[Snyk] Fix for 8 vulnerabilities

[elad165]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/cms-agilitycms/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	714/1000 Why? Has a fix available, CVSS 10	Cross-site Scripting (XSS) SNYK-JS-REMARKHTML-1583433	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @agility/content-fetch

The new version differs by 12 commits.

• 276c4f8 Merge pull request [Snyk] Security upgrade electron from 7.3.3 to 9.4.0 #60 from agility/dependabot/npm_and_yarn/axios-0.21.1
• 7c0177f Update package.json
• 50df75c Bump axios from 0.18.1 to 0.21.1
• 19cbd4a Merge pull request [Snyk] Security upgrade three from 0.118.3 to 0.125.0 #58 from agility/ali
• bbcf0c6 updated to major version number.
• 2fb34ff Merge pull request [Snyk] Security upgrade buttercms from 1.2.2 to 1.2.6 #56 from agility/ali
• 68df48c added more tests to test content from global cdn sites.
• 9de51b3 updated version number
• d644d5d stackpath work
• 28e3f14 Merge pull request [Snyk] Security upgrade electron from 7.3.3 to 11.2.1 #54 from agility/feature-expandcontentlists
• d29d95a added support for expandAllContentLinks, v 0.9.0
• 059fd94 added expandAllContentLinks and test

See the full diff

Package name: @fullhuman/postcss-purgecss

The new version differs by 90 commits.

• f5fc9d2 build: 3.1.0
• 39d4d02 chore: update changelog 3.1.0
• c00cc0a build(grunt-purgecss): v3.1
• ebcdc1f docs: fix indentation for next.js purgecss
• 446e1e6 docs: fix incorrect usage syntax
• 72302ff fix: ci update to postcss 8.2
• 28000c2 chore: add missing package-lock files
• a6a5d21 chore: add package-lock in grunt plugin
• 3daf0af ci: change dependencies installation command
• 43dbe3c fix: safelist option in CLI
• 61a04ad chore: add package-lock
• a3f163b docs: update docs 3.1
• 1f5c180 docs: fix incorrect usage syntax
• f5e4427 build: 3.1.0 pre
• 564c114 fix indentation for next.js purgecss
• 84da7ca fix: webpack types
• 1d587d8 fix: blocklist acts as not present
• 6dc099d feat: use detailed extractor for purgecss-from-html
• f2cfcf5 feat: webpack 5 compatibility
• 2ce212e build(deps-dev): bump mini-css-extract-plugin from 0.11.3 to 1.2.0
• 15d28b1 build(deps-dev): bump mini-css-extract-plugin from 0.11.3 to 1.2.0
• f4504e0 build(deps-dev): bump css-loader from 4.3.0 to 5.0.0
• 0b2ab59 build(deps-dev): bump css-loader from 4.3.0 to 5.0.0
• 5422b5f Merge pull request [Snyk] Security upgrade tailwindcss from 1.9.6 to 2.2.0 #493 from FullHuman/dependabot/npm_and_yarn/types/webpack-sources-2.0.0

See the full diff

Package name: remark-html

The new version differs by 31 commits.

• 2133d20 13.0.2
• b0b1ba5 Fix to sanitize by default
• c0b2f69 13.0.1
• 7a8cb0e Update `mdast-util-to-hast`
• bdeeee5 13.0.0
• efa1a5a Update docs
• 0b1cd0a Change to comply to CommonMark
• 5fec432 Update dev-dependencies
• db1a1d0 Add Discussions
• 60841bf 12.0.0
• 87d88f7 Add types
• 3126be4 Refactors docs on `options.sanitize` in `readme.md`
• 3806b30 Add docs for `handlers` to `readme.md`
• f59c15d Update dev-dependencies
• 2d05989 Change `master` in links
• 9ca09cf 11.0.2
• faf7d1f Rename internal method
• 4e47853 Update dev-dependencies
• 8a4d280 11.0.1
• e370aa5 Fix deprecation warning
• 58bd10e Fix releases
• d2f4489 11.0.0
• 7781ead Update `mdast-util-to-hast`
• 558d4ad Update `hast-util-to-html`

See the full diff

Package name: tailwindcss

The new version differs by 250 commits.

• 0bc3eeb 2.2.0
• 729b09a Update CHANGELOG
• 674d79d move cssnano to devDependencies
• f63b453 Add `tailwindcss/nesting` plugin (Problem with redux-observable vercel/next.js#4673)
• 243e881 Resolve purge paths relative to the current working directory (Remove unnecessary environment check in lib/app.js vercel/next.js#4655)
• 38a71d8 Use `tmp` file as a touch file ([with-jest] Move jest deps to devDeps vercel/next.js#4650)
• af4a77a Remove unused import
• 81816df Support arbitrary values for object-position
• 0d47ffd Fix cloning issues (Slow TTFB (Time to First Byte) for a very simple production deployment. vercel/next.js#4646)
• 03eab31 Update prettier to version 2.3.1
• 7f564d2 Update eslint to version 7.28.0
• 546cff8 Allow quotes in arbitrary value blocks (Failing test for #4620 vercel/next.js#4625)
• cb2598c Add support for transform, filter, backdrop-filter, box-shadow and ring to pseudo-elements (Update with-universal-configuration vercel/next.js#4624)
• d6da12f Update CHANGELOG
• ff64417 Add `blur-none` with intent to deprecate `blur-0` (Flow Type Error with Next.js 6 vercel/next.js#4614)
• 34d0551 Remove need for `filter` and `backdrop-filter` toggles (Added note for AWSAppSyncClient vercel/next.js#4611)
• f4799a3 add tests for the `--postcss` option in the new CLI (Catch errors thrown in _app.js vercel/next.js#4607)
• b86aa5c Remove need for `transform` toggle (Process available chunk names properly in dev mode vercel/next.js#4604)
• 6f1d5f0 prefer local plugins (Error: Cannot find module 'dist/build-manifest.json' vercel/next.js#4598)
• 976acb4 Update changelog
• 8518fee implement purge safelist (Typescript custom server example is broken vercel/next.js#4580)
• 3569d49 fix cli purge option when using commas (I cannot setup next.js vercel/next.js#4578)
• 40645d7 Rename `--files` option in CLI to `--purge`
• 63a67cb improve integration tests (Polyfill documentation vercel/next.js#4572)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn