[Snyk] Fix for 1 vulnerabilities

[realize096]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Infinite loop SNYK-JS-MARKDOWNIT-6483324	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @graphiql/react

The new version differs by 250 commits.

• 29e99a8 Version Packages (PR page changed, browser ext not working sourcegraph/sourcegraph-public-snapshot#3577)
• 5d05105 Update to markdown-it 14.x (In the contributors view, merge authors with different emails but the same GitHub user sourcegraph/sourcegraph-public-snapshot#3569)
• 8584726 Version Packages
• fc7de5a fix: Stop a tag with href of 'javascript:void 0' from navigating (Base URL? sourcegraph/sourcegraph-public-snapshot#3567)
• 7e86dc4 Version Packages (Fix up language server docs sourcegraph/sourcegraph-public-snapshot#3561)
• e9fc21a fix: Fix vscode-graphql-syntax’s grammar to support string literals on separate lines [Reapply & Fix] (OCaml syntax highlighting is broken sourcegraph/sourcegraph-public-snapshot#3545)
• ece99f6 Version Packages (Arduino sources not recognized as C source files sourcegraph/sourcegraph-public-snapshot#3550)
• e5efc97 fix OpenVSX dependency bug by tweaking openvsx publish (Error: editor not found sourcegraph/sourcegraph-public-snapshot#3549)
• e29ce84 Version Packages (Update dependency @sourcegraph/codeintellify to ^6.1.0 - autoclosed sourcegraph/sourcegraph-public-snapshot#3544)
• defc126 Revert "fix: Fix vscode-graphql-syntax’s grammar to support string literals on separate lines" (Factor out store and zipcache from searcher to store pkg sourcegraph/sourcegraph-public-snapshot#3543)
• 04b44fa Version Packages (Enable indexing by default for new deployments sourcegraph/sourcegraph-public-snapshot#3540)
• f4c98c1 multiple argument syntax highlighting (symbol search slow at scale sourcegraph/sourcegraph-public-snapshot#3534)
• e502c41 fix: Fix vscode-graphql-syntax’s grammar to support string literals on separate lines (simplify and improve encapsulation of CompletionWidget CSS sourcegraph/sourcegraph-public-snapshot#3518)
• dfe083a Version Packages (config: simplify test for SearchIndexEnabled sourcegraph/sourcegraph-public-snapshot#3530)
• a38152e fix triple quote comment syntax (User search scopes clobber global and organizational search scopes sourcegraph/sourcegraph-public-snapshot#3529)
• 28a101f Version Packages (3.3.1 Patch Release sourcegraph/sourcegraph-public-snapshot#3527)
• 2b6ea31 Fix bug in Explorer plugin where characters are dropped when typing quickly (Error while adding Gitlab external source  sourcegraph/sourcegraph-public-snapshot#3526)
• 88d76ca fix: Do not override existing json diagnostic schemas (Cannot use self signed certificate sourcegraph/sourcegraph-public-snapshot#3523)
• 25c3bfd Version Packages (WIP: MessagePortLike sourcegraph/sourcegraph-public-snapshot#3520)
• 8188e3e upgrade ovsx (test removal of content views and text fields in browser extension sourcegraph/sourcegraph-public-snapshot#3519)
• 70d25ab Version Packages (Release 3.3.0 sourcegraph/sourcegraph-public-snapshot#3513)
• 36c7f25 fix typescript bundling for svelte2tsx, config loading (remove unnecessary use of sg-mounted class sourcegraph/sourcegraph-public-snapshot#3514)
• a562c96 fix: block strings syntax highlighting in cm6-graphql (Show npm dep graph sourcegraph/sourcegraph-public-snapshot#3505)
• 7f05c10 fix: Race condition in the workerManager (3.3 release email sourcegraph/sourcegraph-public-snapshot#3507)

See the full diff

Package name: graphiql

The new version differs by 250 commits.

• 29e99a8 Version Packages (PR page changed, browser ext not working sourcegraph/sourcegraph-public-snapshot#3577)
• 5d05105 Update to markdown-it 14.x (In the contributors view, merge authors with different emails but the same GitHub user sourcegraph/sourcegraph-public-snapshot#3569)
• 8584726 Version Packages
• fc7de5a fix: Stop a tag with href of 'javascript:void 0' from navigating (Base URL? sourcegraph/sourcegraph-public-snapshot#3567)
• 7e86dc4 Version Packages (Fix up language server docs sourcegraph/sourcegraph-public-snapshot#3561)
• e9fc21a fix: Fix vscode-graphql-syntax’s grammar to support string literals on separate lines [Reapply & Fix] (OCaml syntax highlighting is broken sourcegraph/sourcegraph-public-snapshot#3545)
• ece99f6 Version Packages (Arduino sources not recognized as C source files sourcegraph/sourcegraph-public-snapshot#3550)
• e5efc97 fix OpenVSX dependency bug by tweaking openvsx publish (Error: editor not found sourcegraph/sourcegraph-public-snapshot#3549)
• e29ce84 Version Packages (Update dependency @sourcegraph/codeintellify to ^6.1.0 - autoclosed sourcegraph/sourcegraph-public-snapshot#3544)
• defc126 Revert "fix: Fix vscode-graphql-syntax’s grammar to support string literals on separate lines" (Factor out store and zipcache from searcher to store pkg sourcegraph/sourcegraph-public-snapshot#3543)
• 04b44fa Version Packages (Enable indexing by default for new deployments sourcegraph/sourcegraph-public-snapshot#3540)
• f4c98c1 multiple argument syntax highlighting (symbol search slow at scale sourcegraph/sourcegraph-public-snapshot#3534)
• e502c41 fix: Fix vscode-graphql-syntax’s grammar to support string literals on separate lines (simplify and improve encapsulation of CompletionWidget CSS sourcegraph/sourcegraph-public-snapshot#3518)
• dfe083a Version Packages (config: simplify test for SearchIndexEnabled sourcegraph/sourcegraph-public-snapshot#3530)
• a38152e fix triple quote comment syntax (User search scopes clobber global and organizational search scopes sourcegraph/sourcegraph-public-snapshot#3529)
• 28a101f Version Packages (3.3.1 Patch Release sourcegraph/sourcegraph-public-snapshot#3527)
• 2b6ea31 Fix bug in Explorer plugin where characters are dropped when typing quickly (Error while adding Gitlab external source  sourcegraph/sourcegraph-public-snapshot#3526)
• 88d76ca fix: Do not override existing json diagnostic schemas (Cannot use self signed certificate sourcegraph/sourcegraph-public-snapshot#3523)
• 25c3bfd Version Packages (WIP: MessagePortLike sourcegraph/sourcegraph-public-snapshot#3520)
• 8188e3e upgrade ovsx (test removal of content views and text fields in browser extension sourcegraph/sourcegraph-public-snapshot#3519)
• 70d25ab Version Packages (Release 3.3.0 sourcegraph/sourcegraph-public-snapshot#3513)
• 36c7f25 fix typescript bundling for svelte2tsx, config loading (remove unnecessary use of sg-mounted class sourcegraph/sourcegraph-public-snapshot#3514)
• a562c96 fix: block strings syntax highlighting in cm6-graphql (Show npm dep graph sourcegraph/sourcegraph-public-snapshot#3505)
• 7f05c10 fix: Race condition in the workerManager (3.3 release email sourcegraph/sourcegraph-public-snapshot#3507)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.