[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json
  • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-ETA-2936803	No	Proof of Concept
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-ETA-3261240	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @docusaurus/preset-classic

The new version differs by 250 commits.

• cf12f21 v2.3.1
• cc767ed fix(theme-common): fix issue in tab scroll position restoration on tab click (Add --bind-address and --rpc-bind-address validator arguments solana-labs/solana#8628)
• ed13d5c chore: add "pr: dependencies" to lerna changelog labels (Connect partition flag to validators solana-labs/solana#8622)
• 484774c trigger ci
• 692bbda fix(theme-common): localStorage utils dispatch too many storage events leading to infinite loop (Expose executable and rent_epoch in AccountInfo solana-labs/solana#8619)
• ce8e55b fix(theme-common): prepare usage of useSyncExternalStore compatibility with React 18 (Add test for program_ids passed in metas solana-labs/solana#8618)
• 883983c fix(theme-classic): allow rendering single tab item (TVU does not verify transaction signatures solana-labs/solana#8593)
• 2bdd27a fix(utils): handle CRLF when parsing MDX imports (cli: Add commitment flag to vote-account and validators commands (bp #8597) solana-labs/solana#8606)
• 4761c8c chore(theme-translations): complete zh translations (Check transaction signatures in entry verify (bp #8596) solana-labs/solana#8614)
• 990e553 fix(preset-classic): install the right plugin for googleTagManager (cli: Add commitment flag to vote-account and validators commands solana-labs/solana#8597)
• 4cd2c65 chore(deps): bump eta from 1.12.3 to 2.0.0 (Split signature throughput tracking out of FeeCalculator (bp #8447) solana-labs/solana#8610)
• c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (Hack to skip cleanup_dead_slots upon snapshot load (bp #8561) solana-labs/solana#8585)
• de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (Retry to curl to codecov.io unfortunately (bp #8263) solana-labs/solana#8264)
• 7743aa6 chore: release Docusaurus v2.1.0 (Testing stable-perf on colo nodes solana-labs/solana#8040)
• 26d2b9a chore: backport retro compatible commits for the Docusaurus v2.1 release (Add different shred test to test_tvu_peers_and_stakes solana-labs/solana#8033)
• bb65b5c chore: release v2.0.1 (Harden untrusted genesis file consumption solana-labs/solana#7919)
• 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
• d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
• e4fc47b Merge branch 'main' into docusaurus-v2
• 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
• 1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
• 965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
• e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
• c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)

See the full diff

Package name: @docusaurus/theme-search-algolia

The new version differs by 250 commits.

• cf12f21 v2.3.1
• cc767ed fix(theme-common): fix issue in tab scroll position restoration on tab click (Add --bind-address and --rpc-bind-address validator arguments solana-labs/solana#8628)
• ed13d5c chore: add "pr: dependencies" to lerna changelog labels (Connect partition flag to validators solana-labs/solana#8622)
• 484774c trigger ci
• 692bbda fix(theme-common): localStorage utils dispatch too many storage events leading to infinite loop (Expose executable and rent_epoch in AccountInfo solana-labs/solana#8619)
• ce8e55b fix(theme-common): prepare usage of useSyncExternalStore compatibility with React 18 (Add test for program_ids passed in metas solana-labs/solana#8618)
• 883983c fix(theme-classic): allow rendering single tab item (TVU does not verify transaction signatures solana-labs/solana#8593)
• 2bdd27a fix(utils): handle CRLF when parsing MDX imports (cli: Add commitment flag to vote-account and validators commands (bp #8597) solana-labs/solana#8606)
• 4761c8c chore(theme-translations): complete zh translations (Check transaction signatures in entry verify (bp #8596) solana-labs/solana#8614)
• 990e553 fix(preset-classic): install the right plugin for googleTagManager (cli: Add commitment flag to vote-account and validators commands solana-labs/solana#8597)
• 4cd2c65 chore(deps): bump eta from 1.12.3 to 2.0.0 (Split signature throughput tracking out of FeeCalculator (bp #8447) solana-labs/solana#8610)
• c84d779 chore: backport retro compatible commits for the Docusaurus v2.3 release (Hack to skip cleanup_dead_slots upon snapshot load (bp #8561) solana-labs/solana#8585)
• de97214 chore: backport retro compatible commits for the Docusaurus v2.2 release (Retry to curl to codecov.io unfortunately (bp #8263) solana-labs/solana#8264)
• 7743aa6 chore: release Docusaurus v2.1.0 (Testing stable-perf on colo nodes solana-labs/solana#8040)
• 26d2b9a chore: backport retro compatible commits for the Docusaurus v2.1 release (Add different shred test to test_tvu_peers_and_stakes solana-labs/solana#8033)
• bb65b5c chore: release v2.0.1 (Harden untrusted genesis file consumption solana-labs/solana#7919)
• 2ef40c2 chore: Netlify branch deploys should only deploy default locale "en" (solana-install init doesn't know when there's no work to do solana-labs/solana#7788)
• d88f248 chore: add Netlify config for major version branch deploys (docusaurus-v2 branch) (Too easy to burn tokens solana-labs/solana#7787)
• e4fc47b Merge branch 'main' into docusaurus-v2
• 7f40350 chore: fix codesandbox playgrounds, use Node.js 16 version (Plumb ability to handle duplicate shreds into shred insertion functions solana-labs/solana#7784)
• 1065e55 refactor(core): log Docusaurus & Node version before exiting (Block time calculation gets warped with high stakes solana-labs/solana#7781)
• 965a01e chore: port-2.0.0-rc.1 (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7782)
• e78a15e chore: ci tests should run on version branches "docusaurus-vX" (Unignore advisories as affected ver. is corrected (bp #7730) solana-labs/solana#7783)
• c751bc6 chore: regen v2.0.0-rc.1 examples (Add hash stats information to check hashes between validators solana-labs/solana#7780)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
🦉 Cross-site Scripting (XSS)

[socket-security]

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
core-js@3.27.2 (upgraded)	postinstall	docs/package-lock.json via @docusaurus/core@2.0.0-beta.0, @docusaurus/preset-classic@2.3.1, @docusaurus/theme-search-algolia@2.3.1
core-js@3.9.0 (upgraded)	postinstall	explorer/package-lock.json via react-scripts@4.0.3
core-js-pure@3.27.2 (upgraded)	postinstall	docs/package-lock.json via @docusaurus/core@2.0.0-beta.0, @docusaurus/preset-classic@2.3.1, @docusaurus/theme-search-algolia@2.3.1
core-js-pure@3.6.5 (upgraded)	postinstall	explorer/package-lock.json via react-scripts@4.0.3

😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package	Bin script	Source
ansi-html@0.0.7 (added)	ansi-html	docs/package-lock.json via @docusaurus/core@2.0.0-beta.0, explorer/package-lock.json via react-scripts@4.0.3
ansi-html-community@0.0.8 (added)	ansi-html	docs/package-lock.json via @docusaurus/preset-classic@2.3.1, @docusaurus/theme-search-algolia@2.3.1

Pull request report summary

Issue	Status
Install scripts	⚠️ 4 issues
Native code	✅ 0 issues
Bin script confusion	⚠️ 2 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore core-js@3.27.2
• @SocketSecurity ignore core-js@3.9.0
• @SocketSecurity ignore core-js-pure@3.27.2
• @SocketSecurity ignore core-js-pure@3.6.5
• @SocketSecurity ignore ansi-html@0.0.7

Powered by socket.dev

[stale]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[stale]

This stale pull request has been automatically closed. Thank you for your contributions.