[Snyk] Fix for 5 vulnerabilities

[krisboit]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @solana/web3.js

The new version differs by 76 commits.

• 6441b4d chore: cleanup flow and package.json
• 938db32 chore: replace jest with mocha
• ba745f4 fix: update to reasonable babel env target
• d4a7332 fix: bundle buffer dependencies on browser
• af83ff2 feat: add support for browser es modules
• e706a3c chore: bump @ babel/runtime from 7.12.5 to 7.12.13 in /web3.js (#15141)
• 34d0128 chore: bump ws from 7.4.1 to 7.4.3 in /web3.js (#15140)
• b7f5d8e chore: bump start-server-and-test from 1.11.7 to 1.12.0 in /web3.js (#15138)
• 83bc958 chore: bump @ babel/plugin-proposal-function-bind in /web3.js (#15137)
• 3c36e42 chore: bump @ babel/preset-flow from 7.12.1 to 7.12.13 in /web3.js (#15135)
• 4a0237a chore: bump marked from 1.2.7 to 1.2.9 in /web3.js (#15134)
• 3a019ec chore: bump @ babel/preset-env from 7.12.11 to 7.12.13 in /web3.js (#15133)
• c784ec7 chore: bump @ babel/plugin-proposal-class-properties in /web3.js (#15132)
• cdcba74 chore: bump @ babel/plugin-transform-runtime in /web3.js (#15131)
• b3287bb chore: bump @ babel/core from 7.12.10 to 7.12.13 in /web3.js (#15130)
• 7ec56c4 chore: bump acorn from 8.0.4 to 8.0.5 in /web3.js (#15129)
• 6377a82 chore: bump eslint from 7.18.0 to 7.19.0 in /web3.js (#15128)
• 43aa49b chore: bump rollup from 2.37.1 to 2.38.5 in /web3.js (#15127)
• 7212fe4 docs: bump nofiles recommendations to match maps
• 94d4796 fix: do not download and execute binaries via HTTP (#14914)
• b9209e4 fix: add missing token delta type on ConfirmedMeta (#14872)
• 23b1155 fix: add custodian key support to stake instructions
• e52f0cb chore: comment blockHeight
• 5daa3ca test: account for rent collection to avoid bogus test failure

See the full diff

Package name: eth-lib

The new version differs by 1 commits.

• eaad688 Remove stupid things, refactorings

See the full diff

Package name: react-native

The new version differs by 250 commits.

• 7473ce1 [0.65.0] Bump version numbers
• 5f0b805 [0.65.0-rc.4] Bump version numbers
• 83d9b9b [LOCAL] yarn lock update
• e775957 Revert "fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)"
• 5f7deb5 [LOCAL] reintroduce generated codegen files
• c0df3e0 [LOCAL] autogenerated files
• 54fbe0d - Bump CLI to ^6.0.0 (#31971)
• 5efad92 Codegen: Always prepare filesystem
• dfd324e Extend codegen script to take library name, output dir arguments
• 1b7f95b Reorganize codegen script for clarity
• 041365e fix: codegen - project paths with spaces (#31141)
• 98e1734 fix: Move react-native-codegen to be a direct dependency of react-native (fix for 0.65-stable)
• e8d725a [0.65.0-rc.3] Bump version numbers
• e40f582 fix(deps): bump metro to 0.66.2 + dedup (#31886)
• e53745e Bump Flipper + Bump hermes (#31872)
• 4476fbc Allow PlatformColor to work with RCTView border colors (#29728)
• 49253dc Fix support for blobs larger than 64 KB on Android (#31789)
• 626d25c Android: upgrading to OkHttp from 4.9.0 to 4.9.1 to fix java.lang.NullPointerException: bio == null crash (#31822)
• db7aa7b [0.65.0-rc.2] Bump version numbers
• 121a6a4 Fix Android build sequencing
• ba4424f Revert "Revert "bump buildToolsVersion to 30.0.2 (#31627)""
• be9a669 Revert "Revert "Gradle 6.9, Android Gradle Plugin 4.2.1 (#31593)""
• 0e08b25 [0.65.0-rc.1] Bump version numbers
• ca5b943 [LOCAL] lock files update for 065 branch

See the full diff

Package name: react-native-vector-icons

The new version differs by 21 commits.

• 5e93365 Release 9.1.0
• 7dbcd72 Build entypo from npm package (Swap new #1415)
• 1caf4a7 Bump icon directory to use react-scripts 5.0.0 (Fix Zilliqa tokens #1414)
• 92bd1ce Upgrade example to RN 0.67 (Bump y18n from 3.2.1 to 3.2.2 #1413)
• 217d26d Make text non-selectable on web too (Improvements #1252)
• bb5bd45 Update README.md ([ZIL] Add reward block countdown on Dashboard #1246)
• 3ee64d7 React Native Auto Linking Details (gzil #1393)
• 015e8d4 Simplify Android font bundling ([Snyk] Security upgrade react-native from 0.61.1 to 0.64.0 #1401)
• 8948d57 Update FontAwesome 5 to 5.15.3 (Widgets implementation #1234)
• dc7b515 Update icon sets (Register Notification Settings isTokenActive #1412)
• 16e35fc Build fonts with docker (Release 1.4.31 - Manage Accounts Screen freeze #1411)
• 74a2d83 Remove lodash dependencies (Fix balance for inactive tokens #1410)
• 84d446b Release 9.0.0
• 0cd3492 Fix Flow type for IconProps to work with exact_by_default=true (Solana ledger #1363)
• fd1c86f Import from react-native directly (solana stake amount #1388)
• 27f177f Bump directory to React 17 ([WIP]refactor availble amount per blockchain #1387)
• bf943c3 Bump React Native to 0.66 in Example project (SOL Updates #1386)
• 37a5acc Adding mavenCentral() as jcenter() is shutting (Release #1337)
• 2e44f27 Add notice about react-native-vector-image
• 13e8b5d Update README.md (Update staking.ts #1326)
• 204e49d Use actions/setup-node@v2 in workflows

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution