[Snyk] Fix for 5 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	Yes	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @11ty/eleventy

The new version differs by 250 commits.

• 05c6263 v2.0.0
• 5c2a5bf Update dev-dependencies
• 7ed1fef Merge pull request #2781 from danburzo/mdlib-set
• 97243b6 v2.0.0-beta.3
• 55e0a62 v2.0.0-canary.35
• 23b80d9 Merge pull request #2783 from mrmartineau/fix/serverless-var
• 9f13b8e Fixes serverlessFilePath is not defined (2.0.0-beta.2) #2782
• b466258 Make markdown library .set() method optional
• bde84b4 v2.0.0-beta.2
• 6f877de v2.0.0-canary.34
• 153ea8f One more update to the dev server dep
• c5ce8df A few notes about beta/canary
• 6fedb86 Update dev server dependency
• 2decde9 Fixes #2755
• 786105e Fixes #2773
• 99140d8 Adds `runMode` to `eleventy` global data. Fixes #2770
• 4504820 Update license date
• 2cb8ba2 debug log ignores for glob search
• 3810ccf Fixes #2758 by normalizing references for `.canary` to `.alpha`.
• a79788c v2.0.0-beta.1
• 06434e6 v2.0.0-canary.33
• e35db93 Use new Edge CDN version
• 571b305 v2.0.0-canary.32
• e215445 Update deps

See the full diff

Package name: firebase-tools

The new version differs by 171 commits.

• 7d2a90e 12.4.5
• 15b9cd9 Updating proxy-agent (#6160)
• ad4e144 Next.js image optimization fixes (#6143)
• 1f5f2ac Patch fix for issues caused by adding type check in #5906 (#6127)
• 83c5292 Better message for api enablement failures (#6130)
• 501c056 b/390633880 fix --only in firestore deploy (#6129)
• 177a5c2 Fix issue where Flutter Web is not detected as a web framework (#6140)
• b41c6f4 Improve error message when functions:shell command fails due to missing project association. (#6088)
• 53b65d6 VSCode plugin: Disable Google login flow in monospace environment (#6131)
• 5d6634e VSCode Plugin: Better error handling for init and deploy (#6124)
• bd73173 Prune old versions when creating new secret version using `secrets:set` command (#6080)
• 0586de7 [firebase-release] Removed change log and reset repo after 12.4.4 release
• 337179b 12.4.4
• 7b18626 Disabling flaky test on windows (#6122)
• 1e4d802 Better logging to help debug login issues (#6119)
• 473deff Fix requireAuthWrapper logic and service account email detection (#6115)
• 6b27c62 fix spelling errors in functions (#6087)
• a20cd4e Round of dependabot updates (#6116)
• f458180 VSCode plugin: Add UX improvements (#6091)
• c37634a Rewrite `src/localFunction.js` in TypeScript. (#6092)
• 2a30b5d Clarifying what the CLI does with dynamic content on next.js (per customer feedback). (#6093)
• eab7913 Make firebase:database:list to always use the RTDB management API (#6063)
• 7a9d6f2 Disables KeepAlive timeout when debugger is attached to the functions emulator (#6069)
• 3bcc671 VSCode plugin: Handle service accounts better (#6078)

See the full diff

Package name: workbox-cli

The new version differs by 250 commits.

• 03055e6 v6.3.0
• bdf592c Tweak to parserOptions
• 1fe537f Fix formatting
• f7050da Re-add build step
• 669df58 changing durability to relaxed (#2934)
• 43d56d5 Update to cache@v2 (#2935)
• 63ea2ca Enable prettier (#2929)
• 70bfa09 Allow precaching "repair" when using subresource integrity (#2921)
• 094d081 Use Application Default Credentials (#2918)
• 5da8924 Debug logging when caching Vary: headers (#2916)
• 9e79454 Run a single, top-level tsc --build (#2923)
• 2b4e88b Use iframes instead of tabs (#2928)
• 16fa3de Preserve headers in PrecacheCacheKeyPlugin (#2914)
• 86818e4 Use chokidar 3.x directly (#2913)
• 43602e3 notifyAllClients option (#2920)
• 833d801 Error.name already exists (#2922)
• 1f4b558 Export all WorkboxEvents (#2919)
• 0074b20 v6.2.4
• 74f01e3 Override more function validation (#2911)
• 1621bcd v6.2.3
• 1e20a87 Small tweak
• fb030eb Move trusted-types to deps (#2909)
• 10a3892 v6.2.2
• 13cdf36 Use the exact flag (#2907)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Prototype Pollution
🦉 Remote Code Execution (RCE)