[Snyk] Fix for 1 vulnerabilities

[kopax]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @expo/webpack-config

The new version differs by 250 commits.

• 4e7dbf3 Publish
• 84f6686 Update README.md
• 7adc6ae Update README.md
• 3052b9d [webpack] Upgrade to Webpack 5 (#3763)
• 625d91a Remove Node.js limitations on the legacy CLI (#4635)
• bee0413 [readme] Highlight the modern local CLI over everything else (#4632)
• 7edfa46 + [email protected]
• 75af3f6 fix(create-expo-app): skip creating a git repo when inside existing repo (#4629)
• c56fb82 update docs to reflect next config bug (#4620)
• 48d14b4 Update CHANGELOG and commit schema cache
• a151151 Publish
• 3986274 [install-expo-modules] Add react-native 0.71 support (#4612)
• 8e5e5f7 fix(update): json5 to v2.2.2 where vulnerability has been patched (#4618)
• 62ce1fd Handle multiple query parameters in Android URIs (#4538)
• 757b300 [xdl] Add feature gates (#4587)
• 58cf75b Update @ xmldom/xmldom (#4592)
• 508f15b Update README.md
• 820cc0f deprecate expo-optimize and drop related checks (#4588)
• d6329a4 Update PULL_REQUEST_TEMPLATE
• e631bdb Update index-test.js.snap
• 72e6af2 drop traveling-fastlane source (#4589)
• 69965f2 feat(next)!: rewrite package (#4582)
• 8c3e745 Update CHANGELOG and commit schema cache
• e01f946 Publish

See the full diff

Package name: documentation

The new version differs by 130 commits.

• 849a083 chore(release): 14.0.0
• 42b14a0 build(deps-dev): bump eslint from 8.21.0 to 8.22.0 (#1547)
• 85ecbbf build(deps): bump @ babel/generator from 7.18.10 to 7.18.12 (#1545)
• 4609719 chore(release): 14.0.0-alpha.1
• f513485 Align babel plugin list with Prettier
• 5d66953 Sort babel plugins
• 7e17203 revert to upsteam package-lock.json
• 3f187d7 feat: ✨ update Babel, copy list of plugins from Prettier
• 73bb2a4 chore(release): 14.0.0-alpha.0
• 390edff Update release instructions
• e4ba155 patch updates to babel and husky
• 9941fb6 Bump husky from 4 to 8
• 69066bb don't ignore updates to husky
• 3d2c043 run migration script from husky 4 to 8
• c5e0156 Merge pull request #1541 from documentationjs/bump-mock-fs
• 8236bd0 Bump to mock-fs 5.1.4
• ab0cade Merge pull request #1530 from SojinSamuel/patch-1
• 77968e1 Bump mock-fs from 5.1.2 to 5.1.3
• 0d04462 Merge pull request #1540 from documentationjs/Add-test-suite-for-node-18
• a6dc1bd Add test suite for node 18
• 2c885bf Run npm audit fix
• 21fbb3e Bump fs-extra from 10.0.1 to 10.1.0
• 2cb5a26 Bump prettier from 2.6.2 to 2.7.1
• fb20409 Bump eslint from 8.13.0 to 8.21.0

See the full diff

Package name: image-webpack-loader

The new version differs by 74 commits.

• d9cca9b 7.0.0
• 7d91d45 lts not found?
• 8ea85e3 update changelog
• 044ccaf require node 10
• 8d386e2 Merge pull request #238 from tcoopman/dependabot/npm_and_yarn/imagemin-mozjpeg-9.0.0
• d0f574c Bump imagemin-mozjpeg from 8.0.0 to 9.0.0
• 73e4acc Merge pull request #259 from tcoopman/dependabot/npm_and_yarn/imagemin-pngquant-9.0.1
• 42b776f Merge pull request #236 from tcoopman/dependabot/npm_and_yarn/imagemin-webp-6.0.0
• 63b3d18 Merge pull request #248 from tcoopman/dependabot/npm_and_yarn/webpack-4.44.1
• 953073e Bump imagemin-pngquant from 8.0.0 to 9.0.1
• 12a9da6 Bump webpack from 4.42.0 to 4.44.1
• 569b13c Bump imagemin-webp from 5.1.0 to 6.0.0
• 7fcf273 Merge pull request #258 from tcoopman/dependabot/npm_and_yarn/bl-1.2.3
• 2367e00 Merge pull request #255 from tcoopman/dependabot/npm_and_yarn/decompress-4.2.1
• 7714554 Merge pull request #253 from tcoopman/dependabot/npm_and_yarn/schema-utils-2.7.1
• b601c5c Merge pull request #247 from tcoopman/dependabot/npm_and_yarn/elliptic-6.5.3
• 96197b4 Merge pull request #241 from tcoopman/dependabot/npm_and_yarn/webpack-cli-3.3.12
• 5cf2d90 [Security] Bump bl from 1.2.2 to 1.2.3
• 7e4116c Bump schema-utils from 2.6.5 to 2.7.1
• 605a580 Merge pull request #235 from tcoopman/dependabot/npm_and_yarn/imagemin-svgo-8.0.0
• 6fd3a22 [Security] Bump decompress from 4.2.0 to 4.2.1
• c37a782 Merge pull request #234 from tcoopman/dependabot/npm_and_yarn/imagemin-optipng-8.0.0
• 830a392 Merge pull request #211 from tcoopman/dependabot/npm_and_yarn/imagemin-gifsicle-7.0.0
• 168a70c [Security] Bump elliptic from 6.5.2 to 6.5.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)