[Snyk] Fix for 1 vulnerabilities

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 61, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/react-webpack5

The new version differs by 250 commits.

• b64214c Bump version from "7.6.0-beta.2" to "7.6.0" [skip ci]
• d8ff7d8 Merge pull request Navigation Component: Introduce item grouping WordPress/gutenberg#24992 from storybookjs/version-non-patch-from-7.6.0-beta.2
• e1eae5b Update latest.json
• 4316190 Add Changelog to 7.6 release
• 6417d4b Merge latest-release into version-non-patch-from-7.6.0-beta.2 with conflicts resolved to ours [skip ci]
• 5e06e3a Write changelog for 7.6.0 [skip ci]
• ca56066 Merge pull request Fix issue with gradient swatches stacking badly with scrollbar. WordPress/gutenberg#25002 from storybookjs/valentin/do-not-load-babel-options-in-swc-mode
• a60f3dd Merge pull request Add title attribute to Navigation Link block. WordPress/gutenberg#24993 from storybookjs/valentin/fix-react-docgen-for-nextjs
• 99dab60 Fix CRA
• 0adaf29 Webpack5: Load babel-options only when necessary
• c4d5f05 Merge pull request Fix Performance Tests on CI WordPress/gutenberg#24925 from storybookjs/changes-from-docs-updates
• 4933c17 Next.js: Fix react-docgen usage with preset-env settings
• 8409ac7 Content updates
• 975ad76 Update TOC to use `heading` type
• a076f4f Remove `/<renderer>` from URLs in docs
• 1fb8d01 Remove `/<renderer>` from URLs in CLI templates
• 31247ba Docs TOC updates
• 66cf39b Merge pull request Add a way to change template parts. WordPress/gutenberg#24990 from storybookjs/fix-sveltekit-template
• 3b3ac24 Merge pull request Extend Block Style Variations to Support Setting Block Settings WordPress/gutenberg#24994 from storybookjs/kasper/filter-out-docs-from-essentials
• 78ce946 Merge pull request Current performance renders Gutenberg completely unusable WordPress/gutenberg#24986 from storybookjs/docs_swc_flag
• cc288d0 Filter out docs from essentials as well
• c1c520d Merge branch 'next' into docs_swc_flag
• f883290 Merge pull request Add block inspector virtual bubbling option WordPress/gutenberg#24991 from storybookjs/valentin/fix-fast-refresh-for-swc-nextjs
• 6b22f0e Next.js: Fix Fast Refresh config for SWC mode

See the full diff

Package name: appium

The new version differs by 56 commits.

• d6204b6 chore: publish
• f0a01ae ci: rename publish doc ci script
• b64092d ci: add npm install step to publish doc workflow
• 6082cb1 docs(appium): add environment variable docs (Social Links Block: SoundCloud Typo  WordPress/gutenberg#18994)
• b88ac49 test(appium): add test to prove umbrella commands don't circumvent driver command timeouts (Navigation block: Can't style block in editor using theme CSS WordPress/gutenberg#18914)
• c933732 fix(universal-xml-plugin): actually export plugin (Add initialOpen support for PluginDocumentSettingPanel component. WordPress/gutenberg#18985)
• b71340a chore(ci): fix bug report template typo (Template add uncomplete div WordPress/gutenberg#18974)
• 5a26111 fix(appium): Update the GET /status response to be in sync with the standard (Multi select: remove unneeded scrolling WordPress/gutenberg#18972)
• aaf58c3 feat(base-driver): Make it possible to provide settings as a map in session capabilities (Site Title: Access the new API endpoint for editing the site title WordPress/gutenberg#18970)
• fb34ab9 fix(types): update dependency type-fest to v3.13.1
• a21ae6a fix(test-support): update dependency sinon to v15.2.0
• 1358937 fix(test-support): update dependency @ colors/colors to v1.6.0
• f9ba313 fix(support): update dependency plist to v3.1.0
• b85a92a fix(appium): update dependency winston to v3.10.0
• 544aeec chore(docutils): update dependency mkdocs-material to v9.1.21
• 97c5d92 chore(docutils): update dependency mkdocs to v1.5.2
• 3e1eda0 chore(deps): update eslint-related packages
• a9e86aa fix(doctor): update dependency appium-adb to v9.14.4 (Navigation Block not accepting formats WordPress/gutenberg#18844)
• a888e26 fix(typedoc-plugin-appium): update dependency handlebars to v4.7.8 (Block has encountered an error Problem WordPress/gutenberg#18947)
• 12147d5 fix(universal-xml-plugin): update dependency @ xmldom/xmldom to v0.8.10 (Registering a block doesn't work when using the @wordpress/blocks package WordPress/gutenberg#18949)
• 03ddcdf fix(support): update dependency semver to v7.5.4
• fc01fb9 fix(universal-xml-plugin): update dependency fast-xml-parser to v4 (Block Editor: Implement new colors hook. WordPress/gutenberg#16781)
• 9a5c9ae fix(execute-driver-plugin): update dependency webdriverio to v7.32.3
• 2e18780 ci: Add needs section

See the full diff

Package name: lerna

The new version differs by 82 commits.

• 5646a45 chore(misc): publish 8.0.1
• 1b91cc0 chore: ci tweaks (Commas in page atts panel WordPress/gutenberg#3921)
• 8f7a32b fix(version): create correct independent tags when using --sign-git-tag (Heading, List: Fix onMerge errors WordPress/gutenberg#3917)
• f5fdcba fix: update node-gyp usage to v10 to resolve npm warning (Wrong path - "vendor/plugins" subfolder missing WordPress/gutenberg#3919)
• ce0221d chore: disable verbose logging in other node versions workflow
• d733920 chore: fix other-node-versions by removing @ 8 specifier from corepack prepare pnpm (RTL: Flip some dashicons that have directionality WordPress/gutenberg#3912)
• a8cf247 chore(child-process): convert to typescript (Framework: Update npm packages to remove warnings from the console WordPress/gutenberg#3908)
• 2ba1a0c chore: update v8 release notes
• 9c71696 chore: update v8 release notes
• b664840 chore(misc): publish 8.0.0
• c836974 chore: restore corepack in task runner e2e
• d4d2bdf chore: disable cloud for task runner e2e ci
• 9f1adbe chore: disable cloud for task runner e2e ci
• 9bdfbf4 chore: disable cloud for task runner e2e ci
• 5cd5b20 chore: task runner e2e ci tweaks
• a2b00b6 chore: comment out NX_BRANCH env var
• 32d9f63 chore: fix formatting
• 2553e44 chore: disable verbose logging in CI
• 2ff3705 chore: add missing updates
• 4f5edee feat!: stop publishing @ lerna/child-process (RTL: fix image resizing handles in RTL mode WordPress/gutenberg#3909)
• 4445fce chore(run): enable strict type checking (Framework: Replace flowRight occurences with compose for HOCs WordPress/gutenberg#3907)
• 837af93 feat!(deps): update yargs and yargs-parser to latest (Don't try to parse strings that don't contain blocks WordPress/gutenberg#3903)
• 3b05947 feat(version): add --premajor-version-bump option to force patch bumps for non-breaking changes in premajor packages (Inserter: Fix React warning when saving reusable blocks WordPress/gutenberg#3876)
• a3cb7ca feat(version): use corepack for install when enabled (Links suggestions: quotes in the post title get encoded WordPress/gutenberg#3877)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Jan 30, 2024 5:33pm
gutenberg-wd9x	❌ Failed (Inspect)			Jan 30, 2024 5:33pm

[pull-request-quantifier-deprecated]

This PR has 6 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +3 -3
Percentile : 2.4%

Total files changed: 1

Change summary by file extension:
.json : +3 -3

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[github-actions]

Warning: Type of PR label mismatch

To merge this PR, it requires exactly 1 label indicating the type of PR. Other labels are optional and not being checked here.

• Type-related labels to choose from: [Type] Automated Testing, [Type] Breaking Change, [Type] Bug, [Type] Build Tooling, [Type] Code Quality, [Type] Copy, [Type] Developer Documentation, [Type] Enhancement, [Type] Experimental, [Type] Feature, [Type] New API, [Type] Task, [Type] Technical Prototype, [Type] Performance, [Type] Project Management, [Type] Regression, [Type] Security, [Type] WP Core Ticket, Backport from WordPress Core.
• Labels found: Extra Small.

Read more about Type labels in Gutenberg. Don't worry if you don't have the required permissions to add labels; the PR reviewer should be able to help with the task.

[guardrails]

⚠️ We detected 3 security issues in this pull request:

Vulnerable Libraries (3)

Severity	Details
High	pkg:npm/@storybook/react-webpack5@7.2.2 (t) upgrade to: > 7.2.2
High	pkg:npm/appium@2.0.0 (t) upgrade to: > 2.0.0
High	pkg:npm/lerna@7.1.4 (t) upgrade to: > 7.1.4

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.