build(deps): bump koa and vuepress

[dependabot]

Removes koa. It's no longer used after updating ancestor dependency vuepress. These dependencies need to be updated together.

Removes koa

Updates vuepress from 0.14.11 to 1.9.10

Release notes

Sourced from vuepress's releases.

v1.9.10

Bug Fixes

• core: failed to resolve theme components when using theme inheritance (close: #3163) (#3164) (546499b)
• markdown: replace double quotation marks in classname(fix #3152) (#3154) (cef64e6)

v1.9.2

TS Support for VuePress Plugin and Theme.

Motivation

We've announced VuePress 1.9 that takes full TypeScript Support for Config File, while VuePress 1.9.2 ships with TS Support for VuePress Plugin and Theme:

Quick Start

In order to make the plugin developer not dependent on VuePress for development, we provide a completely independent type package @vuepress/types:

npm i @vuepress/types -D

@vuepress/types exports four functions:

• defineConfig
• defineConfig4CustomTheme
• defineTheme
• definePlugin

Note that using @vuepress/types is equivalent to using vuepress/config.

Plugin Type

If you already have some VuePress plugins written in JS, you can leverage your IDE's intellisense with jsdoc type hints:

/**
 * @type {import('@vuepress/types').Plugin}
 */
module.exports = {
  ready() {
    // ...
  }
};

... (truncated)

Changelog

Sourced from vuepress's changelog.

1.9.10 (2023-08-14)

Bug Fixes

• core: failed to resolve theme components when using theme inheritance (close: #3163) (#3164) (546499b)
• markdown: replace double quotation marks in classname(fix #3152) (#3154) (cef64e6)

1.9.9 (2023-02-25)

Bug Fixes

• remove non-existing :blur css pseudo selector (#3118) (5e3a5a0) @​Niko Strijbol
• theme-default: headings anchor should not be selectable (#3063) (e5915a8) @​Rami Yushuvaev
• types: missing types for initialOpenGroupIndex (close: #3129) (#3130) (9049d48) @​ulivz
• types: missing types for nested sidebar group (close: #3127) (#3128) (74d5eec) @​ulivz

1.9.8 (2023-01-06)

Bug Fixes

• cli: .vuepress/config.ts does not respect custom command (close: #3113) (#3114) (7cd8b30) @​ulivz

1.9.7 (2022-01-18)

Bug Fixes

• types: missing ariaLabel at default theme config (a7b12bf) @​ulivz

1.9.6 (2022-01-17)

Bug Fixes

• core: compatibility with node 10 (close: #2981) (#2992) (f59598a) @​ulivz
• types: missing sidebarDepth at default theme config (5c6a16c) @​ulivz

Features

... (truncated)

Commits

• a3e4bba build: release version 1.9.10
• f1cbdb6 build: release version 1.9.9
• cb87096 build: release version 1.9.8
• 7cd8b30 fix(cli): .vuepress/config.ts does not respect custom command (close: #3113...
• 2f2357a build: release version 1.9.7
• 5699216 build: release version 1.9.6
• 2f9a394 feat: add build concurrency control (close: #1819) (#2953)
• ef6f87a build: release version 1.9.5
• e4a28db build: release version 1.9.4
• accfe87 build: release version 1.9.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[ibcheckmarx]

Checkmarx One – Scan Summary & Details – a2491df5-dcf5-4d17-b64e-2cb050fe1304

New Issues (523)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2017-16042	Npm-growl-1.9.2	details Recommended version: 1.10.0 Description: Growl adds growl notification support to nodejs. Growl before 1.10.0 does not properly sanitize input before passing it to exec, allowing for arbit... Attack Vector: NETWORK Attack Complexity: LOW ID: gDYJVJaRhr0SefjNkNEUvR5ZOSBJCjPgIZAVMagUGAw%3D Vulnerable Package
	CVE-2018-11499	Npm-node-sass-4.5.3	details Description: A Use-After-Free vulnerability exists in "handle_error()" in "sass_context.cpp" in LibSass 3.4.x and 3.5.x through 3.5.5 that could be leveraged to... Attack Vector: NETWORK Attack Complexity: LOW ID: xE91d%2B6PZC5Gf%2FS9%2Buy9Fpkhmpj0Hu6Jp1%2BXW5%2B6qv4%3D Vulnerable Package
	CVE-2018-16492	Npm-extend-3.0.0	details Recommended version: 3.0.2 Description: A Prototype Pollution vulnerability was found in module extend that allows an attacker to inject arbitrary properties onto "Object.Prototype". This... Attack Vector: NETWORK Attack Complexity: LOW ID: 4enhMzUJsToTPdUv83rSfFlscMgc%2FCcCJ0eQOakydg0%3D Vulnerable Package
	CVE-2018-16492	Npm-extend-3.0.1	details Recommended version: 3.0.2 Description: A Prototype Pollution vulnerability was found in module extend that allows an attacker to inject arbitrary properties onto "Object.Prototype". This... Attack Vector: NETWORK Attack Complexity: LOW ID: IigQ1%2B%2B33nCUvxI4SiYhLRiFNPaw3sjoAq0%2Bviq839M%3D Vulnerable Package
	CVE-2018-3739	Npm-https-proxy-agent-1.0.0	details Recommended version: 2.2.0 Description: https-proxy-agent before 2.2.0 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory ... Attack Vector: NETWORK Attack Complexity: LOW ID: Bn4U555scjQK6UuNGfeYygtxRWdFhlZM%2BvJgAds0JZ4%3D Vulnerable Package
	CVE-2018-3739	Npm-https-proxy-agent-2.1.0	details Recommended version: 2.2.0 Description: https-proxy-agent before 2.2.0 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory ... Attack Vector: NETWORK Attack Complexity: LOW ID: O6aY3w56TrUF58%2BsbRtrxCC67KuZiBVBcWB52bKfaFs%3D Vulnerable Package
	CVE-2018-3750	Npm-deep-extend-0.4.1	details Recommended version: 0.5.1 Description: The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attac... Attack Vector: NETWORK Attack Complexity: LOW ID: 7E2H3Ej7Z5CrVy7ksg9LqIwL1MoGLWhIF3sh3UoGr%2B4%3D Vulnerable Package
	CVE-2018-3750	Npm-deep-extend-0.4.2	details Recommended version: 0.5.1 Description: The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attac... Attack Vector: NETWORK Attack Complexity: LOW ID: q%2FBa3rhYpl8iVvyEDk%2B9UzvfXPP9TVGzeaOhXodjB98%3D Vulnerable Package
	CVE-2019-10747	Npm-set-value-0.4.3	details Recommended version: 2.0.1 Description: set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FdrkXCEspSi8NWnA2sUhPuecQyEhzeOMvtFaP0BgrnQ%3D Vulnerable Package
	CVE-2019-10747	Npm-set-value-2.0.0	details Recommended version: 2.0.1 Description: set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying... Attack Vector: NETWORK Attack Complexity: LOW ID: eUqnrujC68gdaXLKLejIGY2q8NDsP5y83G9%2FJZUT0%2Fs%3D Vulnerable Package
	CVE-2019-19919	Npm-handlebars-4.0.10	details Recommended version: 4.7.7 Description: Versions of handlebars prior to 3.0.8 and 4.x prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may ... Attack Vector: NETWORK Attack Complexity: LOW ID: Ln7HbO31WrI5DcZ5W07G80emNtg42CdCjjM3fvDpi8o%3D Vulnerable Package
	CVE-2019-19919	Npm-handlebars-4.1.2	details Recommended version: 4.7.7 Description: Versions of handlebars prior to 3.0.8 and 4.x prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may ... Attack Vector: NETWORK Attack Complexity: LOW ID: zVyQapjrn3IsDukwFctIk9oNgIP%2F3YHeRcAHyptOX%2B0%3D Vulnerable Package
	CVE-2020-7788	Npm-ini-1.3.5	details Recommended version: 1.3.6 Description: This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will p... Attack Vector: NETWORK Attack Complexity: LOW ID: o4NUd8p99JWVJMO6wM6CB%2Fkz3YV9S1gznMR818%2BXBAk%3D Vulnerable Package
	CVE-2020-7788	Npm-ini-1.3.4	details Recommended version: 1.3.6 Description: This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will p... Attack Vector: NETWORK Attack Complexity: LOW ID: UsDzIngPSZJhmbKtPa%2FcB8nnl4bWpnbBiX%2FurwgkIAM%3D Vulnerable Package
	CVE-2021-21353	Npm-pug-code-gen-2.0.0	details Recommended version: 3.0.3 Description: In pug-code-gen before version 2.0.3 and 3.x before 3.0.2, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. i... Attack Vector: NETWORK Attack Complexity: HIGH ID: jimBhvadzGa10qL0jL5n%2Br6XhvdAhuCONdT0wcuR3IE%3D Vulnerable Package
	CVE-2021-23406	Npm-pac-resolver-2.0.0	details Recommended version: 5.0.0 Description: This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The f... Attack Vector: NETWORK Attack Complexity: LOW ID: 3r1fdHXJnB6Hc5oBW%2BQFz7hYHKjGupr2mso7mWLN16Q%3D Vulnerable Package
	CVE-2021-23406	Npm-degenerator-1.0.4	details Recommended version: 3.0.1 Description: This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The f... Attack Vector: NETWORK Attack Complexity: LOW ID: jLONZiAIYZ6vjX4WkjRAKlW%2FZmmWwJdT9KNGjdbf8JM%3D Vulnerable Package
	CVE-2021-23440	Npm-set-value-2.0.0	details Recommended version: 2.0.1 Description: This affects the package "set-value" prior to 2.0.1, prior to 3.0.3, and prior to 4.0.1. A Type Confusion vulnerability can lead to a bypass of CVE... Attack Vector: NETWORK Attack Complexity: LOW ID: FMlb%2BTEssYDV5KzQYzq7lg0QaqLfM7mn%2B%2F6eDFQQ85Q%3D Vulnerable Package
	CVE-2021-23440	Npm-set-value-0.4.3	details Recommended version: 2.0.1 Description: This affects the package "set-value" prior to 2.0.1, prior to 3.0.3, and prior to 4.0.1. A Type Confusion vulnerability can lead to a bypass of CVE... Attack Vector: NETWORK Attack Complexity: LOW ID: p4DKi5bJGUFlPw5govfTkkySOSYb38oQtrQjl6%2Bie5Y%3D Vulnerable Package
	CVE-2021-23555	Npm-vm2-3.5.0	details Recommended version: 3.9.6 Description: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation... Attack Vector: NETWORK Attack Complexity: LOW ID: 1rqMvIW6eYqMGPI2DT2Sg5LHXp8foaRRxc2HjE%2Bk7Gs%3D Vulnerable Package
	CVE-2021-23555	Npm-vm2-3.6.0	details Recommended version: 3.9.6 Description: The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation... Attack Vector: NETWORK Attack Complexity: LOW ID: JeoZlLopEOkd7Sk8OUJ56mwim%2FwDDYG9h8RJq4HsAeg%3D Vulnerable Package
	CVE-2021-23807	Npm-jsonpointer-4.0.1	details Recommended version: 5.0.0 Description: A type confusion vulnerability in jsonpointer can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays. Th... Attack Vector: NETWORK Attack Complexity: LOW ID: %2FNzAr26LtyKYj4ohUplf9XrxO3xXlC2pDrIq8BgatqA%3D Vulnerable Package
	CVE-2021-28918	Npm-netmask-1.0.6	details Recommended version: 2.0.1 Description: Improper input validation of octal strings in netmask npm package up to 1.1.0 allows unauthenticated remote attackers to perform indeterminate SSRF... Attack Vector: NETWORK Attack Complexity: LOW ID: FX44wd2FAAvPw%2B4tCZ%2BF%2Bn2hy6JGGELmmNQd3%2BD4dy0%3D Vulnerable Package
	CVE-2021-31597	Npm-xmlhttprequest-ssl-1.5.5	details Recommended version: 1.6.2 Description: The xmlhttprequest-ssl package versions prior to 1.6.1 for Node.js disable SSL certificate validation by default. This occurs because the "rejectUn... Attack Vector: NETWORK Attack Complexity: LOW ID: OCNeUPTgm5CiR60rBhWOAPYyZjJhmHDdikr15yLb4QQ%3D Vulnerable Package
	CVE-2021-3918	Npm-json-schema-0.2.3	details Recommended version: 0.4.0 Description: json-schema before 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Attack Vector: NETWORK Attack Complexity: LOW ID: Yb0J%2FWkPc8bDebcoxSCW%2FxzSS50SWJLrP3ZsfzwBEzg%3D Vulnerable Package
	CVE-2021-42740	Npm-shell-quote-1.6.1	details Recommended version: 1.7.3 Description: The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex de... Attack Vector: NETWORK Attack Complexity: LOW ID: 2dYXMTgM%2FuodaBiTBQQRbZW8g52cKgRYUT2bYQ%2F0VSw%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.1.9	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: E%2F9Vzrukdh8wd7vYV2mWa6mTmCCZXXsARojHBAKW1sg%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.4.4	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: i1DwTITtOL6tc1caIPKvUo6Ktwlwa0w5%2BgK%2FIYLLZpE%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.1.8	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: iyJ2jlARholCh8jgjclCkQKmAXD5L8grhp1Dj0q71hA%3D Vulnerable Package
	CVE-2022-0686	Npm-url-parse-1.0.5	details Recommended version: 1.5.9 Description: Authorization Bypass through User-Controlled Key in NPM url-parse prior to 1.5.8. When no port number is provided in the "url", url-parse is unable... Attack Vector: NETWORK Attack Complexity: LOW ID: N4mXHbsk%2Facruv9Y6%2FGq%2BXqgEZCkgcdPwNB8SnGfQpw%3D Vulnerable Package
	CVE-2022-25893	Npm-vm2-3.6.0	details Recommended version: 3.9.10 Description: The package vm2 versions prior to 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the ''WeakMap.prototyp... Attack Vector: NETWORK Attack Complexity: LOW ID: 8MlmQwYMjzNlZjQw4VvjJ9f4TTLKh7CoEqJldZXJTO4%3D Vulnerable Package
	CVE-2022-25893	Npm-vm2-3.5.0	details Recommended version: 3.9.10 Description: The package vm2 versions prior to 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the ''WeakMap.prototyp... Attack Vector: NETWORK Attack Complexity: LOW ID: rWG67jfl2Rj2F1LtEgeM0Q9zf6AQ6k%2Bv%2Fp%2F3xK6qDjQ%3D Vulnerable Package
	CVE-2022-37611	Npm-gh-pages-1.1.0	details Recommended version: 5.0.0 Description: Prototype pollution vulnerability in the package gh-pages versions 0.2.0 through 4.0.0 via the "partial" variable in "util.js". Attack Vector: NETWORK Attack Complexity: LOW ID: McGWdxvEZalvQrTBe67MuPxHztVSjlgA6u2ASXR3Hns%3D Vulnerable Package
	CVE-2023-29017	Npm-vm2-3.5.0	details Recommended version: 3.9.15 Description: vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host ... Attack Vector: NETWORK Attack Complexity: LOW ID: Fl4BQ7HRJwl1DHkGU%2Fc3iOUWWtNAWsfuqG3QlGGwE%2FU%3D Vulnerable Package
	CVE-2023-29017	Npm-vm2-3.6.0	details Recommended version: 3.9.15 Description: vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host ... Attack Vector: NETWORK Attack Complexity: LOW ID: WDtHt0QI%2B8XwyDOV%2FjBzAzZKhHmKteibv7Yadq6Qzs0%3D Vulnerable Package

More results are available on the CxOne platform

Fixed Issues (7)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2020-7677	Npm-thenify-3.3.0
	Cx29ea9bf3-a8eb	Npm-macaddress-0.2.8
	CVE-2020-15138	Npm-prismjs-1.16.0
	CVE-2021-32723	Npm-prismjs-1.16.0
	CVE-2021-3801	Npm-prismjs-1.16.0
	CVE-2022-23647	Npm-prismjs-1.16.0
	CVE-2024-53382	Npm-prismjs-1.16.0