[Snyk] Fix for 8 vulnerabilities

[skmezanul]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @instructure/ui-date-input

The new version differs by 250 commits.

• dd37a01 chore(release): 8.0.0
• 1ed7255 Merge pull request super: no superclass method `password='  instructure/canvas-lms#455 from instructure/next
• c98fd62 Merge branch 'master' into next
• 3a59f16 chore(ui-babel-preset): reverting PR error while starting server (done with Production Start ) instructure/canvas-lms#437
• 83d211a refactor(ui-babel-preset,ui-react-utils): fix displayName set to null and weird values in prod
• 30df4ab docs(instui-cli): add block about themeOverride codemod to migration guide
• da9dc10 refactor(instui-cli): small changes to V8 codemods based on the PR comments
• e0607dd feat(instui-cli,ui-upgrade-scripts): add codemod to rename theme prop to themeOverride
• 0d709af refactor(ui-tag): fix dismissable tag focus state
• 8c65d8c refactor(ui-code-editor): fix vertical scrollbar on code editors
• 89a95f8 feat(instui-config): add codemod for themeable util imports
• 4e5014b docs: small tweaks on the documentation
• c37c079 refactor(ui-navigation): fix non-visible focus issue
• a63f7ed docs: add docs about theme variables in js usage
• fa828fc docs: add docs about emotion's `Global` and `keyframes`
• ee8a314 refactor(ui-drawer-layout): set DrawerLayout.Content example animation to 0
• bc77d5a refactor: fix prefixed css selector grouping
• 07c7b41 Merge branch 'master' into next
• e1c8d0a docs(ui-docs-client): add link to previous version of docs
• c37a62b refactor: add css :-webkit-any() selector to :is()
• f15c070 refactor: update babel-runtime to 7.13.10 to avoid Babel bugs
• 9a68e23 docs: update API Guidelines docs with emotion conventions
• a6537b3 docs: revert userAgent log for chromatic debugging
• 37d56c8 docs: test: browser version log for chromatic

See the full diff

Package name: @instructure/ui-metric

The new version differs by 250 commits.

• dd37a01 chore(release): 8.0.0
• 1ed7255 Merge pull request super: no superclass method `password='  instructure/canvas-lms#455 from instructure/next
• c98fd62 Merge branch 'master' into next
• 3a59f16 chore(ui-babel-preset): reverting PR error while starting server (done with Production Start ) instructure/canvas-lms#437
• 83d211a refactor(ui-babel-preset,ui-react-utils): fix displayName set to null and weird values in prod
• 30df4ab docs(instui-cli): add block about themeOverride codemod to migration guide
• da9dc10 refactor(instui-cli): small changes to V8 codemods based on the PR comments
• e0607dd feat(instui-cli,ui-upgrade-scripts): add codemod to rename theme prop to themeOverride
• 0d709af refactor(ui-tag): fix dismissable tag focus state
• 8c65d8c refactor(ui-code-editor): fix vertical scrollbar on code editors
• 89a95f8 feat(instui-config): add codemod for themeable util imports
• 4e5014b docs: small tweaks on the documentation
• c37c079 refactor(ui-navigation): fix non-visible focus issue
• a63f7ed docs: add docs about theme variables in js usage
• fa828fc docs: add docs about emotion's `Global` and `keyframes`
• ee8a314 refactor(ui-drawer-layout): set DrawerLayout.Content example animation to 0
• bc77d5a refactor: fix prefixed css selector grouping
• 07c7b41 Merge branch 'master' into next
• e1c8d0a docs(ui-docs-client): add link to previous version of docs
• c37a62b refactor: add css :-webkit-any() selector to :is()
• f15c070 refactor: update babel-runtime to 7.13.10 to avoid Babel bugs
• 9a68e23 docs: update API Guidelines docs with emotion conventions
• a6537b3 docs: revert userAgent log for chromatic debugging
• 37d56c8 docs: test: browser version log for chromatic

See the full diff

Package name: @instructure/ui-modal

The new version differs by 250 commits.

• dd37a01 chore(release): 8.0.0
• 1ed7255 Merge pull request super: no superclass method `password='  instructure/canvas-lms#455 from instructure/next
• c98fd62 Merge branch 'master' into next
• 3a59f16 chore(ui-babel-preset): reverting PR error while starting server (done with Production Start ) instructure/canvas-lms#437
• 83d211a refactor(ui-babel-preset,ui-react-utils): fix displayName set to null and weird values in prod
• 30df4ab docs(instui-cli): add block about themeOverride codemod to migration guide
• da9dc10 refactor(instui-cli): small changes to V8 codemods based on the PR comments
• e0607dd feat(instui-cli,ui-upgrade-scripts): add codemod to rename theme prop to themeOverride
• 0d709af refactor(ui-tag): fix dismissable tag focus state
• 8c65d8c refactor(ui-code-editor): fix vertical scrollbar on code editors
• 89a95f8 feat(instui-config): add codemod for themeable util imports
• 4e5014b docs: small tweaks on the documentation
• c37c079 refactor(ui-navigation): fix non-visible focus issue
• a63f7ed docs: add docs about theme variables in js usage
• fa828fc docs: add docs about emotion's `Global` and `keyframes`
• ee8a314 refactor(ui-drawer-layout): set DrawerLayout.Content example animation to 0
• bc77d5a refactor: fix prefixed css selector grouping
• 07c7b41 Merge branch 'master' into next
• e1c8d0a docs(ui-docs-client): add link to previous version of docs
• c37a62b refactor: add css :-webkit-any() selector to :is()
• f15c070 refactor: update babel-runtime to 7.13.10 to avoid Babel bugs
• 9a68e23 docs: update API Guidelines docs with emotion conventions
• a6537b3 docs: revert userAgent log for chromatic debugging
• 37d56c8 docs: test: browser version log for chromatic

See the full diff

Package name: @instructure/ui-table

The new version differs by 250 commits.

• dd37a01 chore(release): 8.0.0
• 1ed7255 Merge pull request super: no superclass method `password='  instructure/canvas-lms#455 from instructure/next
• c98fd62 Merge branch 'master' into next
• 3a59f16 chore(ui-babel-preset): reverting PR error while starting server (done with Production Start ) instructure/canvas-lms#437
• 83d211a refactor(ui-babel-preset,ui-react-utils): fix displayName set to null and weird values in prod
• 30df4ab docs(instui-cli): add block about themeOverride codemod to migration guide
• da9dc10 refactor(instui-cli): small changes to V8 codemods based on the PR comments
• e0607dd feat(instui-cli,ui-upgrade-scripts): add codemod to rename theme prop to themeOverride
• 0d709af refactor(ui-tag): fix dismissable tag focus state
• 8c65d8c refactor(ui-code-editor): fix vertical scrollbar on code editors
• 89a95f8 feat(instui-config): add codemod for themeable util imports
• 4e5014b docs: small tweaks on the documentation
• c37c079 refactor(ui-navigation): fix non-visible focus issue
• a63f7ed docs: add docs about theme variables in js usage
• fa828fc docs: add docs about emotion's `Global` and `keyframes`
• ee8a314 refactor(ui-drawer-layout): set DrawerLayout.Content example animation to 0
• bc77d5a refactor: fix prefixed css selector grouping
• 07c7b41 Merge branch 'master' into next
• e1c8d0a docs(ui-docs-client): add link to previous version of docs
• c37a62b refactor: add css :-webkit-any() selector to :is()
• f15c070 refactor: update babel-runtime to 7.13.10 to avoid Babel bugs
• 9a68e23 docs: update API Guidelines docs with emotion conventions
• a6537b3 docs: revert userAgent log for chromatic debugging
• 37d56c8 docs: test: browser version log for chromatic

See the full diff

Package name: @instructure/ui-time-select

The new version differs by 250 commits.

• dd37a01 chore(release): 8.0.0
• 1ed7255 Merge pull request super: no superclass method `password='  instructure/canvas-lms#455 from instructure/next
• c98fd62 Merge branch 'master' into next
• 3a59f16 chore(ui-babel-preset): reverting PR error while starting server (done with Production Start ) instructure/canvas-lms#437
• 83d211a refactor(ui-babel-preset,ui-react-utils): fix displayName set to null and weird values in prod
• 30df4ab docs(instui-cli): add block about themeOverride codemod to migration guide
• da9dc10 refactor(instui-cli): small changes to V8 codemods based on the PR comments
• e0607dd feat(instui-cli,ui-upgrade-scripts): add codemod to rename theme prop to themeOverride
• 0d709af refactor(ui-tag): fix dismissable tag focus state
• 8c65d8c refactor(ui-code-editor): fix vertical scrollbar on code editors
• 89a95f8 feat(instui-config): add codemod for themeable util imports
• 4e5014b docs: small tweaks on the documentation
• c37c079 refactor(ui-navigation): fix non-visible focus issue
• a63f7ed docs: add docs about theme variables in js usage
• fa828fc docs: add docs about emotion's `Global` and `keyframes`
• ee8a314 refactor(ui-drawer-layout): set DrawerLayout.Content example animation to 0
• bc77d5a refactor: fix prefixed css selector grouping
• 07c7b41 Merge branch 'master' into next
• e1c8d0a docs(ui-docs-client): add link to previous version of docs
• c37a62b refactor: add css :-webkit-any() selector to :is()
• f15c070 refactor: update babel-runtime to 7.13.10 to avoid Babel bugs
• 9a68e23 docs: update API Guidelines docs with emotion conventions
• a6537b3 docs: revert userAgent log for chromatic debugging
• 37d56c8 docs: test: browser version log for chromatic

See the full diff

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request #21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request #21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request #21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request #21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request #21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request #21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request #21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/addon-storyshots

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request #21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request #21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request #21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request #21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request #21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request #21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request #21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request #21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request #21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request #21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request #21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request #21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request #21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request #21724 from jungpaeng/docs/fix-controls

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 Prototype Pollution