[Snyk] Fix for 13 vulnerabilities

[laxmanraparthi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/package.json
  • superset-frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	698/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept
	816/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.9	Sandbox Escape SNYK-JS-VM2-5415299	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Sandbox Escape SNYK-JS-VM2-5422057	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Sandbox Bypass SNYK-JS-VM2-5537100	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 05070ca v6.5.0
• 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
• ca93284 6.5.0 changelog
• ff28cd9 6.5.0-rc.1 next.json version file
• 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
• 3f09d4e v6.5.0-rc.1
• 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
• 4b50e28 6.5.0-rc.1 changelog
• 0a6e347 Merge pull request Save as dashboard with duplicating charts is not working after 1.4.0 upgrade apache/superset#18220 from storybookjs/improve/detection-webpack5
• 95a5c80 move nextjs detection up
• 152e441 Merge pull request Create role Programmatically in superset  apache/superset#18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
• 2948cae ArgsTable: Gracefully handle conditional args failures
• f837e31 Merge pull request fix(listview): add nowrap to view mode container apache/superset#18246 from storybookjs/chore_docs_adds_mdx2_steps
• 73cf6ba adds MDX 2 docs and gotchas
• 64b07fe Merge pull request Support for user groups and assigning roles to them apart from derictly to users apache/superset#18244 from storybookjs/chore_docs_cleanup_broken_links
• fef1a32 Fixes broken links
• 82ce9de Merge pull request chore: add ci for docs-v2 apache/superset#18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
• ebf9341 Merge pull request chore: change docs for docsv2 apache/superset#18038 from bisubus/fix-vue3-tsx
• 9583cea remove repeated test
• 1b396fd 6.5.0-rc.0 next.json version file
• 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
• c27fd9e v6.5.0-rc.0
• b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
• 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

See the full diff

Package name: @storybook/builder-webpack5

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: lerna

The new version differs by 48 commits.

• 02c534e chore: remove unnecessary write-json-file dep (Explore update button labels apache/superset#3534)
• fa1f490 feat(publish): add --include-private option for testing private packages (Feature: Dashboard filters: datepicker and time granularity apache/superset#3503)
• afde32e chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 in /website (Break word on InfoTooltip apache/superset#3532)
• f444045 chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 ([style] no bold on dashboard widget headers apache/superset#3531)
• ad39fe2 fix(create): normalize quotes and indents in generated test and lib files ([explore] using verbose_name in 'Time Column' control apache/superset#3529)
• 6b50725 chore: remove non-runtime deps from lerna package.json (try to fix problem that chrome window not opening after ajax requrest apache/superset#3528)
• f03ee3e feat(publish): recover from network failure (Feature: query string API endpoint apache/superset#3513)
• 724633c chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (Show Verbose name in Time Column apache/superset#3525)
• 937b02a feat(run): allow multiple script targets to be triggered at once (Druid refresh metadata performance improvements apache/superset#3527)
• aea79df chore(docs): add lerna watch -- build --include-dependents example (Feature: Making data gaps visible in line charts by inserting zeros apache/superset#3512)
• 1fe6188 chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 in /website (Cannot created temp table in redshift DB apache/superset#3524)
• aaccdfb chore(run): warn in docs about using yarn and passing args to lerna run (Time Series Annotation Layers apache/superset#3521)
• b8dff21 chore: ci updates (Date Filter is not working on dashboard. apache/superset#3522)
• 70de43c chore: ci updates (npm run dev error apache/superset#3523)
• 116c62c chore: update docs (Druid metrics are not automatically detected in Superset apache/superset#3520)
• 86f8021 chore: apply typo fixes (Full Annotation Framework apache/superset#3518)
• 69a45de chore(deps): bump ua-parser-js from 0.7.32 to 0.7.33 in /website (Customizable and simplified interface for non-developers as a new dashboard apache/superset#3514)
• fc094da chore: initial codebase refactor (sqlalchemy.exc.OperationalError apache/superset#3517)
• 510c3e9 fix(repair): re-enable repair generators (Fix idna requirement apache/superset#3497)
• fcab26a chore(docs): update filter options docs to specify quote necessity (Added button on slice for export D3js graph to png apache/superset#3496)
• a5217c6 chore(release): v6.4.1
• 24d0d5c fix(run): resolve erroneous failures (update contributing.md apache/superset#3495)
• 4688f9d chore(docs): remove state of js banner
• eb4a755 chore(docs): add workspace watching feature doc ([Bugfix] nvd3 tooltips do not disappear apache/superset#3487)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn