[Snyk] Security upgrade next from 16.1.6 to 16.1.7

[aravindbuilt]

Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	HTTP Request Smuggling SNYK-JS-NEXT-15674558	104
	Missing Origin Validation in WebSockets SNYK-JS-NEXT-15674560	80
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15674556	66
	Allocation of Resources Without Limits or Throttling SNYK-JS-NEXT-15674559	66
	Cross-site Request Forgery (CSRF) SNYK-JS-NEXT-15674557	52

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling
🦉 Cross-site Request Forgery (CSRF)

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	0	10	✅ Passed
🟠 High Severity	3	0	25	✅ Passed
🟡 Medium Severity	2	20	500	✅ Passed
🔵 Low Severity	0	0	1000	✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	0	15 / 30 days	✅ Passed
🟠 High	3	0	30 / 120 days	❌ Failed
🟡 Medium	0	18	90 / 365 days	⚠️ Warning
🔵 Low	0	0	180 / 365 days	✅ Passed

🟠 High Severity - SLA Breached Issues (with fixes)

Showing 3 issue(s) that have exceeded the 30-day SLA threshold:

1. Prototype Pollution

   • ID: SNYK-JS-AXIOS-15252993
   • Package: axios@1.13.4
   • Published: 35 days ago (SLA: 30 days)
   • CVSS Score: 8.7
   • CVE: CVE-2026-25639

2. Prototype Pollution

   • ID: SNYK-JS-AXIOS-15252993
   • Package: axios@1.13.4
   • Published: 35 days ago (SLA: 30 days)
   • CVSS Score: 8.7
   • CVE: CVE-2026-25639

3. Allocation of Resources Without Limits or Throttling

   • ID: SNYK-JS-QS-15268416
   • Package: qs@6.14.1
   • Published: 34 days ago (SLA: 30 days)
   • CVSS Score: 8.2
   • CVE: CVE-2026-2391

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

• Critical without fixes: 0
• High without fixes: 0
• Medium without fixes: 20
• Low without fixes: 0

❌ BUILD FAILED - Security checks failed

Please review and fix the security vulnerabilities before merging.

[naman-contentstack]

Closing the PR, as this is already updated