[Snyk] Fix for 7 vulnerabilities

[naiba4]

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	221
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	169
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	112
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	80
	Cross-site Scripting SNYK-JS-SEND-7926862	80
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	80
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	67

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Uncontrolled resource consumption
🦉 Cross-site Scripting

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Sep 18, 2024 11:49am
gutenberg-wd9x	❌ Failed (Inspect)			Sep 18, 2024 11:49am

[changeset-bot]

⚠️ No Changeset found

Latest commit: 1de5b86

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@actions/core@1.9.1	environment, filesystem Transitive: network	+2	260 kB	thboop
npm/@actions/github@5.0.0	environment, filesystem Transitive: network	+13	4.49 MB	thboop
npm/@ariakit/react@0.3.12	None	+5	3.57 MB	ariakit-bot
npm/@ariakit/test@0.3.7	None	+1	1.46 MB	ariakit-bot
npm/@axe-core/puppeteer@4.0.0	None	0	44.4 kB	npmdeque
npm/@babel/core@7.16.0	environment, filesystem, unsafe	+32	8.06 MB	nicolo-ribaudo
npm/@babel/eslint-parser@7.16.0	unsafe	+1	127 kB	nicolo-ribaudo
npm/@babel/plugin-proposal-export-namespace-from@7.18.9	None	+2	18.8 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-jsx@7.16.0	None	+1	14.6 kB	nicolo-ribaudo
npm/@babel/plugin-transform-runtime@7.16.0	unsafe Transitive: environment	+5	2.57 MB	nicolo-ribaudo
npm/@babel/runtime-corejs3@7.16.0	None	0	216 kB	nicolo-ribaudo
npm/@babel/traverse@7.16.0	Transitive: environment	+18	5.56 MB	nicolo-ribaudo
npm/@emotion/babel-plugin@11.3.0	environment	+7	2.78 MB	emotion-release-bot
npm/@emotion/cache@11.7.1	environment	+3	151 kB	emotion-release-bot
npm/@emotion/css@11.7.1	environment	+10	3.2 MB	emotion-release-bot
npm/@emotion/jest@11.7.1	environment	+2	144 kB	emotion-release-bot
npm/@emotion/native@11.0.0	environment	+3	212 kB	emotion-release-bot
npm/@emotion/react@11.7.1	environment	+2	587 kB	emotion-release-bot
npm/@emotion/serialize@1.1.2	environment	+1	65.6 kB	emotion-release-bot
npm/@emotion/styled@11.6.0	environment	+1	227 kB	emotion-release-bot
npm/@emotion/utils@1.2.1	environment	0	18.3 kB	emotion-release-bot
npm/@geometricpanda/storybook-addon-badges@2.0.1	Transitive: environment, eval, filesystem, network, unsafe	+48	10.1 MB	geometricpandadev
npm/@octokit/request-error@2.1.0	None	0	21.9 kB	octokitbot
npm/@octokit/rest@16.26.0	Transitive: network	+6	2.81 MB	octokitbot
npm/@octokit/types@6.34.0	None	+1	1.76 MB	octokitbot
npm/@octokit/webhooks-types@5.6.0	None	0	162 kB	octokitbot
npm/@octokit/webhooks@7.1.0	None	0	210 kB	octokitbot
npm/@playwright/test@1.39.0	None	0	25.3 kB	aslushnikov
npm/@pmmmwh/react-refresh-webpack-plugin@0.5.11	environment, filesystem Transitive: network	+2	441 kB	pmmmwh
npm/@react-native-clipboard/clipboard@1.11.2	None	0	176 kB	naturalclar
npm/@react-native-community/blur@4.2.0	None	0	300 kB	titozzz
npm/@react-native-community/slider@3.0.2-wp-4	None	0	0 B
npm/@react-native-masked-view/masked-view@0.2.9	None	0	58.2 kB	naturalclar
npm/@react-native/gradle-plugin@0.72.11	None	0	155 kB	react-native-bot
npm/@react-navigation/core@5.12.0	environment	0	971 kB	satya164
npm/@react-navigation/native@6.0.14	environment	+3	1.49 MB	satya164
npm/@react-navigation/routers@5.4.9	None	0	237 kB	satya164
npm/@react-navigation/stack@6.3.5	Transitive: environment	+1	1.14 MB	satya164
npm/@react-spring/web@9.5.5	environment	+5	448 kB	tdfka_rick
npm/@storybook/addon-a11y@7.2.2	Transitive: environment, eval, network	+42	8.7 MB	shilman
npm/@storybook/addon-actions@7.2.2	Transitive: environment, eval, network	+39	8.51 MB	shilman
npm/@storybook/addon-controls@7.2.2	Transitive: environment, eval, filesystem, network, unsafe	+48	10 MB	shilman
npm/@storybook/addon-docs@7.2.2	Transitive: environment, eval, filesystem, network, unsafe	+79	23.5 MB	shilman
npm/@storybook/addon-toolbars@7.2.2	Transitive: environment, eval, network	+39	8.49 MB	shilman
npm/@storybook/addon-viewport@7.2.2	Transitive: environment, eval, network	+39	8.5 MB	shilman
npm/@storybook/react-webpack5@7.2.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+122	21.3 MB	shilman
npm/@storybook/react@7.2.2	Transitive: environment, filesystem, network, unsafe	+16	3.94 MB	shilman
npm/@storybook/source-loader@7.2.2	filesystem	+3	351 kB	shilman

🚮 Removed packages: npm/@docusaurus/core@2.4.1, npm/@docusaurus/module-type-aliases@2.4.1, npm/@docusaurus/preset-classic@2.4.1, npm/@mdx-js/react@1.6.22, npm/clsx@1.2.1, npm/docusaurus-lunr-search@2.4.1, npm/prism-react-renderer@1.3.5, npm/react-dom@17.0.2, npm/react@17.0.2

View full report↗︎

[socket-security]

Report is too large to display inline.
View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/puppeteer-core@2.1.1
• @SocketSecurity ignore npm/prettier@2.8.8
• @SocketSecurity ignore npm/util@0.12.5
• @SocketSecurity ignore npm/doctrine@3.0.0
• @SocketSecurity ignore npm/convert-source-map@2.0.0
• @SocketSecurity ignore npm/execa@1.0.0
• @SocketSecurity ignore npm/write-file-atomic@4.0.2
• @SocketSecurity ignore npm/validate-npm-package-name@3.0.0
• @SocketSecurity ignore npm/ws@8.13.0
• @SocketSecurity ignore npm/@kwsites/file-exists@1.1.1
• @SocketSecurity ignore npm/yargs@17.7.2
• @SocketSecurity ignore npm/y18n@5.0.8
• @SocketSecurity ignore npm/yargs-parser@21.1.1
• @SocketSecurity ignore npm/tmp@0.2.1
• @SocketSecurity ignore npm/source-map@0.7.4
• @SocketSecurity ignore npm/watchpack@2.4.0
• @SocketSecurity ignore npm/@aw-web-design/x-default-browser@1.4.126
• @SocketSecurity ignore npm/@babel/plugin-proposal-export-namespace-from@7.18.9
• @SocketSecurity ignore npm/@emotion/is-prop-valid@0.8.8
• @SocketSecurity ignore npm/@emotion/memoize@0.7.4
• @SocketSecurity ignore npm/@emotion/use-insertion-effect-with-fallbacks@1.0.1
• @SocketSecurity ignore npm/bplist-parser@0.3.2
• @SocketSecurity ignore npm/@humanwhocodes/object-schema@1.2.1
• @SocketSecurity ignore npm/@react-native-community/cli-clean@10.1.1
• @SocketSecurity ignore npm/@react-native-community/cli-config@10.1.1
• @SocketSecurity ignore npm/cosmiconfig@5.2.1
• @SocketSecurity ignore npm/@react-native-community/cli-hermes@10.2.0
• @SocketSecurity ignore npm/@react-native-community/cli-platform-android@10.2.0
• @SocketSecurity ignore npm/@react-native-community/cli-server-api@10.1.1
• @SocketSecurity ignore npm/@jest/types@26.6.2
• @SocketSecurity ignore npm/@react-native-community/cli-tools@10.1.1
• @SocketSecurity ignore npm/@react-native/normalize-color@2.1.0
• @SocketSecurity ignore npm/@react-native/polyfills@2.0.0
• @SocketSecurity ignore npm/assert@2.0.0
• @SocketSecurity ignore npm/babel-plugin-macros@3.1.0
• @SocketSecurity ignore npm/ip@2.0.0
• @SocketSecurity ignore npm/hosted-git-info@3.0.8
• @SocketSecurity ignore npm/https-proxy-agent@4.0.0
• @SocketSecurity ignore npm/ws@6.2.2
• @SocketSecurity ignore npm/react-refresh@0.11.0
• @SocketSecurity ignore npm/telejson@7.1.0
• @SocketSecurity ignore npm/validate-npm-package-name@5.0.0
• @SocketSecurity ignore npm/foreground-child@3.1.1
• @SocketSecurity ignore npm/minimatch@9.0.3
• @SocketSecurity ignore npm/@emotion/babel-plugin@11.11.0
• @SocketSecurity ignore npm/@emotion/hash@0.9.1
• @SocketSecurity ignore npm/@emotion/memoize@0.8.1
• @SocketSecurity ignore npm/@emotion/serialize@1.1.2
• @SocketSecurity ignore npm/@emotion/unitless@0.8.1
• @SocketSecurity ignore npm/@emotion/utils@1.2.1

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Vulnerable Libraries (2)

Severity	Details
High	pkg:npm/sass@1.35.2 (t) upgrade to: > 1.35.2
High	pkg:npm/appium@2.0.0 (t) upgrade to: > 2.0.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.