[Snyk] Security upgrade dagre from 0.7.4 to 0.8.1

[rahulroycontractor]

User description

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • localstack/dashboard/web/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-6139239	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dagre

The new version differs by 24 commits.

• 45c7ef4 Prep v0.8.1 release
• 43ef07d Switch dagre back to a top level npm package
• 4d0c2cf Fix up require for graphlib in bench script
• 587d725 Bump version and set as pre-release
• a299bf8 Prep for dagre v0.8.0 release
• 980b6e2 Add Matthew Dahl to contributors
• 12a0754 Complete support for lodash 4
• 7e2528e Fix up more lodash 4 API changes
• 590b155 More fixes for lodash 4 API changes
• 1687a28 More fixes for lodash 4 API changes
• d284539 Fix bugs with lodash 4
• 38e1fdf Initial work to move to lodash 4
• 5c5f6eb Merge pull request Fix issue with unsupplied headers to Lambda with Lambda proxy enabled localstack/localstack#224 from dagrejs/update_repo_badge_svg
• 7d700c4 Merge pull request S3 get-bucket-notification returns empty result and return code 1 localstack/localstack#169 from saravanak/clean_gitignore
• c367859 Merge pull request Fix S3 file access from Spark localstack/localstack#197 from jawshooah/trailing-comma
• b2bcbaa Update repo badge to SVG
• f5e622c Remove deprecation warning
• 8bddb46 Bump version and set as pre-release
• 7b8dc3c Prep v0.7.5 release
• 67534ad Prep for move to @ dagrejs org
• e66c29b Update README.md
• 23cdaaa Remove trailing comma
• 3d48b63 Bump version and set as pre-release
• fe716d2 Fix gitignore to work correctly with the silver searcher

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

---

Type

enhancement

---

Description

• Upgraded dagre from version 0.7.4 to 0.8.1 in package.json to fix known security vulnerabilities.

---

Changes walkthrough

	Relevant files
Dependencies	package.json Upgrade `dagre` to Fix Security Vulnerabilities                    localstack/dashboard/web/package.json Upgraded dagre from 0.7.4 to 0.8.1 to address security vulnerabilities. +1/-1

---

✨ PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Description updated to latest commit (b59f972)

• Copy walkthrough table to "Files Changed" Tab

[codiumai-pr-agent-pro]

PR Review

⏱️ Estimated effort to review [1-5]	1, because the PR consists of a single version update in a package.json file, which is straightforward to review. The change is clear and limited to upgrading the 'dagre' package from version 0.7.4 to 0.8.1.
🧪 Relevant tests	No
🔍 Possible issues	Breaking Change: The upgrade from 'dagre' 0.7.4 to 0.8.1 might introduce breaking changes not covered in the PR description. It's important to verify if this version change affects any existing functionality.
🔒 Security concerns	No

---

✨ Review tool usage guide:

---

Overview:
The review tool scans the PR code changes, and generates a PR review which includes several types of feedbacks, such as possible PR issues, security threats and relevant test in the PR. More feedbacks can be added by configuring the tool.

The tool can be triggered automatically every time a new PR is opened, or can be invoked manually by commenting on any PR.

• When commenting, to edit configurations related to the review tool (pr_reviewer section), use the following template:

/review --pr_reviewer.some_config1=... --pr_reviewer.some_config2=...

• With a configuration file, use the following template:

[pr_reviewer]
some_config1=...
some_config2=...

See the review usage page for a comprehensive guide on using this tool.

[codiumai-pr-agent-pro]

PR Code Suggestions

No code suggestions found for PR.