[Snyk] Fix for 4 vulnerabilities

[q1blue]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • web/package.json
  • web/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	179/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01027, Social Trends: No, Days since published: 657, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.28, Score Version: V5	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0016, Social Trends: No, Days since published: 480, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	161/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01354, Social Trends: No, Days since published: 1446, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	165/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00282, Social Trends: No, Days since published: 579, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.22, Likelihood: 2.65, Score Version: V5	Sandbox Bypass SNYK-JS-WEBPACK-3358798	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @docusaurus/core

The new version differs by 250 commits.

• 2ec4e07 v3.3.0
• 8af29a7 refactor: apply lint autofix
• 7319a1b prepare 3.3.0 release
• 4159b25 docs: Fix `déja` to `déjà` in `swizzling.mdx` (#10096)
• 10b76d8 chore(deps): bump ejs from 3.1.9 to 3.1.10 (#10097)
• 3939413 docs: Fix dead Typesense links (#10093)
• 7057ba4 feat: add createSitemapItems hook (#10083)
• be9081a chore: Upgrade svgr / svgo / cssnano (#10092)
• 2154dcc fix(theme): `<Tabs>` props should allow overriding defaults (#10091)
• c967ea5 fix(theme): `<Admonition>` should render properly without heading/icon (#10080)
• 3ee7760 fix(core): `docusaurus serve` redirects should include the site `/baseUrl/` prefix (#10090)
• 0b49e6c chore(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.1 (#10089)
• a6dbd92 chore(deps): bump preactjs/compressed-size-action from 2.5.0 to 2.6.0 (#10088)
• ca33858 fix: handle React v18.3 warnings (#10079)
• f1cb4ed docs: make `ThemedImage` example work out of the box (#10085)
• e20b329 docs: add note regarding ts extension for config file. (#10082)
• da2c0b4 chore: Upgrade to TypeScript 5.4 (#10076)
• daba917 feat(core): add new site config option `siteConfig.markdown.anchors.maintainCase` (#10064)
• 9418786 fix(theme-translations): add missing theme translations for pt-BR (#10070)
• f88da6c refactor: extract base TS client config + upgrade TS + refactor TS setup (#10065)
• e736dcb test(e2e): TypeCheck website/starter in min/max range of TS versions (#10063)
• eb07e9d refactor(core): optimize App entrypoint, it should not re-render when navigating (#10060)
• c746289 refactor(theme): simplify CSS solution to solve empty search container (#10061)
• a612b4e feat(cli): docusaurus deploy should support a --target-dir option (#9767)

See the full diff

Package name: @docusaurus/preset-classic

The new version differs by 250 commits.

• ca8b463 v3.0.0
• 2121b71 fix bad path
• 0b3be15 version 3.0.0 docs
• 9658a5b 3.0.0 changelog
• 1089741 docs: archive v2 docs versions + create 2.x docs (#9472)
• 495c793 chore: v3.0.0-rc.1 release (#9453)
• 4a0bd92 docs: v3 upgrade guide should mention MDX v1 compat options (#9452)
• 7e456ec feat(mdx-loader): upgrade to MDX v3 + (#9451)
• 8d19054 fix(theme): fix useWindowSize React hydration issue (#9446)
• d07567e chore: revert Lighthouse numberOfRuns due to bad/verbose reporting (#9448)
• dd03a25 chore: Make Lighthouse CI run on local build (#9447)
• c6762a2 feat(mdx-loader): Remark plugin to report unused MDX / Markdown directives (#9394)
• 56cc8e8 chore(ci): fix missing screenshots on Argos (#9445)
• f80e1bd refactor(blog-plugin): blog archive reverse ordering of posts (#9438)
• 911dfb4 chore(deps): bump actions/setup-node from 3 to 4 (#9440)
• e525794 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#9441)
• aa958f0 fix(plugin-blog): blog archive should hide unlisted blog posts (#9437)
• 2bb4fd0 chore(ci): use new Argos playwright integration (#9419)
• f674e02 docs: update Kinsta deployment documentation (#9430)
• 7ee2f75 chore: v3.0.0-rc.0 release (#9418)
• 4e150d2 docs: add Docusaurus v3.0 upgrade guide (#9417)
• 45f1a66 feat(core): support TypeScript + ESM configuration (#9317)
• 336a44f chore: remove docusaurus-migrate (#9400)
• ae31916 docs: fix typos in website/docs/i18n/i18n-git.mdx (#9396)

See the full diff

Package name: @docusaurus/theme-search-algolia

The new version differs by 250 commits.

• ca8b463 v3.0.0
• 2121b71 fix bad path
• 0b3be15 version 3.0.0 docs
• 9658a5b 3.0.0 changelog
• 1089741 docs: archive v2 docs versions + create 2.x docs (#9472)
• 495c793 chore: v3.0.0-rc.1 release (#9453)
• 4a0bd92 docs: v3 upgrade guide should mention MDX v1 compat options (#9452)
• 7e456ec feat(mdx-loader): upgrade to MDX v3 + (#9451)
• 8d19054 fix(theme): fix useWindowSize React hydration issue (#9446)
• d07567e chore: revert Lighthouse numberOfRuns due to bad/verbose reporting (#9448)
• dd03a25 chore: Make Lighthouse CI run on local build (#9447)
• c6762a2 feat(mdx-loader): Remark plugin to report unused MDX / Markdown directives (#9394)
• 56cc8e8 chore(ci): fix missing screenshots on Argos (#9445)
• f80e1bd refactor(blog-plugin): blog archive reverse ordering of posts (#9438)
• 911dfb4 chore(deps): bump actions/setup-node from 3 to 4 (#9440)
• e525794 chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 (#9441)
• aa958f0 fix(plugin-blog): blog archive should hide unlisted blog posts (#9437)
• 2bb4fd0 chore(ci): use new Argos playwright integration (#9419)
• f674e02 docs: update Kinsta deployment documentation (#9430)
• 7ee2f75 chore: v3.0.0-rc.0 release (#9418)
• 4e150d2 docs: add Docusaurus v3.0 upgrade guide (#9417)
• 45f1a66 feat(core): support TypeScript + ESM configuration (#9317)
• 336a44f chore: remove docusaurus-migrate (#9400)
• ae31916 docs: fix typos in website/docs/i18n/i18n-git.mdx (#9396)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

[changeset-bot]

⚠️ No Changeset found

Latest commit: a243aee

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@fastify/[email protected]	None	0	71.1 kB	eomm
npm/@fastify/[email protected]	None	0	81.7 kB	gurgunday
npm/@fastify/[email protected]	None	0	114 kB	eomm
npm/@fastify/[email protected]	None	0	16.7 kB	eomm
npm/@fastify/[email protected]	None	+1	176 kB	eomm
npm/@fastify/[email protected]	None	0	42.4 kB	eomm
npm/@fastify/[email protected]	network	+1	274 kB	eomm
npm/@fastify/[email protected]	None	0	27.4 kB	matteo.collina
npm/@fastify/[email protected]	network	+1	71.3 kB	eomm
npm/@fastify/[email protected]	None	+1	337 kB	gurgunday
npm/@fastify/[email protected]	None	0	14.8 kB	matteo.collina
npm/@fastify/[email protected]	None	0	87.6 kB	eomm
npm/@mgcrea/[email protected]	None	+1	67.5 kB	mgcrea
npm/@octokit/[email protected]	None	+1	14.3 kB	gr2m, kfcampbell, nickfloyd, ...1 more
npm/@types/[email protected]	None	0	13.5 kB	types
npm/@types/[email protected]	None	0	1.77 kB	types
npm/@types/[email protected]	None	+1	19.2 kB	types
npm/@types/[email protected]	None	0	21.2 kB	types
npm/[email protected]	filesystem, shell	+1	49.2 kB	tjholowaychuk
npm/[email protected]	environment	0	448 kB	eemeli

🚮 Removed packages: npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎