[Snyk] Fix for 32 vulnerabilities

[MaxMood96]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	Yes	No Known Exploit
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Command Injection SNYK-JS-NODEIDEVICE-609343	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Input Validation SNYK-JS-XMLDOM-1534562	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Prototype Pollution SNYK-JS-XMLDOM-3042242	Yes	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-XMLDOM-3092935	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Avoid using inline RichText element for navigation link WordPress/gutenberg#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request Framework: WP_Block: Use reflected type hint for render_callback WordPress/gutenberg#21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request Add current post type being edited in Gutenberg WordPress/gutenberg#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request Template Parts: Support REST API meta queries. WordPress/gutenberg#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request Remove negative margin on help text WordPress/gutenberg#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request Improve User Experience of Left/Right-Aligning Images WordPress/gutenberg#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request Edit unsupported blocks in a RN web view WordPress/gutenberg#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request New paragraph placeholder changes font-style/size after focus in many themes WordPress/gutenberg#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Avoid using inline RichText element for navigation link WordPress/gutenberg#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request Framework: WP_Block: Use reflected type hint for render_callback WordPress/gutenberg#21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request Add current post type being edited in Gutenberg WordPress/gutenberg#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request Template Parts: Support REST API meta queries. WordPress/gutenberg#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request Remove negative margin on help text WordPress/gutenberg#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request Improve User Experience of Left/Right-Aligning Images WordPress/gutenberg#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request Edit unsupported blocks in a RN web view WordPress/gutenberg#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request New paragraph placeholder changes font-style/size after focus in many themes WordPress/gutenberg#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: appium

The new version differs by 250 commits.

• 3fa73a1 chore(appium): remove rc tag from appium 2
• 1ab323b chore(appium): promote appium npm tag to latest
• b8e1f38 chore(docutils): update dependency mkdocs-material to v9.1.18
• 02896d0 chore(deps): update eslint-related packages
• 8a6a4ba chore: publish
• 52b646c chore(typedoc-plugin-appium): update snapshots
• 2b35170 fix(base-driver): pass thru all type args to ExternalDriver
• c13333b fix(appium): type fixes for ts v5
• 62f4244 fix(types): update some more types to reflect reality
• 26eb766 chore(base-driver): actually run type tests
• 679865e fix(eslint-config-appium): remove prototype assignment warning
• f1d768c chore: upgrade typescript
• d6cca51 fix(types): separate the type of opts from initialOpts
• 3d614d6 fix(base-driver): allow subclass to define shape of settings object
• ee9b2a3 fix(types): ensure return type of deleteSession can always be void
• e30ad0e chore(appium,types): remove some useless type arguments
• 01061b2 fix(types,base-driver): remove deviceName from base constraints
• 24e7aec fix(types): fix signature of updateSettings
• ed1856d fix(support): update dependency semver to v7.5.3
• 757fbaa chore(deps): update dependency @ types/node to v18.16.19
• fdd2ac0 fix(doctor): update dependency appium-adb to v9.11.7
• 3906f7d chore(docutils): update dependency mkdocs-material to v9.1.17
• f09fbb6 fix(appium): restrict address to ipv6/hostname (When hovering over a nested block in select mode, the left border disappears WordPress/gutenberg#18824)
• 97fe159 chore(appium): Improve the error message on config load error (Fix Tools icon being 24x24 instead of 20x20. WordPress/gutenberg#18829)

See the full diff

Package name: lint-staged

The new version differs by 68 commits.

• 885a644 Merge pull request Sidebar: Status & Visibility panel WordPress/gutenberg#852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request Dismiss block borders by key press WordPress/gutenberg#837 from okonet/serial-git-add

See the full diff

Package name: react-native

The new version differs by 250 commits.

• 7fc33cc [0.70.0] Bump version numbers
• e044a71 [0.70.0-rc.4] Bump version numbers
• a168c55 [LOCAL] follow up to codegen update
• a22ceec Bump react-native-codegen to 0.70.4
• 05dcebc [LOCAL] follow up to metro bump
• 97782c2 Upgrade RN CLI to v9.0.0 and Metro to 0.72.1 ([RNMobile][Embed block] Enable embed inline previews WordPress/gutenberg#34447)
• 7a01444 Fix codegen trying to parse `.d.ts` files (Add default editor styles applied to themes without theme.json and without editor styles WordPress/gutenberg#34439)
• b640f06 Update template to gitignore `android/app/.cxx` (Copy Handler: only handle paste event once WordPress/gutenberg#34430)
• 5367459 Make sure the template project name is `helloworld_appmodules` (API Fetch: Improve isMediaUploadRequest check WordPress/gutenberg#34417)
• 0b4b777 Hermes version bump for 0.70.0-RC4
• 1aabd09 [0.70.0-rc.3] Bump version numbers
• 1518f83 Upgrade react-native-gradle-plugin to 0.70.2 (Global Styles: Add the ability to set a background color for a specific post/page template WordPress/gutenberg#34390)
• 6d3b8a2 chore(deps): bump CLI to latest v9 alpha (CustomSelectControl: Add describedBy fallback WordPress/gutenberg#34385)
• c666fda Silence deprecation warning for react-native dependency. (Full-width in reusable blocks WordPress/gutenberg#34368)
• 04990df Update the new app template to use CMake instead of Android.mk (FSE: Add basic support for child themes WordPress/gutenberg#34354)
• 33ddb00 fix: react android kotlin plugin version conflict (Navigation editor: Menu switcher doesn't show after deleting a menu WordPress/gutenberg#34255)
• 6a87015 Bump Gradle to 7.5.1 (RichText: internal value refactor WordPress/gutenberg#34359)
• 9424d2c Avoid full copy of large folly::dynamic objects in JSIExecutor#defaultTimeoutInvoker [RFC]
• a0ae1fb fix(android): Append `.exe` to hermesc binary path for Windows users (Docs: Remove extraneous params from block_type_metadata hook WordPress/gutenberg#34151)
• d077bdf [0.70.0-rc.2] Bump version numbers
• 120b988 Removing reactnativeutilsjni as it is built from the same sources as reactnativejni (Explore alternative documentation for BottomSheet Header component. WordPress/gutenberg#34339)
• 6450bc6 Fix accessibilityState overwriting view's disabled state on Android (Components: replace legacy ColorPicker with new version WordPress/gutenberg#34287)
• 23cc056 Bump Gradle to 7.5.0 (List View: Slow group deletion WordPress/gutenberg#34310)
• 2176173 Upgrade react-native-gradle-plugin to 0.70.1 (Components: Rename PolymorphicComponent* types to WordPressComponent* WordPress/gutenberg#34330)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Cross-site Request Forgery (CSRF)
🦉 More lessons are available in Snyk Learn