[Snyk] Security upgrade @hashicorp/react-hero from 7.3.3 to 9.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • website/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @hashicorp/react-hero

The new version differs by 250 commits.

• 32cf8a0 fix: fix package-lock.json
• 4f5afbd Version Packages (memberlist: Suspect <name> has failed, no acks received hashicorp/consul#953)
• 3457a6d feat: replace @ reach/popover with radix (consul lock option to return child process exit code hashicorp/consul#947)
• e99310f feat: remove formLeadInput support (Include DC in the members command output hashicorp/consul#946)
• 9d34c38 feat: remove support for tooltips (Don't try to bind on address from inactive interface hashicorp/consul#948)
• 565a1b1 fix: replace Reach VisuallyHidden with Radix ("Newer version available" when latest hashicorp/consul#949)
• aab0844 chore(release): trigger release of updated deps (Adding a service w IP different from localhost / consul 0.4.1 hashicorp/consul#950)
• a4a4482 Version Packages (Adding a new Consul API language hashicorp/consul#944)
• 8d1faaa feat: use a native select element instead of @ reach/listbox (Feature request: Include datacenter in consul members output. hashicorp/consul#942)
• 8a12329 Version Packages (Support setting multiple keys in one atomic commit hashicorp/consul#940)
• 855af8a chore: removes unused @ ts-expect-error comment (Remove unused DefaultSemaphoreRetryTime hashicorp/consul#941)
• b4ac21a feat: remove @ reach/auto-id (ui: Lots of instances of a service break out of it's bounding box hashicorp/consul#938)
• a2de6d1 Version Packages (Allow specifying a check ID within services to link checks with services hashicorp/consul#937)
• 9bac2ae fix: remove framer-motion as a direct dependency (website: fix typo hashicorp/consul#936)
• d9ea14f Version Packages (Can not get passing state service list  hashicorp/consul#929)
• 89403f1 Add release stage to version (Add new verify_server_hostname to mitigate possibility of MITM hashicorp/consul#927)
• fc77a08 Revert "Display releaseStage in version dropdown"
• 0dfce33 Display releaseStage in version dropdown
• 7ed79d1 chore: update project list (Multiple config dir help text hashicorp/consul#926)
• 5332f19 Version Packages (a agent iptables operation,affect another one agent serfHealth status,lead to the disappearance of session hashicorp/consul#925)
• c0939f9 feat: add support for mailto links in PersonCard (Missing nodes get reaped immediately on next cluster bootup - in case of full cluster shutdown hashicorp/consul#924)
• 7e16746 Version Packages (How should monitorLock behave in the case of an error? hashicorp/consul#922)
• 874e929 fix: allow undefined descriptions (Add egress rule to SG for TF 0.5 compat hashicorp/consul#920)
• 534a28e chore(Label): remove tomato usage (terraform/aws module: typo hashicorp/consul#921)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service

[secure-code-warrior-for-github]

Micro-Learning Topic: Denial of service (Detected by phrase)

Matched on "Denial of Service"

The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Information disclosure (Detected by phrase)

Matched on "Information Exposure"

Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and PII. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Try a challenge in Secure Code Warrior

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
High	@hashicorp/react-hero@7.3.3 upgrade to: >7.3.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[secure-code-warrior-for-github]

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Libraries"

What is this? (2min video)

Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.

Try a challenge in Secure Code Warrior