[Snyk] Security upgrade @apideck/portman from 1.22.0 to 1.23.2 (!74) · Merge requests · Operátor ICT / Golemio / Code / golemio-cli

Robot Operator ICT requested to merge snyk-fix-61bb791c9e5014856251ac8f5c4de513 into development Jan 10, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this Merge Request

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	No	Proof of Concept
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	No	Proof of Concept