[Snyk] Fix for 21 vulnerabilities

[ramsemune]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • web/vtadmin/package.json
  • web/vtadmin/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHES-2434284	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASHES-2434289	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: lodash-es

The new version differs by 1 commits.

• 11eb817 Bump to v4.17.21

See the full diff

Package name: node-sass

The new version differs by 90 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (Add shellcheck to our test suite vitessio/vitess#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (vtctld UI bug in the schema panel vitessio/vitess#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (Please ensure make only builds binaries and does not run the test suite vitessio/vitess#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (doubly escape periods in counter names so we dont create invalid json vitessio/vitess#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (Configurable maxrows of 10k vitessio/vitess#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (test: Remove e2e tests for old, obsolete resharding automation. vitessio/vitess#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (Query parse error vitessio/vitess#3149)
• e80d4af chore: Drop EOL Node 15 (vttablet: Hot Row Protection: Minor readability improvement. vitessio/vitess#3122)
• d753397 feat: Add Node 17 support (Ensure vttablet does not crash if not given all parameters it expects vitessio/vitess#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: react-scripts

The new version differs by 97 commits.

• 221e511 Publish
• 6a3315b Update CONTRIBUTING.md
• 5614c87 Add support for Tailwind (#11717)
• 657739f chore(test): make all tests install with `npm ci` (#11723)
• 20edab4 fix(webpackDevServer): disable overlay for warnings (VDiff: Make restarting VReplication workflow more robust vitessio/vitess#11413)
• 69321b0 Remove cached lockfile ([Don't review] Issue#10363 ii vitessio/vitess#11706)
• 3afbbc0 Update all dependencies ([14.0] Fix JSON functions parsing vitessio/vitess#11624)
• f5467d5 feat(eslint-config-react-app): support ESLint 8.x ([release-14.0] Add hyperlink in the release changelog (#11241) vitessio/vitess#11375)
• e8319da [WIP] Fix integration test teardown / cleanup and missing yarn installation (Question: How to modify the configuration? vitessio/vitess#11686)
• c7627ce Update webpack and dev server (Bug Report: ApplySchema -strategy "direct -allow-zero-in-date" may fail to refresh schema properly in release-13.0 vitessio/vitess#11646)
• f85b064 The default port used by `serve` has changed (Move towards MySQL 8.0 as the default template generation (#11153) vitessio/vitess#11619)
• 544befe Update package.json ([cherry-pick]fix vdiff release notes (#11595) vitessio/vitess#11597)
• 9d0369b Fix ESLint Babel preset resolution (ForwardPort: Fix Vitess Operator example vitessio/vitess#11547)
• d7b23c8 test(create-react-app): assert for exit code (Switch flag definitions to be on pflag instead of flag in package go/vt/vttablet/filelogger vitessio/vitess#10973)
• 1465357 Prepare 5.0.0 alpha release
• 3880ba6 Remove dependency pinning (Skip TestComparisonSemantics test vitessio/vitess#11474)
• 8b9fbee Update CODEOWNERS
• cacf590 Bump template dependency version (For partial MoveTables, setup reverse shard routing rules on workflow creation vitessio/vitess#11415)
• 5cedfe4 Bump browserslist from 4.14.2 to 4.16.5 ([release-14.0] Skip TestComparisonSemantics vitessio/vitess#11476)
• 50ea5ad allow CORS on webpack-dev-server (VStreamer: fix deadlock when there are a lot of vschema changes at the same time as binlog events vitessio/vitess#11325)
• 63bba07 Upgrade jest and related packages from 26.6.0 to 27.1.0 (Addition of Metrics to VTOrc to track the number of recoveries ran and their success count. vitessio/vitess#11338)
• 960b21e Bump immer from 8.0.4 to 9.0.6 ([vtexplain] Migrate to pflags vitessio/vitess#11364)
• 134cd3c Resolve dependency issues in v5 alpha (Switch flag definitions to be on pflag instead of flag in package go/cmd/zkctld vitessio/vitess#11294)
• b45ae3c Update CONTRIBUTING.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn