[Snyk] Fix for 1 vulnerabilities

[bcgov-devops]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • frontend/package.json
  • frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	167/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 3, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.78, Score Version: V5	Prototype Pollution SNYK-JS-AXIOS-6144788	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aws-amplify

The new version differs by 250 commits.

• d505105 release: Amplify JS v6 Initial Release (#12461)
• 04fd02c chore: Disable SSR tests (#12458)
• af23a19 chore: Merge `next/main` into `main` (#12454)
• 798c540 chore: Merge next/main into main
• 7a5440a chore: Make `adapter-nextjs` private (#12453)
• 6a1a0cb fix(notifications): Duplicate types from optional packages (#12446) (#12452)
• 0d43443 chore: Re-baseline bundle size checks (#12423)
• 54633aa feat: prep predictions for publish (#12441)
• 6b1c478 chore(pubsub): Migrate PubSub to named params (#12440)
• 5a5b71e chore(interactions): enable interactions (#12443)
• dd382ee feat(auth): add signInDetails to AuthUser interface (#12439)
• dc4b91f fix(interactions): align type names and use named params (#12406)
• 80715c3 docs(core): mark signer as internal (#12413)
• 8918802 chore: Move `@ types/uuid` to dependencies (#12437)
• 74915a4 chore: Update release deployment target (#12438)
• 6f4d984 feat: ssr support for graphql (#12430)
• 9717d77 fix: export missing output type (#12434)
• f405448 fix(datastore): crypto random numbers for ulid factory (#12435)
• 9e75bda chore: Remove config & library option merging (#12432)
• 9277184 fix(core): disable type to accept empty config for analytics (#12426)
• b06a7e4 fix(adapter-nextjs): ensure to use meaningful exception on config resolution
• 0216e44 chore(aws-amplify): change deafult sameSite value to 'lax'
• fdb6732 fix(core): give ampilfyUuid clear type info (#12388)
• 4cd6dc0 fix(auth): handle multiple redirect links (#12415)

See the full diff

Package name: axios

The new version differs by 21 commits.

• 8790b8e chore(release): v1.6.4 (#6173)
• 0ad520d chore(ci): fix notify action; (#6172)
• 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
• 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
• 90864b3 docs: update logos
• 1542719 docs: updated headline sponsors
• b15b918 chore(release): v1.6.3 (#6151)
• b76cce0 chore(ci): added branches filter for notify action; (#6084)
• 5e7ad38 fix: Regular Expression Denial of Service (ReDoS) (#6132)
• 8befb86 docs: update alloy link (#6145)
• d18f40d docs: add headline sponsors
• b3be365 chore(release): v1.6.2 (#6082)
• 8739acb chore(ci): removed redundant release action; (#6081)
• bfa9c30 chore(docs): fix outdated grunt to npm scripts (#6073)
• a2b0fb3 chore(docs): update README.md (#6048)
• b12a608 chore(ci): removed paths-ignore filter; (#6080)
• 0c9d886 chore(ci): reworked ignoring files logic; (#6079)
• 30873ee chore(ci): add paths-ignore config to testing action; (#6078)
• cff9967 feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; (#6046)
• 7009715 chore(ci): fixed release notification action; (#6064)
• 7144f10 chore(ci): fixed release notification action; (#6063)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

---

Thanks for the PR!

Any successful deployments (not always required) will be available below.
Backend
Frontend

Once merged, code will be promoted and handed off to following workflow run.
Main Merge Workflow