[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	514/1000 Why? Has a fix available, CVSS 6	Prototype Pollution SNYK-JS-FLAT-596927	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-1070800	No	No Known Exploit
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ajv

The new version differs by 111 commits.

• 521c3a5 6.12.3
• bd7107b Merge pull request Fixes #1190 github/docs#1229 from ajv-validator/dependabot/npm_and_yarn/mocha-8.0.1
• 9c26bb2 Merge pull request Fix the table overflowing sidebar github/docs#1234 from ajv-validator/dependabot/npm_and_yarn/eslint-7.3.1
• c6a6daa Merge branch 'master' into dependabot/npm_and_yarn/mocha-8.0.1
• 15eda23 Merge branch 'master' into dependabot/npm_and_yarn/eslint-7.3.1
• d6aabb8 test: remove node 8 from travis test
• c4801ca Merge pull request Improve documentation issue no #1034 github/docs#1242 from ajv-validator/refactor
• 988982d ignore proto properties
• f2b1e3d whitespace
• 65e3678 Merge pull request repo sync github/docs#1239 from GrahamLea/patch-1
• 68d72c4 update regex
• 9c009a9 validate numbers in multipleOf
• 332b30d Merge pull request calebromadan token contribution github/docs#1241 from ajv-validator/refactor
• 1105fd5 ignore proto properties
• 65b2f7d validate numbers in schemas during schema compilation
• 24d4f8f remove code post-processing
• fd64fb4 Add link to CSP section in Security section
• 0e2c346 Add Contents link to CSP section
• c581ff3 Clarify limitations of ajv-pack in README
• 0006f34 Document pre-compiled schemas for CSP in README
• 140cfa6 Merge pull request repo sync github/docs#1238 from cvlab/patch-1
• e7f0c81 Fix mistype in README.md
• 54c96b0 Bump eslint from 6.8.0 to 7.3.1
• 854dbef Bump mocha from 7.2.0 to 8.0.1

See the full diff

Package name: css-loader

The new version differs by 15 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (Rename about-collaborative-development-models.md to collaborative-dev… github/docs#1209)
• 7bfe85d chore(deps): update (add container registry preview image github/docs#1208)
• b5c9379 feat: postcss@8 (This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit. github/docs#1204)
• 92fe103 docs: context is localIdentContext in README ([GitHub Desktop] Stashing changes feature github/docs#1202)
• e5a9272 chore(deps): update ([GitHub Desktop] Disabling repo indicators feature github/docs#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (chore: Upgrade actions/cache to v2.1.3 github/docs#1196)
• dd52931 feat: hide warning on no plugins (فح github/docs#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (Remove note about package immutability github/docs#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (SSH file to "id_ed25519.pub" github/docs#1189)

See the full diff

Package name: flat

The new version differs by 12 commits.

• e5ffd66 Release 5.0.2
• fdb79d5 Update dependencies, refresh lockfile, format with standard.
• e52185d Test against node 14 in CI.
• 0189cb1 Avoid arrow function syntax.
• f25d3a1 Release 5.0.1
• 54cc7ad use standard formatting
• 779816e drop dependencies
• 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
• a61a554 Bump acorn from 7.1.0 to 7.4.0
• 20ef0ef Fix prototype pollution on unflatten
• e8fb281 Test prototype pollution on unflatten
• 6e95c43 Add node 10 & 12 to travis config.

See the full diff

Package name: linkinator

The new version differs by 27 commits.

• f9c13e9 fix(deps): update dependency marked to v2 [security] (Fix indentation inside Code Examples github/docs#271)
• d02484d build: remove the cache fallback (UI/UX: Navbar active link's styling for all section should be same for better user experience github/docs#268)
• 39816c5 chore: move c8 configuration to .c8rc (Update access-permissions-on-github.md github/docs#267)
• 668aad6 fix: ensure verbosity flag is enabled for config (TAY.t.3.0.0 github/docs#266)
• 9b0b206 fix: use custom HTTP server (ui: sidebar with brand color github/docs#265)
• 2fb77fb chore: add html reporter too in c8 (Fix code block markdown in gradle packages doc github/docs#264)
• 187aea1 chore: remove .nyc_output from .gitignore (fix some ghcr docker call examples had a typo when specifying image tag github/docs#262)
• 4e17c8e test: switch to `assert.match` (.A github/docs#261)
• 5d0cdcd build: CI: specify `FORCE_COLOR: 2` (Fix tests for actions allow list. github/docs#257)
• 9d98693 build: use the main branch for semantic-release (Create codeql-analysis.yml github/docs#259)
• 8c6b6cc build: CI: switch to Node.js 14 (Sha256 webhook signatures github/docs#254)
• a5ac753 chore: README.md: remove `.svg` from badges (Add optional cleanup step after failover to HA replica github/docs#252)
• 54cfe7d build: CI: add caching for Windows too (Shell not indicated in some examples, missing alternative shell solutions github/docs#253)
• 43cb074 build: remove `npm link` from `docs-test` too (repo sync github/docs#255)
• 1b35af6 chore: add author in package.json (Main github/docs#258)
• cb1d808 build: update CI config (> ### What article on docs.github.com is affected? github/docs#243)
• 026a012 test: stop using npm link in CLI tests (Configure Dependabot version updates github/docs#251)
• f14c912 refactor: remove dependency on p-queue (Actions github context: Move github.event_name up to other .event* entries github/docs#250)
• 0433251 build: use the main branch (Contributing: Fix links github/docs#249)
• 071a220 build: fix release action (Update the quickstart.md docs github/docs#240)
• b78be5d build: add the lock file back (https://github.com/github/docs/issues/226#issue-716944332 github/docs#242)
• 71d46aa test: remove usage of npx in tests (Updated quickstart.md typos github/docs#241)
• 4f12838 build: update CI config (repo sync github/docs#235)
• b6ca492 build: add CodeQL scanning (Update about-issues.md github/docs#234)

See the full diff

Package name: lodash

The new version differs by 1 commits.

• c6e281b Bump to v4.17.21

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[vercel]

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/kkkb6/docs/Gs6hY9gwR3mSwhHZm6s2DzYw87Kz
✅ Preview: Failed

[Deployment for fa6d843 failed]