[Snyk] Fix for 2 vulnerabilities

[JackovAlltrades]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	No	No Known Exploit
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @solid/query-ldflex

The new version differs by 41 commits.

• bfd9f3a Release version 2.10.0 of the npm package.
• a508634 Explain rdflib.js usage.
• fca6f1b Use new @ ldflex/comunica package.
• a12ec64 Generate rdflib build.
• bf1bc4c Add rdflib-specific export.
• bfb263f Add Comunica-specific export as default.
• 8fe2fc3 Separate root path and export.
• 19293bd Make SubjectPathResolver independent of Comunica.
• 220576e Make update engine independent of Comunica.
• eeddee8 Move handlers and resolvers into folders.
• f8b619a Upgrade dependencies.
• 5cdcb70 Don't use environment variables.
• 594bf89 Correct string quotes.
• f08ec40 Release version 2.9.0 of the npm package.
• ac195c6 Upgrade dependencies.
• 079b521 Build demo minified.
• b1fbe4a Release version 2.8.1 of the npm package.
• 9cbd831 Report webpack progress.
• 6f13e8d Upgrade dependencies.
• b7054b1 Build with locked dependencies.
• 4d757b6 link to new website
• d9aa14f Release version 2.8.0 of the npm package.
• a3c795c Export webpack configurations.
• 4867ec1 Do not shim the Streams API.

See the full diff

Package name: solid-auth-client

The new version differs by 34 commits.

• 1dd5b26 2.5.0
• 6ab0fee npm update
• 640d8b1 lint
• 3a1c759 package-lock.json
• 0ef3059 Update dependencies (Feature/form viewer inrupt/solid-react-components#163)
• e32ceaa Merge pull request Updating form version and using a new form model for the app page inrupt/solid-react-components#124 from JordanShurmer/patch-2
• b8ea077 Merge pull request Fixed notification permissions when inbox is created inrupt/solid-react-components#112 from jeff-zucker/master
• f8d5379 Release version 2.4.1 of the npm package.
• e8985ae Support Request objects.
• 18eb9f9 Release version 2.4.0 of the npm package.
• 43ea3fa Update vulnerable dependencies.
• e53b509 Support Headers objects.
• 897fc5e Merge pull request github issue #30 - display proper error message when the POD provider… inrupt/solid-react-components#138 from NoelDeMartin/patch-1
• 68e7beb Rename stopTrackingSession to stopTrackSession
• bd1d3c5 Replace off call with removeListener
• 11fb397 Merge pull request Feature/restrict date options inrupt/solid-react-components#139 from christophehenry/fix-documentation
• 7918054 Fix logoUri client registration documentation
• 51e4a3d Implement stopTrackingSession method
• b673efa Merge pull request npm install fails inrupt/solid-react-components#137 from solid/readme-logo
• da06d9e Corrected copy-paste error
• df304a7 Merge pull request Fixing issue where two : were used for prefixes of local files, and r… inrupt/solid-react-components#136 from solid/revert-135-revert-134-133
• 6d28cee Revert "Revert "Solves API Style Documentation needed for class libraries inrupt/solid-react-components#133: add client_name, logo_uri and contacts fields to client …""
• c528f3c Merge pull request fixed validation onSuccess inrupt/solid-react-components#135 from solid/revert-134-133
• 093fa22 Revert "Solves API Style Documentation needed for class libraries inrupt/solid-react-components#133: add client_name, logo_uri and contacts fields to client …"

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.