[Snyk] Fix for 2 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNTOJSX-3310443	No	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SANITIZEHTML-6256334	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• 7d4d6ab v6.4.0
• 86e2d61 Update root, peer deps, version.ts/json to 6.4.0 [ci skip]
• ec6fd3b 6.4.0 changelog
• b88d2d9 6.4.0-rc.11 next.json version file
• 2d78019 Update git head to 6.4.0-rc.11, update yarn.lock
• 77eb43c v6.4.0-rc.11
• ca91e77 Update root, peer deps, version.ts/json to 6.4.0-rc.11 [ci skip]
• 52ed4b0 6.4.0-rc.11 changelog
• 4f23295 Merge pull request #16795 from SebastienGllmt/patch-1
• d443c73 Fix breaking changing process/browser
• 16678e0 6.4.0-rc.10 next.json version file
• 0e8f1c2 Update git head to 6.4.0-rc.10, update yarn.lock
• 5ae60fc v6.4.0-rc.10
• 135ca93 Update root, peer deps, version.ts/json to 6.4.0-rc.10 [ci skip]
• a89d8e9 6.4.0-rc.10 changelog
• 68c4086 Merge pull request #16791 from storybookjs/16756-argTypes-storiesOf
• 0a03181 Merge pull request #16788 from storybookjs/16767-sort-stories-index
• 8b4b8fc Merge pull request #16783 from storybookjs/remove-missing-console-error
• 465a4be Merge branch 'next' into 16756-argTypes-storiesOf
• 1799997 Merge pull request #16792 from storybookjs/16745-fix-docs-story-rendered
• 38aadfc Merge pull request #16790 from storybookjs/16743-argTypeTargets-no-args
• 068ee39 Fix typo
• 809b59e Remove console log
• 1636334 Wait for the story component to render before emitting

See the full diff

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 7d4d6ab v6.4.0
• 86e2d61 Update root, peer deps, version.ts/json to 6.4.0 [ci skip]
• ec6fd3b 6.4.0 changelog
• b88d2d9 6.4.0-rc.11 next.json version file
• 2d78019 Update git head to 6.4.0-rc.11, update yarn.lock
• 77eb43c v6.4.0-rc.11
• ca91e77 Update root, peer deps, version.ts/json to 6.4.0-rc.11 [ci skip]
• 52ed4b0 6.4.0-rc.11 changelog
• 4f23295 Merge pull request #16795 from SebastienGllmt/patch-1
• d443c73 Fix breaking changing process/browser
• 16678e0 6.4.0-rc.10 next.json version file
• 0e8f1c2 Update git head to 6.4.0-rc.10, update yarn.lock
• 5ae60fc v6.4.0-rc.10
• 135ca93 Update root, peer deps, version.ts/json to 6.4.0-rc.10 [ci skip]
• a89d8e9 6.4.0-rc.10 changelog
• 68c4086 Merge pull request #16791 from storybookjs/16756-argTypes-storiesOf
• 0a03181 Merge pull request #16788 from storybookjs/16767-sort-stories-index
• 8b4b8fc Merge pull request #16783 from storybookjs/remove-missing-console-error
• 465a4be Merge branch 'next' into 16756-argTypes-storiesOf
• 1799997 Merge pull request #16792 from storybookjs/16745-fix-docs-story-rendered
• 38aadfc Merge pull request #16790 from storybookjs/16743-argTypeTargets-no-args
• 068ee39 Fix typo
• 809b59e Remove console log
• 1636334 Wait for the story component to render before emitting

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 9a38133 v6.3.0
• 681f453 Update root, peer deps, version.ts/json to 6.3.0 [ci skip]
• 28ec9dc 6.3.0 changelog
• 049121e Update README to point to 6.3
• 3b4a7cf Merge pull request #15329 from storybookjs/15328-use-main-branch
• 3615056 Fix two more instances of master to main
• 5d46d77 Update CI to point to main branch
• d83dda4 Update docs to point to main branch
• c572e09 6.3.0-rc.12 next.json version file
• 0529f02 Update git head to 6.3.0-rc.12, update yarn.lock
• fa3aaf1 v6.3.0-rc.12
• 69de9df Update root, peer deps, version.ts/json to 6.3.0-rc.12 [ci skip]
• 6a4c2c5 6.3.0-rc.12 changelog
• e9fad37 Merge pull request #15292 from storybookjs/feat/update-cli-react-ts-types
• 4bc24e6 Merge pull request #15299 from merceyz/merceyz/chore/disable-builds
• a2ef227 Merge pull request #15312 from storybookjs/add-missing-dep
• 7d81f46 Merge pull request #15166 from tanyabrassie/patch-1
• 7887353 fix(toolbars): add missing dep `regenerator-runtime`
• 32ade4a chore: disable unnecessary builds
• ed6923d Merge pull request #14233 from pokuwagata/fix-css-loader-option-snippet
• 31bb449 fix(cli): add min option to choose in run-e2e
• db461f0 feat(cli): use component types in react ts template
• adca8e1 Merge pull request #15291 from storybookjs/fix_get_started_snippets
• c643702 adjusts example button snippets

See the full diff

Package name: sanitize-html

The new version differs by 250 commits.

• 4a7d7dd Merge pull request Self serve flow opencollective/opencollective-frontend#654 from apostrophecms/release-2.12.1
• f8e02be release 2.12.1
• c5dbdf7 Merge pull request Update slugify to the latest version 🚀 opencollective/opencollective-frontend#650 from dylanarmstrong/fix/ignore-source-maps
• 5a5a74e Merge pull request Update styled-components to version 3.4.1 opencollective/opencollective-frontend#652 from apostrophecms/add-thanks-to-changelog
• ee71ff0 Add community contribution thanks you
• a226fe7 Merge pull request Update rc-table to version 6.3.1 opencollective/opencollective-frontend#651 from apostrophecms/release-2.12.0
• ff18600 release 2.12.0
• 1e2294c test: added test for postcss map
• c376501 doc: update changelog
• 075499d fix: ignore source maps when processing with postcss
• eb932f8 Merge pull request French update opencollective/opencollective-frontend#646 from gkumar9891/allow-svg-element
• 31def35 changes to documentation
• b268d15 changes in documentation
• 54a6ac2 allow svg element
• c52a9f0 Merge pull request Update @material-ui/core to the latest version 🚀 opencollective/opencollective-frontend#634 from zhna123/empty-alt
• 2c7ac45 Added more tests and modified CHANGELOG
• 4f6cea6 Added 'allowedEmptyAttributes' option and kept empty 'alt' value by default.
• cb6efe1 Merge pull request createExpense Page: use Flex, Box components for responsive layout opencollective/opencollective-frontend#628 from alfreema/patch-1
• 9856e7b Delete .circleci directory
• 1bde207 Update README.md - Remove circleci reference
• b3400f2 Update README.md
• c4491ea Merge pull request Update react-markdown to the latest version 🚀 opencollective/opencollective-frontend#625 from apostrophecms/2.11.0
• 7bd3e3f release 2.11.0
• 6c0e5fe thank you

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)