[Snyk] Fix for 16 vulnerabilities

[snyk-io]

Snyk has created this PR to fix 16 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• plugins/search-backend-module-catalog/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LINKIFYREACT-11502190	815
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	810
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	810
	Interpretation Conflict SNYK-JS-NODEFORGE-14114940	765
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	750
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	750
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	750
	Information Exposure Through an Error Message SNYK-JS-BACKSTAGEBACKENDAPPAPI-6229731	740
	Uncontrolled Recursion SNYK-JS-NODEFORGE-14125745	735
	Origin Validation Error SNYK-JS-WEBPACKDEVSERVER-10300775	730
	Regular Expression Denial of Service (ReDoS) SNYK-JS-OCTOKITREQUEST-8730853	720
	Remote Code Execution (RCE) SNYK-JS-MYSQL2-6591085	715
	Arbitrary Code Injection SNYK-JS-MYSQL2-6670046	715
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	710
	Path Traversal SNYK-JS-BACKSTAGEBACKENDCOMMON-6274391	705
	Symlink Attack SNYK-JS-TARFS-9535930	705

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 Information Exposure Through an Error Message
🦉 More lessons are available in Snyk Learn

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[snyk-io]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (1)
⛔	Open Source Security	0	0	1	0	1 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[entelligence-ai-pr-reviews]

Walkthrough

Changes

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant Client as Search Client
    participant SearchModule as Search Backend Module<br/>(Catalog)
    participant CatalogClient as Catalog Client
    participant TaskScheduler as Backend Tasks
    participant SearchEngine as Search Backend Node
    participant PermissionAPI as Permission Common

    Note over SearchModule: Version Dependencies Updated:<br/>All workspace:^ → specific versions

    Client->>SearchModule: Request catalog search
    activate SearchModule
    
    SearchModule->>PermissionAPI: Check permissions
    PermissionAPI-->>SearchModule: Permission result
    
    alt Has permission
        SearchModule->>CatalogClient: Fetch catalog entities
        activate CatalogClient
        CatalogClient-->>SearchModule: Return entities
        deactivate CatalogClient
        
        SearchModule->>SearchEngine: Index/query entities
        activate SearchEngine
        SearchEngine-->>SearchModule: Search results
        deactivate SearchEngine
        
        SearchModule-->>Client: Return filtered results
    else No permission
        SearchModule-->>Client: Return empty/error
    end
    
    deactivate SearchModule
    
    Note over TaskScheduler,SearchModule: Background: Scheduled indexing tasks<br/>run periodically via Backend Tasks

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.