[Snyk] Fix for 21 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • client/package.json
  • client/package-lock.json
  • client/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	No	Proof of Concept
	494/1000 Why? Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	No	No Known Exploit
	590/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	No	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-XSS-1584355	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-fetch

The new version differs by 12 commits.

• b5e2e41 update version number
• 2358a6c Honor the `size` option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
• 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
• 244e6f6 docs: Show backers in README
• 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
• 47a24a0 chore: Add opencollective badge
• 7b13662 chore: Add funding link
• 5535c2e fix: Check for global.fetch before binding it (#674)
• 1d5778a docs: Add Discord badge
• eb3a572 feat: Data URI support (#659)
• 086be6f Remove --save option as it isn't required anymore (#581)

See the full diff

Package name: react-scripts

The new version differs by 138 commits.

• ed95893 Publish
• 88ca4f6 Prepare 4.0.0 release
• d23d615 Update react dom in error overlay
• 95265c3 Update CHANGELOG
• 523b416 Add link to Open Collective (#9864)
• af616ab Update CHANGELOG
• 014ca01 Prepare 4.0.0 release
• 2b1161b Pass JSX runtime setting to Babel preset in Jest config (#9865)
• f2aef41 Prepare 4.0.0 alpha release
• 4bc639c Upgrade to React 17 (#9863)
• d61347d Use new JSX setting with TypeScript 4.1.0 (#9734)
• e63de79 New JSX Transform opt out (#9861)
• fe785b2 feat: Update all dependencies (#9857)
• 85ab02b feat: remove unused React imports (#9853)
• 329f392 feat: Update ESLint dependencies (#9856)
• 10fa972 feat(eslint-config-react-app): Add jest & testing-library rules (#8963)
• ed919b1 Make eslint-plugin-jest an optional peerDependency (#9670)
• 0a93e32 Fix refreshOverlayInterop module scope error (#9805)
• 7965594 Bump resolve-url-loader version (#9841)
• b1f8536 Add 3.4.4 to the changelog
• d07b7d0 Replace deprecated eslint-loader with eslint-webpack-plugin (#9751)
• 6f3e32e Upgrade Docusaurus to latest version (#9728)
• 1f2d387 fix: resolve new JSX runtime issues (#9788)
• 6a51dcd Add AVIF image support (#9611)

See the full diff

Package name: xss

The new version differs by 108 commits.

• 380a4ba publish: v1.0.10
• 699acde fix: #239 stripCommentTag DoS attack
• 9cbe2f1 Create SECURITY.md
• bdd1b03 chore: fix nodejs.yml remove node-version 8.x
• 3be6a07 chore: update devDependencies to latest version
• 948dfb1 docs: update CI badge
• 831a6a2 chore: github action nodejs.yml run test-cov instead of test
• 0ba3cdb chore: remove .travis.yml
• cdee88e chore: fix github action nodejs.yml
• 624aba9 chore: add github action nodejs.yml
• 901b771 style: reformat all source code by prettier
• 0b15109 docs: update changelog
• 3e153f5 fix: typings `onTag` options
• 82cb63f docs: update changelog
• a1d9b44 fix: typings IWhiteList allow any tag name
• 005098b feat: Add `<strike>` to default whitelist
• dcf1486 feat: Add `<audio crossorigin muted>`, `<video crossorigin muted playsinline poster>` to default whitelist
• f4c0b29 Merge pull request #220 from daraz999/patch-1
• 2f5dd55 fix: recover `<summary>` on the default whitelist
• d94ac2a publish: v1.0.9
• 4452638 chore: add package-lock.json to .ignore
• cff16d9 chore: build dist
• 730a0b5 Merge pull request #218 from TomAnthony/fix-whitespace-bypass
• 6586f49 Merge pull request #216 from spacegaier/patch-1

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic