[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/app/package.json
  • packages/app/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-DOTOBJECT-548905	Yes	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

Commit messages

Package name: axios

The new version differs by 58 commits.

• 0d87655 Releasing 0.20.0
• cd27741 Updating changelog for 0.20.0 release
• ffea034 Releasing 0.20.0-0
• fe147fb Updating changlog for 0.20.0 beta release
• 16aa2ce Fixing response with utf-8 BOM can not parse to json (content-range error with papaparse. Can I edit htaccess? codesandbox/codesandbox-client#2419)
• c4300a8 Adding support for URLSearchParams in node (GitHub import / commit issues with big files codesandbox/codesandbox-client#1900)
• bed6783 add table of content (preview) (Google Fonts picker - remove need for google api codesandbox/codesandbox-client#3050)
• c70fab9 Fix stale bot config (Disable font picker until we have an API key codesandbox/codesandbox-client#3049)
• 5b08fc4 Add days and change name to work (Fix WS proxy codesandbox/codesandbox-client#3035)
• 1768c23 Update close-issues.yml (Fix typo in CI doc codesandbox/codesandbox-client#3031)
• 3dbf6a1 Add GitHub actions to close stale issues/prs (Vue template + Vuetify 2 extremely long building times with tree shaking codesandbox/codesandbox-client#3029)
• a9010e4 Add GitHub actions to close invalid issues (Ci+embeds codesandbox/codesandbox-client#3022)
• 36f0ad2 Replace 'blacklist' with 'blocklist' (Default to subpixel anti-aliasing for non-retina screens codesandbox/codesandbox-client#3006)
• 0d69a79 Refactor mergeConfig without utils.deepMerge (🔨 Switch AliasDeploymentButton to use useOvermind codesandbox/codesandbox-client#2844)
• 4879416 Allow unsetting headers by passing null (Show/Hide Sidebar workspace item using React Show codesandbox/codesandbox-client#382) (fix(ember): display ember in the client framework codesandbox/codesandbox-client#1845)
• 4b3947a Add test with Node.js 12 (🔨 Refactor Editor/Workspace/Files codesandbox/codesandbox-client#2860)
• 0077205 Adding console log on sandbox server startup (Choose between codesandbox.io and csb.app for the preview codesandbox/codesandbox-client#2210)
• ee46dff docs(): Detailed config options environment. (Switching privacy back to public results in error codesandbox/codesandbox-client#2088)
• 17a6886 Include axios-data-unpacker in ECOSYSTEM.md (Folder name cant use special characters like '#' that will be used in the url codesandbox/codesandbox-client#2080)
• 3f2ef03 Allow opening examples in Gitpod (Make more efficient query codesandbox/codesandbox-client#1958)
• f3cc053 Fixing overwrite Blob/File type as Content-Type in browser. (Update license in package.json codesandbox/codesandbox-client#1773)
• f2b478f Revert "Fixing default transformRequest with buffer pools (Patreon accounts and private repos codesandbox/codesandbox-client#1511)" (Allow for disabling the preview screenshot codesandbox/codesandbox-client#2982)
• d35b5b5 Remove axios.all() and axios.spread() from Readme.md (Refactored | Overmind Hacktober | /app/pages/common/Modals/NetlifyLogs/index.js codesandbox/codesandbox-client#2727)
• 6d36dbe Update README.md (🔨 Refactor, 🧠 Overmind Hactoberfest | Refactor /app/pages/Sandbox/Editor/Workspace/Files/DirectoryEntry/DirectoryChildren/ModuleEntry.js to use Overmind #2885 codesandbox/codesandbox-client#2887)

See the full diff

Package name: dot-object

The new version differs by 32 commits.

• 84356a7 Merge tag 'v2.1.3' into develop
• 67142e7 Merge branch 'release/v2.1.3'
• c4a4dd5 prepare v2.1.3
• f76cff5 guard for possible prototype polution
• ee628c2 Merge tag 'v2.1.2' into develop
• 0c8a4d8 Merge branch 'release/v2.1.2'
• 6bc8849 prepare v2.1.2
• b18aaac Merge branch 'master' into develop
• a292262 add test for deeply nested arrays
• 6a91c11 fix undefined for root level array
• ea358be Merge tag 'v2.1.1' into develop
• 1e6f080 Merge branch 'release/v2.1.1'
• 8dcb301 prepare v2.1.1
• 739c111 Wrong array conversion with [0] fixes [Snyk] Security upgrade gatsby from 1.9.279 to 2.23.20 #27
• 7ab7d4f Merge tag 'v2.1.0' into develop
• c2e0b19 Merge branch 'release/v2.1.0'
• c205762 prepare release v2.1.0
• 66bb1ca wrap delete method
• b24a438 Merge branch 'master' into develop
• 2a86afe update bower version
• 51dabd3 Merge tag 'v2.0.0' into develop
• b24eeb8 Merge branch 'release/v2.0.0'
• 0b87c85 prepare version 2.0.0
• 1647da9 version 2.0.0

See the full diff

Package name: react-markdown

The new version differs by 18 commits.

• 45b9977 5.0.0
• eeea3c2 Update `changelog.md`
• 5d6c9f1 Refactor scripts
• d29478f Add type tests
• 4f5dbe2 Add note
• 7a5e3a1 Add `allowDangerousHtml`, preferred over `escapeHtml`
• 2675ae2 Remove docs on `source`
• 34b0883 Change default branch to `main`
• 22a5e49 Refactor and test for 100% coverage
• b3aa6e0 Rewrite readme for unified, more examples
• a9f163d Move demo to `website` branch
• 4f1a407 Change to clean project, update, refactor scripts
• ebebf51 Upgrade remark to version 8, unified to version 9
• e400f6f Upgrade to remark-parse@6
• 3260f57 Run tests on node 12
• 6eff8d1 Pass AST node to all non-tag/non-fragment renderers as prop
• ca25be1 Fix link to demo in readme
• 9b4eb84 Updated remark-parse github link (Dojo 2 Support codesandbox/codesandbox-client#447)

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.