[Snyk] Fix for 1 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • src/pybind/mgr/dashboard/frontend/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @compodoc/compodoc

The new version differs by 215 commits.

• ffe8abb 1.1.14
• 3cd09ba 1.1.14
• 9bb5772 1.1.14
• c65504e fix(app): correct supports ArrayType and tuples
• 0e02e05 fix(app): correct supports ArrayType
• d6d9955 fix(app): tuple types
• 162ea28 fix(app): union type and literaltypenode
• 4a6ad03 fix(app): union type and literaltypenode
• 47fe06d fix(app): rawDescription for JSDoc and visitEnumTypeAliasFunctionDeclarationDescription
• a888f25 fix(app): rawDescription for JSDoc and visitEnumTypeAliasFunctionDeclarationDescription
• 0bb000d fix(app): rawDescription for JSDoc and visitInputAndHostBinding
• f698d96 feat(github): new ISSUE_TEMPLATE
• 809432e feat(github): new ISSUE_TEMPLATE
• 95073c3 Update issue templates
• f4ac68c feat(github): new ISSUE_TEMPLATE
• 9713982 feat(github): new ISSUE_TEMPLATE
• c2a69c9 feat(github): new ISSUE_TEMPLATE
• d8722c2 feat(github): new ISSUE_TEMPLATE
• 125641b fix(app): rawDescription for JSDoc and variables
• c1282d2 fix(app): support for Type Reference and template literal
• 9c180f5 fix(app): drop usage of ts-simple-ast for ts-morph
• 7bb9a40 fix(app): drop usage of ts-simple-ast for ts-morph
• ee0d9c3 fix(app): support for Type Reference / WIP
• 0c7a052 fix(theme): dark mode support

See the full diff

Package name: jest

The new version differs by 250 commits.

• 75006e4 v29.0.0
• 7c82a9f chore: update jest-watch-typeahead again
• 352ff29 chore: update changelog for release
• 33ad8c3 docs: Jest 29 blog post (jewel: qa/workunits/rbd: use more recent qemu-iotests that support Xenial ceph/ceph#13103)
• dda77e5 docs: collapse 28.0 and 28.1 docs (qa/tasks: backport rbd_fio fixes to jewel ceph/ceph#13104)
• c0dc84c chore: update jest-watch-typeahead
• 05f6217 fix: support deep CJS re-exports when using ESM (jewel: tests: drop old rados singleton upgrade tests ceph/ceph#13170)
• 490fd88 chore: update yarn (jewel:rgw: fix interface compliance of RGWCivetWeb::write_data() ceph/ceph#13169)
• 98936a2 docs: Update Enzyme links to use new URL (jewel: tests: Remove ext4 option from rados:thrash tests ceph/ceph#13166)
• 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (mds: release pool allocator memory after exceeding size limit ceph/ceph#12443)
• ae2bed7 chore: tweak regex used in e2e tests (jewel: rbd: bench-write will crash if --io-size is 4G ceph/ceph#13129)
• 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (jewel: mon: cache tiering: base pool last_force_resend not respected (racing read got wrong version) ceph/ceph#13115)
• fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (jewel: rbd: Attempting to remove an image w/ incompatible features results in partial removal ceph/ceph#13156)
• 075b489 fix: ignore `EISDIR` when resolving symlinks (jewel: rbd: Improve error reporting from rbd feature enable/disable ceph/ceph#13157)
• 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (jewel: rbd: [rbd-mirror] sporadic image replayer shut down failure ceph/ceph#13155)
• 4def94b v29.0.0-alpha.6
• 0f00d4e fix: replace non-CLI `rimraf` usage (tools: ceph-release-notes: ignore low-numbered PRs ceph/ceph#13151)
• 6a90a2c fix: Allow updating inline snapshots when test includes JSX (ceph-disk: convert none str to str before printing it ceph/ceph#12760)
• 983274a feat: Let `babel` find config when updating inline snapshots (mon: post-jewel cleanups ceph/ceph#13150)
• d2ff18a chore: make prettierPath optional in `SnapshotState` (librados: remove legacy object listing API, clean up newer api ceph/ceph#13149)
• 7d8d01c feat(circus): added each to failing tests (msg/async/rdma: Remove compilation warning ceph/ceph#13142)
• a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (librbd: introduce new constants for tracking max block name prefix ceph/ceph#13141)
• 79b5e41 chore: get rid of peer dep warning in website
• 812763d chore: enable 'no-duplicate-imports' (vstart: clean up usage a bit ceph/ceph#13138)

See the full diff

Package name: stylelint-declaration-use-variable

The new version differs by 13 commits.

• cf5f8ac Bump version
• ebd5328 Fix the duplicated dev dependency
• 8de355a Add project not maintained note
• 7917cd4 Merge pull request [Snyk] Security upgrade lxml from 4.7.0 to 4.9.1 #52 from sh-waqar/dependabot/npm_and_yarn/minimist-1.2.5
• e459a65 Merge pull request [Snyk] Security upgrade pylint from 2.6.0 to 2.7.0 #51 from sh-waqar/dependabot/npm_and_yarn/yargs-parser-20.2.7
• c0eca30 Merge pull request Configure Mend Bolt for GitHub #39 from thomasparsons/master
• d8f22c1 Bump minimist from 0.0.8 to 1.2.5
• 3d0ae6a Bump yargs-parser from 10.1.0 to 20.2.7
• 2a00511 Merge pull request [Snyk] Security upgrade lxml from 4.7.0 to 4.9.1 #50 from iegik/patch-1
• a9c4df3 Update package.json
• 6ffdfec chore: bump stylelint dependency
• e146c14 fixed spelling mistake
• bfb02cb Bump lodash from 4.17.15 to 4.17.19

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[guardrails]

⚠️ We detected 6 security issues in this pull request:

Vulnerable Libraries (6)

Severity	Details
Critical	pkg:npm/jest@26.5.2 (t) upgrade to: > 26.5.2
Critical	pkg:npm/@angular/localize@10.1.5 (t) upgrade to: > 10.1.5
Critical	pkg:npm/@compodoc/compodoc@1.1.11 (t) upgrade to: > 1.1.11
Critical	pkg:npm/stylelint-declaration-use-variable@1.7.2 (t) upgrade to: > 1.7.2
Critical	pkg:npm/@angular/cli@10.1.6 (t) upgrade to: > 10.1.6
Critical	pkg:npm/@angular-devkit/build-angular@0.1002.3 (t) upgrade to: > 0.1002.3

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[secure-code-warrior-for-github]

Micro-Learning Topic: Vulnerable library (Detected by phrase)

Matched on "Vulnerable Libraries"

What is this? (2min video)

Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process.

Try a challenge in Secure Code Warrior