[Snyk] Fix for 2 vulnerabilities

[bozza-man]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 14, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Infinite loop SNYK-JS-MARKDOWNIT-6483324	No	Proof of Concept
	161/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01236, Social Trends: No, Days since published: 1259, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mdx-js/mdx

The new version differs by 30 commits.

• bf7deab v2.0.0-next.5
• 5c15a00 fix(remark-mdx): move remark-stringify to deps (add tasks by state widget demisto/content#1190)
• f59b174 Make type test run in their own action, closes add context to commands demisto/content#1172 (Added valid CSRFToken retrieval function (#1101) demisto/content#1179)
• 9ac9755 docs(typescript): document how to use mdx 2 with typescript (open task per user widget - with new tasks index demisto/content#1181)
• 42077e4 ci(github): update github actions to latest versions (upgrade 3.5 playbook demisto/content#1180)
• cc95646 ci(github): update github actions and dtslint to latest (Added 3.5 sub-folder to Playbooks demisto/content#1178)
• 6098d94 Remove deprecated plugin options, fixes Service now ticket type demisto/content#718 (fix verify context script demisto/content#1174)
• 0da2fcf Specify pre-dist-tag
• e1b45e3 v2.0.0-next.4
• 649dbd8 Implement inline link serialization that doesn't wrap them in angle (Fix Qualys test playbook configurations demisto/content#1171)
• d08c5b6 Make testing matrix simpler (Playbook: Email Address Enrichment - Generic demisto/content#1173)
• d0059c8 v2.0.0-next.3
• fa091d2 v2.0.0-next.2
• 7829b88 Move publish to its own action
• afd60c2 Break out linting into its own action
• 3ca8e0a Fix linting (Http bytes save file demisto/content#1161)
• 577d48f Fix some linting
• db93304 Improve export name extraction for shortcode generation (add incidents-by-close-reason widget demisto/content#1160)
• ea9970a Bump deps, fix core-js version in babel configs
• 166fd9d v2.0.0-next.1
• 569f82f Make preid next to match dist tag
• a3d8f08 types: add types to test utils (ignore multi-line html code demisto/content#1083)
• e2eb4ee types: add typescript typings for remark-mdx, remark-mdx-remove-exports, remark-mdx-remove-imports, @ mdx-js/util (McAfeeWebGateway: fix test demisto/content#1082)
• 65af47c Break three main tests into their own scripts

See the full diff

Package name: markdownlint

The new version differs by 250 commits.

• 49ef661 Update to version 0.32.0.
• b709a2f Update MD054/link-image-style to add url_inline parameter (fixes Script to list HTTP redirects demisto/content#753).
• 84333a5 Bump eslint-plugin-jsdoc from 46.8.2 to 46.9.0
• 06e3ac4 Bump eslint-plugin-n from 16.3.0 to 16.3.1
• 063310e Update MD054/link-image-style to split reference parameter into full/collapsed/shortcut parameters (fixes Fixed Threat Crowd logo demisto/content#918).
• 4390715 Update test repos script to transform "header"-based rule names to "heading"-based now that the former aliases have been removed.
• a9a7794 Remove rule aliases for "header" (deprecated in v0.9.0).
• 20a552b Remove MD002 (deprecated in v0.13.0) and MD006 (deprecated in v0.19.0).
• 80539b7 Bump @ babel/core from 7.23.2 to 7.23.3
• 0cf0146 Bump globby from 13.2.2 to 14.0.0
• 08498d2 Bump @ babel/preset-env from 7.23.2 to 7.23.3
• d4bfb63 Generate TypeScript declaration for Configuration object from JSON schema (refs Iceberg integration2 demisto/content#1004, refs PhishMe reputation changes demisto/content#1014).
• b3f0e52 Remove support for end-of-life Node 16.
• d29aa37 Remove deprecated ESLint rule n/no-hide-core-modules.
• 3db8b25 Remove deprecated ESLint rules after version update, sort rules by name.
• ada9f68 Bump eslint-plugin-n from 16.2.0 to 16.3.0
• 3b1dfe4 Remove deprecated ESLint rules after version update.
• 760055e Bump eslint from 8.52.0 to 8.53.0
• 18497ff Add rule information links to JSON schema for configuration files and corresponding examples (link is clickable in VS Code tooltips).
• 1a376f6 Tweak rule parameters to avoid confusing the TypeScript type system.
• 7dc50c1 Bump @ hyperjump/json-schema from 1.6.4 to 1.6.5
• 6649a12 Bump yaml from 2.3.3 to 2.3.4
• 5fd9688 Add "LLMs" to dictionary.txt.
• efcf321 Update CONTRIBUTING.md to explicitly disallow ChatGPT and other LLMs.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Summary by CodeRabbit

• Chores
  • Updated dependencies for improved functionality and security:
    • @mdx-js/mdx updated to version ^2.0.0.
    • markdownlint updated to version ^0.32.0.

[coderabbitai]

Walkthrough

The recent update to the package.json file marks a significant leap forward, enhancing the project's dependencies by upgrading the @mdx-js/mdx package to its second major version and markdownlint to a more recent iteration. This move not only aligns the project with the latest standards and features but also ensures improved performance and compatibility.

Changes

File	Change Summary
package.json	@mdx-js/mdx upgraded from ^1.6.22 to ^2.0.0, markdownlint upgraded from ^0.26.2 to ^0.32.0

🐰✨
In the garden of code, where the digital trees sway,
A hop, skip, and a jump, we've upgraded today!
With mdx and lint, so shiny, so new,
Our project leaps forward, with changes a few.
So here's to the journey, on bytes we do roam,
Crafting worlds from our burrow, our digital home. 🌟

• @coderabbitai

---

Recent Review Status

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between df60333 and d67ddf5.

Files selected for processing (1)

• package.json (1 hunks)

Additional comments not posted (2)

package.json (2)

22-22: Ensure compatibility with @mdx-js/mdx version ^2.0.0.

---

25-25: Verify markdownlint version ^0.32.0 compatibility, especially due to the breaking change in the trim dependency.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.