[Snyk] Fix for 11 vulnerabilities

[mrheat]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-JUSTSAFESET-1920917	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-LIBP2P-3164757	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: orbit-db

The new version differs by 65 commits.

• 9d3cf91 0.29.0
• cd6a680 Merge pull request #1054 from orbitdb/fix/webpack-debug-build
• c1c7f83 Rename debug build output file
• 61c28d6 Merge pull request #1051 from orbitdb/update-documentation
• 5900eff docs: Remove breaking changes warning from change log.
• b51298f docs: Update ipfs http client instantiation to match new method.
• 0b67e74 docs: Correctly import access controller for extending.
• cd22ca9 Add release notes for 0.29.0
• cf4fde5 Update API documentation
• d2ae435 Update Getting Started Guide
• 4f68a09 Update README
• 0db4cb3 Add merkle-crdt keyword to package.json
• ee899c6 Merge pull request #1050 from orbitdb/fix/update-to-latest-ipfs
• 7e532fc Update packages
• 9cc1349 Clean up Makefile
• c6a958b Force npm install on CI
• 698421c Update packages
• cb887de Update orbitdb deps
• d840a46 Remove mem-store utils as obsolete
• 3ac87bb Fix test script
• f2eef58 Remove old ipfs version patches
• 97f6c81 Stringify PeerIDs
• d9ac2fe Use working fixtures for backwards compat. tests
• 8d747a5 Update packages to use latest IPFS

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn