[Snyk] Fix for 29 vulnerabilities

[Kashuhackerone]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Prototype Pollution SNYK-JS-ALGOLIASEARCHHELPER-1570421	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @docusaurus/core

The new version differs by 250 commits.

• 2a9e8f5 v2.0.0
• 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
• d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
• e4fc47b Merge branch 'main' into docusaurus-v2
• 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
• 1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
• 965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
• e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
• c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)
• d255389 chore: prepare v2.0.0-rc.1 release (Nonce: Rename instructions with VerbNoun scheme (bp #7775) solana-labs/solana#7778)
• 443914a docs: add Bruce Wiki website to showcase (Book: Update durable nonce proposal entry (bp #7694) solana-labs/solana#7770)
• f913af0 docs: release process, versioning, breaking changes, public API surface (Account for stake held by the current node while waiting for the supermajority to join gossip solana-labs/solana#7706)
• 9788944 refactor(theme): fix duplicate page metadata usage (Include shred version in gossip solana-labs/solana#7777)
• c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (Remove create_account bandaid now that to's signature is required solana-labs/solana#7776)
• c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (Fix Turbine making Port based decisions solana-labs/solana#7774)
• 665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (Rename blocktree to blockstore (bp #7757) solana-labs/solana#7771)
• 1899a2e docs: add EverShop website to showcase (Coalesce data and coding index solana-labs/solana#7765)
• 542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (Bump tokio from 0.1.22 to 0.2.8 solana-labs/solana#7702)" (Bump tiny-bip39 from 0.6.2 to 0.7.0 solana-labs/solana#7750)
• a4b4a7f fix(migrate): import siteConfig with file extension (Adjust TdS leader efficiency calculation solana-labs/solana#7766)
• 337463a chore(theme-translations): complete ko translations (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7762)
• 9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (Reduce grace ticks, and ignore grace ticks for missing leaders solana-labs/solana#7764)
• cba8be0 fix(theme-classic): validate options properly (Handle errors on replaying ledger properly (bp #7741) solana-labs/solana#7755)
• 636d470 refactor(core): use has instead of get to test for existence in ExecEnv (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7763)
• f21dadf docs: add StackQL Provider Registry to showcase (Manage durable nonce stored value in runtime (bp #7684) solana-labs/solana#7760)

See the full diff

Package name: @docusaurus/preset-classic

The new version differs by 250 commits.

• 2a9e8f5 v2.0.0
• 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
• d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
• e4fc47b Merge branch 'main' into docusaurus-v2
• 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
• 1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
• 965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
• e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
• c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)
• d255389 chore: prepare v2.0.0-rc.1 release (Nonce: Rename instructions with VerbNoun scheme (bp #7775) solana-labs/solana#7778)
• 443914a docs: add Bruce Wiki website to showcase (Book: Update durable nonce proposal entry (bp #7694) solana-labs/solana#7770)
• f913af0 docs: release process, versioning, breaking changes, public API surface (Account for stake held by the current node while waiting for the supermajority to join gossip solana-labs/solana#7706)
• 9788944 refactor(theme): fix duplicate page metadata usage (Include shred version in gossip solana-labs/solana#7777)
• c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (Remove create_account bandaid now that to's signature is required solana-labs/solana#7776)
• c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (Fix Turbine making Port based decisions solana-labs/solana#7774)
• 665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (Rename blocktree to blockstore (bp #7757) solana-labs/solana#7771)
• 1899a2e docs: add EverShop website to showcase (Coalesce data and coding index solana-labs/solana#7765)
• 542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (Bump tokio from 0.1.22 to 0.2.8 solana-labs/solana#7702)" (Bump tiny-bip39 from 0.6.2 to 0.7.0 solana-labs/solana#7750)
• a4b4a7f fix(migrate): import siteConfig with file extension (Adjust TdS leader efficiency calculation solana-labs/solana#7766)
• 337463a chore(theme-translations): complete ko translations (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7762)
• 9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (Reduce grace ticks, and ignore grace ticks for missing leaders solana-labs/solana#7764)
• cba8be0 fix(theme-classic): validate options properly (Handle errors on replaying ledger properly (bp #7741) solana-labs/solana#7755)
• 636d470 refactor(core): use has instead of get to test for existence in ExecEnv (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7763)
• f21dadf docs: add StackQL Provider Registry to showcase (Manage durable nonce stored value in runtime (bp #7684) solana-labs/solana#7760)

See the full diff

Package name: @docusaurus/theme-search-algolia

The new version differs by 250 commits.

• 2a9e8f5 v2.0.0
• 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
• d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
• e4fc47b Merge branch 'main' into docusaurus-v2
• 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
• 1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
• 965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
• e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
• c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)
• d255389 chore: prepare v2.0.0-rc.1 release (Nonce: Rename instructions with VerbNoun scheme (bp #7775) solana-labs/solana#7778)
• 443914a docs: add Bruce Wiki website to showcase (Book: Update durable nonce proposal entry (bp #7694) solana-labs/solana#7770)
• f913af0 docs: release process, versioning, breaking changes, public API surface (Account for stake held by the current node while waiting for the supermajority to join gossip solana-labs/solana#7706)
• 9788944 refactor(theme): fix duplicate page metadata usage (Include shred version in gossip solana-labs/solana#7777)
• c48f338 fix(core): swizzle --eject js should not copy theme .d.ts files (Remove create_account bandaid now that to's signature is required solana-labs/solana#7776)
• c3d2e0d fix(sitemap): complete gracefully when all pages have noIndex meta (Fix Turbine making Port based decisions solana-labs/solana#7774)
• 665c311 chore: bump Infima to 0.2.0-alpha.42, fix a:hover link bug (Rename blocktree to blockstore (bp #7757) solana-labs/solana#7771)
• 1899a2e docs: add EverShop website to showcase (Coalesce data and coding index solana-labs/solana#7765)
• 542228e fix(deploy): revert "feat(deploy): copy local git config to tmp repo (Bump tokio from 0.1.22 to 0.2.8 solana-labs/solana#7702)" (Bump tiny-bip39 from 0.6.2 to 0.7.0 solana-labs/solana#7750)
• a4b4a7f fix(migrate): import siteConfig with file extension (Adjust TdS leader efficiency calculation solana-labs/solana#7766)
• 337463a chore(theme-translations): complete ko translations (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7762)
• 9467da6 chore(deps): bump actions/setup-node from 3.3.0 to 3.4.0 (Reduce grace ticks, and ignore grace ticks for missing leaders solana-labs/solana#7764)
• cba8be0 fix(theme-classic): validate options properly (Handle errors on replaying ledger properly (bp #7741) solana-labs/solana#7755)
• 636d470 refactor(core): use has instead of get to test for existence in ExecEnv (Pick an RPC node at random to avoid getting stuck on a bad RPC node (bp #7759) solana-labs/solana#7763)
• f21dadf docs: add StackQL Provider Registry to showcase (Manage durable nonce stored value in runtime (bp #7684) solana-labs/solana#7760)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn