[Snyk] Fix for 2 vulnerabilities

[emyann]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept
	763/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: next

The new version differs by 250 commits.

• 8c899ee v9.3.4
• e000d84 v9.3.4-canary.4
• 7b546a9 Update hello-world example React version & name for CodeSandbox (#11550)
• a37ad0a Add notes to styled-components example README (#11540)
• a992444 v9.3.4-canary.3
• 3f6bd47 Update build output with renamed column (#11401)
• 1992e2a Example/update unstated (#11534)
• d61eced Update to make sure AMP only bundles are always removed in pro… (#11527)
• fa5da6d Remove passing of NODE_OPTIONS='--inspect' to subprocesses (#11041)
• f9cd7c5 v9.3.4-canary.2
• c17ee73 Generic Type for GetStaticPaths (#11430)
• 2263876 added "with-route-as-modal" example (#11473)
• f2315ff update auth0 example with getServerSideProps (#11051)
• b307ed9 Update checking for existing dotenv usage (#11496)
• b8d075e Update environment support (#11524)
• ce3f7d0 Drop url dependency (#11503)
• 0bfc0b3 v9.3.4-canary.1
• b88f20c Fix lockfile
• d7f9a52 correct babel dev dependency
• 755dc40 postcss loaders
• a3ec26d ignore-loader
• 8dad5ab file-loader
• c855a38 babel-loader, cache-loader
• 84a46df thread-loader

See the full diff

Package name: node-sass

The new version differs by 109 commits.

• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API
• 1f6df86 Replace lodash/assign in favor of the native Object.assign
• 522828a Remove workarounds for old Node.js versions
• 40e0f00 chore: Remove second NPM badge
• ab91bf6 chore: Remove Slack badge
• 6853a80 chore: Cleanup status badges
• fb1109c chore: Bump minimum engine version to v10
• d185440 chore: Add basic Node version support policy
• db25736 chore: Bump node-gyp to 7.1.0
• 2c5b110 chore: Bump cross-spawn to v7.0.3
• 38b9633 chore: Update Istanbul to NYC
• d63b5bf chore: Bump mocha to v8.1.3
• d0d8865 chore: Skip constructor tests on v14.6+
• ee3984d chore: Hoist test ESLint config
• feee448 chore: Remove disabled and recommended rules

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 Path Traversal