[Snyk] Fix for 54 vulnerabilities

[matrix-compute]

Snyk has created this PR to fix 54 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• superset-frontend/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	876
	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	811
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	786
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	786
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	776
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	776
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	776
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	756
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	756
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	696
	Denial of Service (DoS) SNYK-JS-WS-7266574	696
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	691
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	686
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	666
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	666
	Prototype Pollution SNYK-JS-DEEPOBJECTDIFF-3104594	646
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	646
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	646
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	646
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	646
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	629
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	626
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	624
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	616
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	589
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	589
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	589
	Improper Control of Dynamically-Managed Code Resources SNYK-JS-EJS-6689533	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	586
	Cross-site Scripting (XSS) SNYK-JS-MARKDOWNTOJSX-6258886	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	586
	Information Exposure SNYK-JS-NODEFETCH-2342118	539
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	529
	Improper Input Validation SNYK-JS-NANOID-8492085	529
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	524
	Open Redirect SNYK-JS-EXPRESS-6474509	519
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506
	Cross-site Scripting (XSS) SNYK-JS-STORE2-8660837	498
	Command Injection SNYK-JS-NODENOTIFIER-1035794	494
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	490
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNTOJSX-3310443	479
	Improper Input Validation SNYK-JS-POSTCSS-5926692	479
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	469
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	429
	Cross-site Scripting SNYK-JS-SEND-7926862	319
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	319

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@ant-design/icons@5.0.1	None	+3	18.3 MB	zombiej
npm/@applitools/eyes-storybook@3.30.1	Transitive: environment, eval, filesystem, network, shell, unsafe	+78	10.6 MB	applitools-admin
npm/@babel/cli@7.22.6	Transitive: eval, filesystem, network, shell	+5	1.28 MB	nicolo-ribaudo
npm/@babel/compat-data@7.22.6 🔁 npm/@babel/compat-data@7.16.0, npm/@babel/compat-data@7.21.4	None	0	63.9 kB	nicolo-ribaudo
npm/@babel/core@7.22.8 🔁 npm/@babel/core@7.16.0, npm/@babel/core@7.17.5	None	+28	7.57 MB	nicolo-ribaudo
npm/@babel/eslint-parser@7.22.7	unsafe	+3	230 kB	nicolo-ribaudo
npm/@babel/node@7.22.6	None	0	40.8 kB	nicolo-ribaudo
npm/@babel/plugin-transform-runtime@7.22.7	unsafe	+7	622 kB	nicolo-ribaudo
npm/@babel/preset-env@7.22.7 🔁 npm/@babel/preset-env@7.21.4	None	+104	7.47 MB	nicolo-ribaudo
npm/@babel/preset-react@7.22.5	None	+9	208 kB	nicolo-ribaudo
npm/@babel/register@7.22.5	environment, filesystem, unsafe	0	61.7 kB	nicolo-ribaudo
npm/@babel/runtime-corejs3@7.22.6	None	0	359 kB	nicolo-ribaudo
npm/@babel/runtime@7.20.1 🔁 npm/@babel/runtime@7.17.2	None	0	218 kB	nicolo-ribaudo
npm/@babel/types@7.22.5 🔁 npm/@babel/types@7.21.4, npm/@babel/types@7.23.0	None	+2	2.47 MB	nicolo-ribaudo
npm/@cypress/react@5.10.1	None	+1	147 kB	cypress-npm-publisher
npm/@data-ui/event-flow@0.0.84	Transitive: environment, eval, filesystem	+12	5.05 MB	data-ui
npm/@data-ui/histogram@0.0.84	None	+20	1.45 MB	data-ui
npm/@data-ui/theme@0.0.84	None	0	19.3 kB	data-ui
npm/@data-ui/xy-chart@0.0.84	Transitive: environment, eval	+14	1.39 MB	data-ui
npm/@emotion/babel-preset-css-prop@11.2.0	environment	+15	2.46 MB	emotion-release-bot
npm/@emotion/jest@11.3.0	environment	+2	132 kB	emotion-release-bot
npm/@encodable/color@1.1.1	None	+7	761 kB	kristw-bot
npm/@fontsource/inter@4.0.0	None	0	5.38 MB	lotusdevshack
npm/@hot-loader/react-dom@16.13.0	environment, eval	+1	3.12 MB	kashey
npm/@istanbuljs/nyc-config-typescript@1.0.1	None	+1	20.8 kB	coreyfarrell
npm/@mapbox/geojson-extent@1.0.1	Transitive: filesystem	+4	120 kB	mapbox-npm-02
npm/@math.gl/web-mercator@3.6.3	None	0	301 kB	pessimistress
npm/@react-icons/all-files@4.1.0	None	0	40.2 MB	kamijin_fanta
npm/@reduxjs/toolkit@1.9.3	environment	0	12.8 MB	acemarke
npm/@scarf/scarf@1.3.0	environment, filesystem, network, shell	0	53.8 kB	aviaviavi
npm/@storybook/addon-actions@6.4.22	Transitive: environment	+1	2.94 MB	shilman
npm/@storybook/addon-docs@6.5.10	Transitive: environment, eval, filesystem, network, unsafe	+85	39.1 MB	shilman

🚮 Removed packages: npm/@applitools/eyes-cypress@3.29.1, npm/@cypress/code-coverage@3.10.4, npm/@superset-ui/core@2.1.0, npm/@types/cookie@0.6.0, npm/@types/ioredis@4.28.0, npm/@types/jest@27.0.2, npm/@types/jsonwebtoken@9.0.5, npm/@types/lodash@4.14.202, npm/@types/querystringify@2.0.0, npm/@types/uuid@9.0.7, npm/@types/ws@8.5.10, npm/@typescript-eslint/eslint-plugin@5.61.0, npm/@typescript-eslint/parser@5.62.0, npm/brace@0.11.1, npm/cookie@0.6.0, npm/eslint-config-prettier@9.1.0, npm/eslint@8.55.0, npm/hot-shots@10.0.0, npm/ioredis@4.28.5, npm/jest@27.3.1, npm/jsonwebtoken@9.0.2, npm/lodash@4.17.21, npm/ts-jest@27.0.7, npm/ts-node@10.9.2, npm/typescript@4.9.5, npm/uuid@9.0.1, npm/winston@3.11.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	CI
Critical CVE	npm/loader-utils@2.0.0	CVE: GHSA-76p3-8jx3-jpfq Prototype pollution in webpack loader-utils (CRITICAL) Affected versions: >= 2.0.0, < 2.0.3 Patched version: 2.0.3	⚠︎

View full report↗︎

Next steps

What is a critical CVE?

Contains a Critical Common Vulnerability and Exposure (CVE).

Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/loader-utils@2.0.0