-plugin-commonjs to version 8.2.6
• 07631e4 Merge pull request [Backport 3.2.x][Fixes #7355] Introduce the adoption of groups to define users permissions, and define add_resource permission for users #7451 from openlayers/greenkeeper/karma-1.7.1
• 4aee919 chore(package): update karma to version 1.7.1
• 6cc3c47 Merge pull request Migration for setting resource_type  #7440 from ahocevar/font-load
• 55692c3 Merge pull request Bump ipython from 7.22.0 to 7.23.0 #7446 from openlayers/greenkeeper/rollup-0.51.3
• dbfca19 Merge pull request Refactor how resource permissions are set inside the mapstore client context #7444 from ahocevar/simpler-style-management
• 4324d49 Attempt to make font loading tests more stable
• 2da2ae0 fix(package): update rollup to version 0.51.3
• c6eca80 Refactor stroke style management to reuse code
• 47e6918 Refactor setTextStyle() for better readability
• c1181bd Merge pull request [Fixes #7428] Port Celery optimizations from geonode-project #7438 from ahocevar/source-projection
• 9a8afff Merge pull request [Backport 3.2.x] Bump django-grappelli from 2.14.4 to 2.15.1 #7430 from tschaub/hexa
• 0ec05f5 Call getProjection() only once

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[cla-bot]

Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have the users @snyk-bot on file. In order for us to review and merge your code, please contact the project maintainers to get yourself added.

[lgtm-com]

This pull request introduces 2 alerts and fixes 3 when merging ddeb97f into f4528b3 - view on LGTM.com

new alerts:

• 1 for Unused variable, import, function or class
• 1 for Double escaping or unescaping

fixed alerts:

• 1 for Unsafe HTML constructed from library input
• 1 for DOM text reinterpreted as HTML
• 1 for Double escaping or unescaping