[Snyk] Fix for 29 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNCVALIDATOR-2311201	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-IMMER-1019369	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	Yes	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Prototype Pollution SNYK-JS-ZRENDER-1586253	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @gen3/guppy

The new version differs by 1 commits.

• 45c4b15 Chore/dep update ([Snyk] Fix for 1 vulnerabilities #131)

See the full diff

Package name: @gen3/ui-component

The new version differs by 3 commits.

• 0a1ba05 chore(deps-dev): bump minimist from 1.2.5 to 1.2.6 ([Snyk] Fix for 1 vulnerabilities #108)
• 605035c fix: update stylelint to 14 ([Snyk] Security upgrade nunjucks from 3.2.3 to 3.2.4 #107)
• b8e8ac8 Update dependencies to patch FedRAMP vulnerabilities ([Snyk] Security upgrade npm from 6.14.13 to 7.21.0 #106)

See the full diff

Package name: @storybook/addon-actions

The new version differs by 250 commits.

• e89e51a v6.1.0
• d004d19 Update root, peer deps, version.ts/json to 6.1.0
• 1d07f01 6.1.0 changelog
• 178e9bd 6.1.0-rc.6 next.json version file
• 971eccd Update git head to 6.1.0-rc.6
• 9009e53 v6.1.0-rc.6
• eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
• 5c0049b 6.1.0-rc.6 changelog
• 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
• 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
• 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
• 428b6e0 6.1.0-rc.5 next.json version file
• a72852d Update git head to 6.1.0-rc.5
• a8822ed v6.1.0-rc.5
• 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
• 06b55c8 update 6.1-rc.5
• 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
• f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
• c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
• cd7766e 6.1.0-rc.5 changelog addition
• 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
• f2123da 6.1.0-rc.5 changelog
• 30c5e98 fix incorrect component reference
• f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• d0c1e8a v6.4.13
• ad95877 Update root, peer deps, version.ts/json to 6.4.13 [ci skip]
• 908cda1 6.4.13 changelog
• ee5c044 Merge pull request #17245 from storybookjs/fix-prettier-2-3-formatting-main
• c3311c0 Update snapshots
• a533573 Fix prettier 2.3 formatting on main
• 59b85c7 Merge pull request #17241 from storybookjs/17008-fix-staticdirs-favicon
• f2a7256 Merge pull request #17022 from Taillook/chore/react-dev-utils
• ec142c8 Merge pull request #17239 from storybookjs/16820-fix-prettier-transpilation
• de25e19 Merge pull request #17206 from storybookjs/angular/fix-angular-13.1
• 8fe4027 Merge pull request #17240 from storybookjs/15574-fix-namedexportsorder-warning
• 8346850 Merge pull request #17213 from storybookjs/16067-fix-manager-process
• 3a0fd74 Merge pull request #17244 from storybookjs/chore_docs_fix_composition_link
• 7e43adc Merge pull request #17224 from storybookjs/chore_docs_update_addons_install_docs
• 373ca10 Merge pull request #17221 from storybookjs/chore_docs_fix_addon_knowledge_base
• 1e1331d Merge pull request #17208 from storybookjs/chore_docs_updates_syntax_highlight_docs
• 00a6c36 Merge pull request #17203 from storybookjs/chore_fix_repro_docs
• f0a2216 6.4.12 latest.json version file
• 180e481 Update git head to 6.4.12, update yarn.lock
• 9ce1a3b v6.4.12
• b278a84 Update root, peer deps, version.ts/json to 6.4.12 [ci skip]
• 7610bf0 6.4.12 changelog
• 704d82a Update git head to 6.4.11, update yarn.lock
• dc7fc7b v6.4.11

See the full diff

Package name: antd

The new version differs by 250 commits.

• 870b72a docs: 4.17.0 changelog (#32859)
• 3a5b6b8 chore(deps-dev): bump stylelint-config-standard from 23.0.0 to 24.0.0 (#32866)
• 7e2dc80 chore(.gitignore):add ignore for pnpm (#32860)
• 491cc4f fix: borderLeftRadius error for Input.Search #32808 (#32812)
• 958df3d docs: add demo for Input.Group (#32837)
• ce006bd docs: Version Robin (#32830)
• 3f495bb chore: Upgrade react router v6 (#32821)
• 43569b9 docs: update customize-theme-variable.zh-CN.md
• 7ed7c60 style: fix Tree icon align bug (#32822)
• 01887b4 fix: if breadcrumbRender return false, breadcrumb will hidden (#32738)
• 5f642cb fix: tag animation demo (#32804)
• 852a451 chore(Tag): update tween-one (#32800)
• 90aff3a docs: fix Spin API ts description (#32786)
• 8a3b5d9 fix: Form horizontal broken style when select item is too long (#32778)
• a73f4a3 docs: Fix the link in Table's API doc (#32779)
• ecc54dd fix: codepen demo error using hooks (#32766)
• cf15379 docs: add 4.17.0-alpha.10 changelog (#32775)
• f7380b7 chore(deps-dev): bump eslint-plugin-unicorn from 37.0.1 to 38.0.0 (#32765)
• b1ea2e4 fix: opening animation of the bottom drawer (#32761)
• 10a8578 fix: Spin tip can be react node (#32733)
• fa65cd3 chore(deps-dev): bump @ types/gtag.js from 0.0.7 to 0.0.8 (#32746)
• f88bd4d refactor: Move part mixins less to theme instead (#32763)
• 5360722 chore: update form demo
• ea52572 chore(💄): fix issue template

See the full diff

Package name: d3-scale

The new version differs by 168 commits.

• f7cb35b 4.0.0
• 120ad7a adopt InternMap for ordinal scales (setup test framework for portal integration tests uc-cdis/data-portal#237)
• ac30873 Adopt type=module (fix(genomel): homepage uc-cdis/data-portal#246)
• 2b7db62 3.3.0
• f3cfd2c update dependencies
• 80ff9b2 adopt d3-time’s ticks
• 8afe6bd 3.2.4
• 60e10c4 update dependencies
• 116ac06 Treat null as undefined. (PXD-341 ⁃ form submission incorrectly linking to projects by submitter_id instead of code uc-cdis/data-portal#241)
• c7efc99 3.2.3
• 5d3e9c3 Update d3-array.
• 1ff6522 yarn
• 957482b Update tickFormat.js
• 42d546e scaleQuantile performance fixup
• 0a427eb time_copy is part of the API but was missing from the README
• 1dd3f5a Merge pull request Feat/config uc-cdis/data-portal#219 from d3/links-v6
• 8460207 v3.2.2
• 6169111 d3 dependencies
• 0a55cc8 Merge pull request PXD-337 ⁃ manifest export uc-cdis/data-portal#210 from domoritz/fix-nice
• 5046251 links to d3@6 versions
• d0a2fe4 fix documentation: the diverging scale's default domain is [0, 0.5, 1]
• da99948 Use var
• 0932d15 Merge pull request check if need to refresh session for all api calls uc-cdis/data-portal#211 from oluckyman/patch-1
• 2751067 Fix a typo

See the full diff

Package name: d3-transition

The new version differs by 39 commits.

• 98e84f0 3.0.0
• aa44264 Update README
• 692f025 fix [Snyk] Fix for 1 vulnerabilities #121; add transition.selectChild[ren]
• 1ac7984 Precise sideEffects. ([Snyk] Fix for 1 vulnerabilities #115)
• d1a518c Adopt type=module ([Snyk] Fix for 1 vulnerabilities #123)
• abe6511 Merge pull request [Snyk] Fix for 10 vulnerabilities #122 from inokawa/patch-1
• a71a58d Fix typo in README.md
• 40d5865 d3 dependencies
• 2fa17ff v2.0.0
• 611e427 Merge pull request Chore(deps): Bump qs, express and body-parser #94 from d3/two
• df65078 v2.0.0-rc.6
• 1fe858c v2.0.0-rc.5
• 6635117 test transition.each
• 9485837 revert 91990a1e5959c107319a4b59bfcc8f203f2a944b
• 2f6c57d transitions are iterable
• 46027fa Test transition.size.
• ca5ae84 Symbol.iterator
• 91990a1 fix crash on transition.size()
• 956f0ae v2.0.0-rc.3
• f49b6dd v2.0.0-rc.2
• 2f03929 v2.0.0-rc.1
• 6fa3c5c v2.0.0-rc1
• fcdbb3a easeVarying
• 70abf61 links

See the full diff

Package name: d3-zoom

The new version differs by 36 commits.

• debbe3d 3.0.0
• 3419879 Expose ZoomTransform constructor. (dictionary and api version only get updated to the footer after a while... uc-cdis/data-portal#191)
• e2f0e73 fix Chore/genomel uc-cdis/data-portal#235; currentTarget initialization
• c774f9e Adopt type=module (Feat/ndh2 uc-cdis/data-portal#234)
• e9aa6cb Merge pull request test that the docker comes up(doesn't crash because of schema mismatch) uc-cdis/data-portal#236 from fidelthomet/patch-1
• 506ccf3 Docs: Update default value for zoom.filter
• 84a5e7b adding passive flag to wheel zoom event listener to remove google's warning
• db169ea v2.0.0
• 8f81ee7 d3 dependencies
• c2fa604 Merge pull request centralize config for summary nodes selection uc-cdis/data-portal#205 from d3/two
• 28bb791 v2.0.0-rc.1
• 0fa9a21 Merge pull request chore(hostname): adapt to openstack uc-cdis/data-portal#214 from d3/document-translate-tk-192
• ab4bc64 pinch-to-zoom
• a710747 Merge branch 'tapDistance-180' into two
• e02e23c Merge branch 'two' into tapDistance-180
• 87c6215 remove touch-action:none
• 96bd44b remove zoomEvent.on for now
• 3318746 introduces tapDistance (default 10 pixels)
• 5ee1a8d x and y are scaled by t_k when calling t.translate(x,y)
• 4d2a5f1 pinch-to-zoom
• 87781b6 d3
• c0fbb0f dbltap results in a touchend event being passed to dblclicked
• 0c6be96 accept subevents
• 82b6e36 in wheeled also, send args

See the full diff

Package name: echarts

The new version differs by 250 commits.

• 1c70026 Merge pull request #15745 from apache/release-dev
• 21d6317 release 5.2.1
• 5ff6216 Merge pull request #15735 from apache/series-type-register
• a11d9af feat(type): provide ability to extend series option
• b29726d Merge pull request #15732 from apache/master
• 6384acf Merge pull request #15731 from apache/fix-line-animation
• 4824ada fix(line): fix animation is not stopped when direct update points.
• 26e9a95 Merge pull request #15720 from apache/fix-legend-symbol-keep-aspect
• 5d667ec Merge pull request #15722 from williamorim/ptBRlang
• add3f76 chaging double quotes for single quotes
• b98affc Adding pt-BR lang file
• 6641951 Merge pull request #15683 from apache/fix-tooltip
• 35e3511 fix(legend): add back symbolKeepAspect. optimize code logic.
• 233d2a1 Merge pull request #15715 from apache/fix-test
• 3bea75a test: optimize test cases for visual regression test
• bdafcbc Merge pull request #15711 from apache/fix-line-gradient
• fde66ec Merge pull request #15589 from apache/fix-polar
• fc507c0 test(polar): update test case
• d88f7cb Merge pull request #15712 from apache/axis-hide-overlap
• 7dbf36c fix(time): add `axisLabel.hideOverlap`
• 344b648 fix(line): soft clipping gradient.
• 01bf5f1 Merge pull request #15706 from apache/fix-sunburst
• dd1890b fix(sunburst): improve code
• c5fcf82 fix(sunburst): radius in levels

See the full diff

Package name: isomorphic-fetch

The new version differs by 12 commits.

• fc5e0d0 3.0.0
• 496fa43 Add version that was previously uncomitted to the package.json due to the previous release process
• 9f5a8b6 Add a list of alternatives
• 49280e6 Resolve minor security issue
• 0f5edd0 Explain why Isomorphic Fetch is needed in docs ([Snyk] Fix for 3 vulnerabilities #135)
• e32b006 Fix travis (fix(Dictionary): tolerate , in enum props uc-cdis/data-portal#190)
• db0aa8c Update to latest version
• 8bf02c4 Bump node-fetch from 1.7.3 to 2.6.1 (Add Logos uc-cdis/data-portal#189)
• 89c7e70 Merge pull request [Snyk] Fix for 1 vulnerabilities #93 from paulmelnikow/fetch_ponyfill
• 25e3cab Add link to fetch-ponyfill
• 8d33aba Merge pull request [Snyk] Fix for 1 vulnerabilities #90 from josiah0/update-lintspaces-cli
• c22fcda Update lintspaces-cli

See the full diff

Package name: jszip

The new version differs by 9 commits.

• e5b3f0d 3.7.0
• e88ba4b Update for version 3.7.0
• 9046487 Disable proto assert that fails in browsers
• 6d029b4 Merge pull request chore: bump guppy and gen3-ui-component version uc-cdis/data-portal#766 from MichaelAquilina/fix/files-null-prototype
• bb38812 Ensure prototype isn't modified by zip file
• d024c22 test: Add test case for loading zip filenames which shadow method names
• 2235749 fix: Use a null prototype object for this.files
• b7f472d Merge pull request (PXP-7133) Fix/login filter uc-cdis/data-portal#757: Update license to be valid spdx identifier
• a311039 update license to be valid spdx identifier

See the full diff

Package name: node-fetch

The new version differs by 2 commits.

• 1ef4b56 backport of Feat/team project api update uc-cdis/data-portal#1449 (Fix/results app home error handling uc-cdis/data-portal#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json ([Snyk] Upgrade @babel/core from 7.21.3 to 7.21.5 uc-cdis/data-portal#1310)

See the full diff

Package name: recharts

The new version differs by 25 commits.

• 3115b4d build 2.1.3
• 6f2551e fix: Customized component has no key (#2637)
• f5b8414 Fix XAxis scale propery type (#2641)
• ae02a4d Update README.md (#2649)
• 9aba237 build 2.1.2
• 300f726 Fix fragment children (#2481)
• 2805e0b fixes undefined field reference when optional variables not supplied (#2630)
• 89f3232 build 2.1.1
• c3381af fix: responsive container (#2622)
• 213d4a9 fix: fix format
• 8da1b74 build 2.1.0
• 2093a6b Wrap ResponsiveContainer with forwardRef (#2612)
• 281ea48 Add chart type to tooltip payload (#2599)
• 857663f Fix for recharts issue #1787 (#2604)
• af948a7 build 2.0.10
• 40a18f8 fix: show scatter chart tooltip cross cursor (#2592)
• 94e5808 Update Bar.tsx (#2582)
• e91fad3 Merge pull request #2516 from ckotyan/patch-1
• d857b4e Merge pull request #2512 from andy128k/patch-1
• e90a4e1 Merge pull request #2477 from bsell93/patch-1
• 8340d63 Merge pull request #2457 from anselmpaul/master
• 35840a0 Passthrough position attribute on createLabeledScales
• a0ab49c Fix barchart for a single data point
• d0b5781 allow automated axis padding for "gap" and "no-gap"

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn