[Snyk] Fix for 20 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/common/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTOBJECT-548905	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	Yes	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-storysource

The new version differs by 250 commits.

• e89e51a v6.1.0
• d004d19 Update root, peer deps, version.ts/json to 6.1.0
• 1d07f01 6.1.0 changelog
• 178e9bd 6.1.0-rc.6 next.json version file
• 971eccd Update git head to 6.1.0-rc.6
• 9009e53 v6.1.0-rc.6
• eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
• 5c0049b 6.1.0-rc.6 changelog
• 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
• 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
• 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
• 428b6e0 6.1.0-rc.5 next.json version file
• a72852d Update git head to 6.1.0-rc.5
• a8822ed v6.1.0-rc.5
• 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
• 06b55c8 update 6.1-rc.5
• 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
• f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
• c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
• cd7766e 6.1.0-rc.5 changelog addition
• 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
• f2123da 6.1.0-rc.5 changelog
• 30c5e98 fix incorrect component reference
• f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames

See the full diff

Package name: @storybook/addon-viewport

The new version differs by 250 commits.

• e89e51a v6.1.0
• d004d19 Update root, peer deps, version.ts/json to 6.1.0
• 1d07f01 6.1.0 changelog
• 178e9bd 6.1.0-rc.6 next.json version file
• 971eccd Update git head to 6.1.0-rc.6
• 9009e53 v6.1.0-rc.6
• eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
• 5c0049b 6.1.0-rc.6 changelog
• 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
• 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
• 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
• 428b6e0 6.1.0-rc.5 next.json version file
• a72852d Update git head to 6.1.0-rc.5
• a8822ed v6.1.0-rc.5
• 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
• 06b55c8 update 6.1-rc.5
• 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
• f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
• c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
• cd7766e 6.1.0-rc.5 changelog addition
• 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
• f2123da 6.1.0-rc.5 changelog
• 30c5e98 fix incorrect component reference
• f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• d0c1e8a v6.4.13
• ad95877 Update root, peer deps, version.ts/json to 6.4.13 [ci skip]
• 908cda1 6.4.13 changelog
• ee5c044 Merge pull request #17245 from storybookjs/fix-prettier-2-3-formatting-main
• c3311c0 Update snapshots
• a533573 Fix prettier 2.3 formatting on main
• 59b85c7 Merge pull request #17241 from storybookjs/17008-fix-staticdirs-favicon
• f2a7256 Merge pull request #17022 from Taillook/chore/react-dev-utils
• ec142c8 Merge pull request #17239 from storybookjs/16820-fix-prettier-transpilation
• de25e19 Merge pull request #17206 from storybookjs/angular/fix-angular-13.1
• 8fe4027 Merge pull request #17240 from storybookjs/15574-fix-namedexportsorder-warning
• 8346850 Merge pull request #17213 from storybookjs/16067-fix-manager-process
• 3a0fd74 Merge pull request #17244 from storybookjs/chore_docs_fix_composition_link
• 7e43adc Merge pull request #17224 from storybookjs/chore_docs_update_addons_install_docs
• 373ca10 Merge pull request #17221 from storybookjs/chore_docs_fix_addon_knowledge_base
• 1e1331d Merge pull request #17208 from storybookjs/chore_docs_updates_syntax_highlight_docs
• 00a6c36 Merge pull request #17203 from storybookjs/chore_fix_repro_docs
• f0a2216 6.4.12 latest.json version file
• 180e481 Update git head to 6.4.12, update yarn.lock
• 9ce1a3b v6.4.12
• b278a84 Update root, peer deps, version.ts/json to 6.4.12 [ci skip]
• 7610bf0 6.4.12 changelog
• 704d82a Update git head to 6.4.11, update yarn.lock
• dc7fc7b v6.4.11

See the full diff

Package name: color

The new version differs by 4 commits.

• 0d867e7 1.0.0
• b175a9f slightly updated v1 readme
• 332b10e Merge pull request [Snyk] Security upgrade axios from 0.19.2 to 0.20.0 #96 from Qix-/makeover
• f1f880d v1.x makeover 💄

See the full diff

Package name: dot-object

The new version differs by 32 commits.

• 84356a7 Merge tag 'v2.1.3' into develop
• 67142e7 Merge branch 'release/v2.1.3'
• c4a4dd5 prepare v2.1.3
• f76cff5 guard for possible prototype polution
• ee628c2 Merge tag 'v2.1.2' into develop
• 0c8a4d8 Merge branch 'release/v2.1.2'
• 6bc8849 prepare v2.1.2
• b18aaac Merge branch 'master' into develop
• a292262 add test for deeply nested arrays
• 6a91c11 fix undefined for root level array
• ea358be Merge tag 'v2.1.1' into develop
• 1e6f080 Merge branch 'release/v2.1.1'
• 8dcb301 prepare v2.1.1
• 739c111 Wrong array conversion with [0] fixes [Snyk] Security upgrade nginx from 1.16.1-alpine to 1.19-alpine #27
• 7ab7d4f Merge tag 'v2.1.0' into develop
• c2e0b19 Merge branch 'release/v2.1.0'
• c205762 prepare release v2.1.0
• 66bb1ca wrap delete method
• b24a438 Merge branch 'master' into develop
• 2a86afe update bower version
• 51dabd3 Merge tag 'v2.0.0' into develop
• b24eeb8 Merge branch 'release/v2.0.0'
• 0b87c85 prepare version 2.0.0
• 1647da9 version 2.0.0

See the full diff

Package name: immer

The new version differs by 250 commits.

• fa671e5 fix(security): Follow up on CVE-2020-28477 where `path: [["__proto__"], "x"]` could still pollute the prototype
• 2e0aa95 Create SECURITY.md
• 050522d chore: fix CI. maybe.
• 1195510 docs: Update example-setstate.mdx ([Snyk] Security upgrade vscode from 1.0.3 to 1.1.37 #833)
• 648d39b docs: fixing link to RFC-6902 & fixing typo ([Snyk] Security upgrade webpack-dev-server from 3.3.1 to 4.8.0 #830)
• bc890f7 docs: Update example-setstate.mdx ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #829)
• 16a3d0f chore(deps): bump prismjs from 1.23.0 to 1.24.0 in /website ([Snyk] Security upgrade eslint from 7.9.0 to 9.0.0 #822)
• 847492c docs: Extended / updated documenation ([Snyk] Fix for 1 vulnerabilities #824)
• 7f41483 chore: [workflows] don't release from forks
• 3f9a94e chore: let's test before publish
• bfb8dec fix: release missing dist/ folder
• b314b19 chore: fix cpx usage
• a607d6c chore: Remove old shizzle
• 6fd5329 chore: fixes for deploy preview
• 144f886 chore: fix docs deployment attempt 3
• 38964fa chore: semantic-release + GH actions
• 06c6741 chore: fix docs deploy
• ad23da9 chore: fix test job
• b6d92f4 chore: publish docs automatically
• c59576a chore: setup GH action for test
• dc3f66c fix: [Snyk] Fix for 3 vulnerabilities #807 new undefined properties should end up in result object
• 5412c9f fix: [Snyk] Fix for 2 vulnerabilities #791 return 'nothing' should produce undefined patch
• 58b74a6 chore(deps): bump ssri from 6.0.1 to 6.0.2 in /website ([Snyk] Security upgrade eslint from 5.16.0 to 9.0.0 #818)
• c9deb48 chore(deps): bump color-string from 1.5.4 to 1.5.5 in /website ([Snyk] Fix for 1 vulnerabilities #817)

See the full diff

Package name: jest

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (#8850)
• 7594141 chore: upgrade to eslint@6 (#8855)
• b33ce0d chore: upgrade to micromatch v4 (#8852)
• d6ff72a chore: add node 12 to CI (fix: notification bubble codesandbox/codesandbox-client#8411)
• 7e9b4ea chore: upgrade jsdom (#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (feat: add codeium in featured templates codesandbox/codesandbox-client#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
• d523fa8 bug.md: highlights placeholder should be removed (#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (fix: show upgrade button only for admins  codesandbox/codesandbox-client#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
• 012472b fix(docs): Update broken links in docs. (#8847)
• ee2bea1 chore: sort member in imports (#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
• e76c7da docs: update matchMedia methods (#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn