[Snyk] Fix for 14 vulnerabilities

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHSET-1320032	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3177391	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• 49f18e8 Bump version from "8.0.0-rc.5" to "8.0.0" [skip ci]
• 6c30c31 Trigger release of 8.0.0 with empty commit
• 8c7c296 Write changelog [skip ci]
• 82e153f Merge pull request Search for posts when adding links is potentially VERY slow WordPress/gutenberg#26358 from storybookjs/framework-doc-svelte-vite
• fffbbc9 Add `svelte-vite` framework doc
• 298d60c Merge pull request Full Site Editing: Hide empty sections in template navigation UI WordPress/gutenberg#26265 from storybookjs/framework-doc-react-webpack5
• f9646dd Address comments
• d392a90 Add `react-webpack5` framework doc
• 3004edf Merge pull request Full Site Editing: De-emphasise inactive templates in template navigation UI WordPress/gutenberg#26264 from storybookjs/framework-doc-react-vite
• 3586fc9 Address comments
• 116fd4a Add react-vite framework doc
• 9050c69 Bump version from "8.0.0-rc.4" to "8.0.0-rc.5" [skip ci]
• 1e33053 Merge pull request Set theme jekyll-theme-hacker WordPress/gutenberg#26412 from storybookjs/version-non-patch-from-8.0.0-rc.4
• cdfd820 Write changelog for 8.0.0-rc.5 [skip ci]
• eac3a3b Merge pull request Excessive minimum 200px height in Shortcode block WordPress/gutenberg#26410 from storybookjs/norbert/fix-automigration-latest-detection
• d978771 add a flag for detecting is the latest version we got from npm matches the version of the CLI exactly
• bfa0570 Bump version from "8.0.0-rc.3" to "8.0.0-rc.4" [skip ci]
• 46bc788 Merge pull request Mobile Release v99.99.99 WordPress/gutenberg#26370 from storybookjs/version-non-patch-from-8.0.0-rc.3
• a6e4d90 Write changelog for 8.0.0-rc.4 [skip ci]
• 37276b2 Merge pull request Writing flow: Column: Horizontal multi-selection starting from text fails WordPress/gutenberg#26321 from storybookjs/docs_snapshot_testing
• c1fc191 Merge branch 'next' into docs_snapshot_testing
• 4f6f044 Merge pull request [RNMobile] Initial HTML E2E test WordPress/gutenberg#26405 from storybookjs/norbert/fix-esbuild-version
• 9c2d525 fix the esbuild compatibility versions ranges
• 973fa2d Merge pull request Pick.Hmkoreas.com WordPress/gutenberg#26398 from storybookjs/docs_fix_tables

See the full diff

Package name: @storybook/react-webpack5

The new version differs by 250 commits.

• b64214c Bump version from "7.6.0-beta.2" to "7.6.0" [skip ci]
• d8ff7d8 Merge pull request Navigation Component: Introduce item grouping WordPress/gutenberg#24992 from storybookjs/version-non-patch-from-7.6.0-beta.2
• e1eae5b Update latest.json
• 4316190 Add Changelog to 7.6 release
• 6417d4b Merge latest-release into version-non-patch-from-7.6.0-beta.2 with conflicts resolved to ours [skip ci]
• 5e06e3a Write changelog for 7.6.0 [skip ci]
• ca56066 Merge pull request Fix issue with gradient swatches stacking badly with scrollbar. WordPress/gutenberg#25002 from storybookjs/valentin/do-not-load-babel-options-in-swc-mode
• a60f3dd Merge pull request Add title attribute to Navigation Link block. WordPress/gutenberg#24993 from storybookjs/valentin/fix-react-docgen-for-nextjs
• 99dab60 Fix CRA
• 0adaf29 Webpack5: Load babel-options only when necessary
• c4d5f05 Merge pull request Fix Performance Tests on CI WordPress/gutenberg#24925 from storybookjs/changes-from-docs-updates
• 4933c17 Next.js: Fix react-docgen usage with preset-env settings
• 8409ac7 Content updates
• 975ad76 Update TOC to use `heading` type
• a076f4f Remove `/<renderer>` from URLs in docs
• 1fb8d01 Remove `/<renderer>` from URLs in CLI templates
• 31247ba Docs TOC updates
• 66cf39b Merge pull request Add a way to change template parts. WordPress/gutenberg#24990 from storybookjs/fix-sveltekit-template
• 3b3ac24 Merge pull request Extend Block Style Variations to Support Setting Block Settings WordPress/gutenberg#24994 from storybookjs/kasper/filter-out-docs-from-essentials
• 78ce946 Merge pull request Current performance renders Gutenberg completely unusable WordPress/gutenberg#24986 from storybookjs/docs_swc_flag
• cc288d0 Filter out docs from essentials as well
• c1c520d Merge branch 'next' into docs_swc_flag
• f883290 Merge pull request Add block inspector virtual bubbling option WordPress/gutenberg#24991 from storybookjs/valentin/fix-fast-refresh-for-swc-nextjs
• 6b22f0e Next.js: Fix Fast Refresh config for SWC mode

See the full diff

Package name: appium

The new version differs by 250 commits.

• 9cc598a chore: publish
• 91320dd fix(execute-driver-plugin): update dependency webdriverio to v8.30.0
• 23dc3d5 chore(deps): update eslint-related packages to v6.21.0
• 35742f0 chore(deps): update dependency lerna to v8.1.2
• 52a6f96 fix(execute-driver-plugin): update dependency webdriverio to v8.29.7
• d064dd1 chore(deps): update dependency prettier to v3.2.5
• 7bf4d69 chore(docutils): update dependency mkdocs-git-revision-date-localized-plugin to v1.2.4
• cdc7c09 chore(docutils): update dependency mkdocs-material to v9.5.7
• 17c7a7c chore(deps): update dependency @ types/node to v20.11.16
• 3032b00 chore(deps): update dependency npm-run-all2 to v6.1.2
• 6dacb5e fix(execute-driver-plugin): update dependency webdriverio to v8.29.3
• 5a8af13 chore(deps): update dependency @ types/node to v20.11.13
• 569db83 fix(universal-xml-plugin): update dependency fast-xml-parser to v4.3.4
• 32e9191 chore(deps): update dependency npm-run-all2 to v6 (Block Editor: LinkControl: Align documentation with current behavior WordPress/gutenberg#19736)
• 21b808d chore(deps): update eslint-related packages to v6.20.0
• 83cc668 chore(deps): update dependency npm-run-all2 to v5.0.2 (Block Library: Button: Remove title attribute handling WordPress/gutenberg#19735)
• b92ab24 chore(deps): replace dependency npm-run-all with npm-run-all2 5.0.0 (Accessibility: Show open button when the sidebar is closed and tabbingg out of the content WordPress/gutenberg#19726)
• 4c7661d chore(deps): update dependency @ types/node to v20.11.10
• b14c03f chore(docutils): update dependency mkdocs-material to v9.5.6
• 0e1eb95 chore(deps): update dependency @ types/node to v20.11.9
• edb490f chore: Remove commitlint and husky (Writing Flow: fix list selection (2) WordPress/gutenberg#19724)
• 202da83 fix(images-plugin): update dependency lru-cache to v10 ([RNMobile] Add media edit icon to image block WordPress/gutenberg#19723)
• d10b4ba chore(docutils): update consola to 3.2.3 (RichText: set correct selection on split WordPress/gutenberg#19655)
• 6cd2c54 fix(doctor): update dependency appium-adb to v12.0.3 (RNMobile - Cover Block: First iteration WordPress/gutenberg#19722)

See the full diff

Package name: glob

The new version differs by 137 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: lerna

The new version differs by 82 commits.

• 5646a45 chore(misc): publish 8.0.1
• 1b91cc0 chore: ci tweaks (Commas in page atts panel WordPress/gutenberg#3921)
• 8f7a32b fix(version): create correct independent tags when using --sign-git-tag (Heading, List: Fix onMerge errors WordPress/gutenberg#3917)
• f5fdcba fix: update node-gyp usage to v10 to resolve npm warning (Wrong path - "vendor/plugins" subfolder missing WordPress/gutenberg#3919)
• ce0221d chore: disable verbose logging in other node versions workflow
• d733920 chore: fix other-node-versions by removing @ 8 specifier from corepack prepare pnpm (RTL: Flip some dashicons that have directionality WordPress/gutenberg#3912)
• a8cf247 chore(child-process): convert to typescript (Framework: Update npm packages to remove warnings from the console WordPress/gutenberg#3908)
• 2ba1a0c chore: update v8 release notes
• 9c71696 chore: update v8 release notes
• b664840 chore(misc): publish 8.0.0
• c836974 chore: restore corepack in task runner e2e
• d4d2bdf chore: disable cloud for task runner e2e ci
• 9f1adbe chore: disable cloud for task runner e2e ci
• 9bdfbf4 chore: disable cloud for task runner e2e ci
• 5cd5b20 chore: task runner e2e ci tweaks
• a2b00b6 chore: comment out NX_BRANCH env var
• 32d9f63 chore: fix formatting
• 2553e44 chore: disable verbose logging in CI
• 2ff3705 chore: add missing updates
• 4f5edee feat!: stop publishing @ lerna/child-process (RTL: fix image resizing handles in RTL mode WordPress/gutenberg#3909)
• 4445fce chore(run): enable strict type checking (Framework: Replace flowRight occurences with compose for HOCs WordPress/gutenberg#3907)
• 837af93 feat!(deps): update yargs and yargs-parser to latest (Don't try to parse strings that don't contain blocks WordPress/gutenberg#3903)
• 3b05947 feat(version): add --premajor-version-bump option to force patch bumps for non-breaking changes in premajor packages (Inserter: Fix React warning when saving reusable blocks WordPress/gutenberg#3876)
• a3cb7ca feat(version): use corepack for install when enabled (Links suggestions: quotes in the post title get encoded WordPress/gutenberg#3877)

See the full diff

Package name: lint-staged

The new version differs by 68 commits.

• 885a644 Merge pull request Sidebar: Status & Visibility panel WordPress/gutenberg#852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request Dismiss block borders by key press WordPress/gutenberg#837 from okonet/serial-git-add

See the full diff

Package name: node-fetch

The new version differs by 7 commits.

• 1ef4b56 backport of Gallery: consider a toggle for cropped-view WordPress/gutenberg#1449 (Gallery: full-screen image preview WordPress/gutenberg#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (Editor sometimes doesn't load WordPress/gutenberg#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (Plugins: Let's discuss pluggable areas (w. updated blueprints) WordPress/gutenberg#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (Trying to delete text after making part of it a link causes syntax errors WordPress/gutenberg#1303)
• 18193c5 fix v2.6.3 that did not sending query params (Display Saving label while save in progress WordPress/gutenberg#1301)
• ace7536 fix: properly encode url with unicode characters (Why have Freemform blocks as well as Text blocks? WordPress/gutenberg#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (Remove Gutenberg link from page row actions since pages are not yet supported WordPress/gutenberg#1274)

See the full diff

Package name: postcss

The new version differs by 225 commits.

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request CSS Class name issue WordPress/gutenberg#1881 from romainmenke/improve-sourcemap-performance--philosophical-spiny-dogfish-3eb029c1c8
• 6a291d6 apply suggestions from code review
• efa442c Update lib/map-generator.js
• de33cf6 improve sourcemap performance
• 1c6ad25 Highlight banner with lines
• e10d5c0 More more detailed text below
• 3ff5f5f Rephrase into
• 272aae4 Remove old banner
• 632e876 Update CI actions
• cfa6cf4 Change EM banner
• fee5448 Release 8.4.29 version
• 3360c39 Update dependencies
• ade4145 Merge pull request The format list should be an ARIA menu and other a11y improvements WordPress/gutenberg#1879 from idoros/ido/fix-location-offset
• 9a7077b fix: node end offset
• ce9f6b3 Merge pull request Fix DropdownMenu arrows navigation and add missing aria-label. WordPress/gutenberg#1875 from coliff/patch-1

See the full diff

Package name: react-native

The new version differs by 250 commits.

• 972b420 Release 0.74.0
• 5d1272f Update Podfile.lock
• d4a48ce Release 0.74.0-rc.9
• 2b18fdf [LOCAL][iOS] Fix RNTester project and remove CCACHE from project when disabled
• 92c6d22 add privacy manifest to pod install
• bb5451b Fix Open Debugger dev menu item missing from iOS Bridgeless
• 0b3ebdf Change bridgeless check in dev menu (Block Editor: Refactor withColors tests to @testing-library/react WordPress/gutenberg#43976)
• 26854de Implement getJavaScriptContextHolder for BridgelessCatalystInstance (Introduce option to auto-convert freeform content upon opening the editor WordPress/gutenberg#44054)
• e7131fa Implement getRuntimeExecutor for BridgelessCatalystInstance (Fix: Global styles for non-core blocks aren't loaded on the front end WordPress/gutenberg#44053)
• 012a95c Update Podfile.lock
• 2a6e156 Release 0.74.0-rc.8
• cb2d93e [RN][iOS] Cherry Pick Layout: Fix blockGap output when using a falsy 0 value WordPress/gutenberg#43757 and Components: Retire LIGHT_GRAY color object WordPress/gutenberg#43994 (Set default alignments in theme.json WordPress/gutenberg#44007)
• 2d84d83 add privacy manifest to hello world template
• 03d526f Fix bridge mode by constructing ReactDelegate correctly. (Categories block doesn't inherit css from style.css on the Editor WordPress/gutenberg#43999)
• 4eb0534 Fix Orientation listener in bridgeless mode (Site editor: fix padding and margin visualizer positioning WordPress/gutenberg#43971)
• c2317bf Fix double metro banner in Bridgeless (Add a function for checking the block existence in a page template WordPress/gutenberg#43967)
• 85170c9 Fix possible deadlock in dispatchViewUpdates (core-data: Bundle TypeScript types with the data package WordPress/gutenberg#43643)
• cbfa0a2 Update Podfile.lock
• 40feba6 Release 0.74.0-rc.7
• 44159e3 Remove invalidate observer instead of re-adding observer in DeviceInfo module (Draggable block e2e tests: re-enable tests and make them pass WordPress/gutenberg#43737)
• 42eebaf Fix static linking for Bridgeless mode (Lodash: Refactor away from BlockActions WordPress/gutenberg#43846)
• 4e9196d Fix RCTRCTComposedViewRegistry for Old Arch by adding count and keyEnumerator (Query by name. WordPress/gutenberg#43850)
• 57ed1bd fix: add missing fields to native errors in new arch (Button: Add almost all missing typography supports WordPress/gutenberg#43649)
• 454e576 fix: build settings for custom build configuration (Template lock: Apply selected state to container block in list view WordPress/gutenberg#43780)

See the full diff

Package name: rimraf

The new version differs by 90 commits.

• a1268c9 4.3.1
• cacc067 changelog 4.3.1
• cd6fbc6 Only call directory removal method on actual dirs
• 4937e64 format markdown
• ba35d77 always return Dirents from readdir
• f923bb0 4.3.0
• ed7b2a6 test: chmod ordering is nondeterministic
• 4cb1d47 changelog about bin interactivity
• 95e13f2 try to make the interactive test less flaky
• 38e731f bin: add interactive mode
• ca28abb let the filter option be async for async methods
• 3b57687 add --verbose, --no-verbose to bin
• ed3288e add filter option
• e828fe2 Update v4 glob support in README
• 80aef8b 4.2.0
• 0d19a99 changelog 420
• f768f26 treat paths as glob patterns when glob option set
• 5760716 make rimraf cancelable with AbortSignals
• 417cdc7 4.1.4
• bdfa60c update deps, export types properly for cjs module
• 20e3799 use NodeJS.ErrnoException instead of FsError
• 450e3d2 4.1.3
• 8d77621 add declarationMap to tsconfig
• 49a2958 formatting tests

See the full diff

Package name: simple-git

The new version differs by 108 commits.

• d716d32 Merge pull request Quote: can get stuck with empty source placeholder WordPress/gutenberg#877 from steveukx/changeset-release/main
• 1a12952 Version Packages
• 12b8fc3 Merge pull request Editor: add suggestedPostFormat selector. WordPress/gutenberg#864 from steveukx/dependabot/npm_and_yarn/minimatch-3.0.5
• ec97a39 Block unsafe pack (push --exec) (The server-side rendering block matcher doesn't match blocks with - (hyphen) WordPress/gutenberg#882)
• 0a623e5 Feat/unsafe pack (Only show inline boundaries on focus WordPress/gutenberg#881)
• b45d08b Merge pull request Remove wp.element; embrace React WordPress/gutenberg#876 from steveukx/feat/support-checkout-B
• 97fde2c Add support for using the `-B` modifier instead of the default `-b` when using `checkoutBranch` / `checkoutLocalBranch`.
• edfd459 Update readme.md
• 459ec92 Merge pull request Placeholder styling and block styling can conflict. WordPress/gutenberg#868 from steveukx/changeset-release/main
• c9fc61f Version Packages
• de570ac Fix/non strings (Framework: redirecting to wp-admin URL WordPress/gutenberg#867)
• 7efdcbc chore(deps): bump minimatch from 3.0.4 to 3.0.5
• e1d66b6 Merge pull request Register mce plugin scripts WordPress/gutenberg#863 from steveukx/changeset-release/main
• d4764bf Version Packages
• 7746480 Chore: bump lerna, jest and create prettier workflow (Chrome: Adding the trash post link to the sidebar WordPress/gutenberg#862)
• 47030d5 Merge pull request Show UI on text selection WordPress/gutenberg#861 from steveukx/security/protocols
• 6b3c631 Create the `unsafe` plugin to configure how `simple-git` treats known potentially unsafe operations.
• 3324eed Merge pull request Sidebar: Add Featured Image panel WordPress/gutenberg#855 from steveukx/changeset-release/main
• e459622 Version Packages
• 2ea0231 Merge pull request Sidebar: Categories & Tags panel WordPress/gutenberg#854 from steveukx/chore/update-lerna
• 5a2e7e4 Add version parsing support for non-numeric patches (to include built… (Sidebar: Link to latest revision WordPress/gutenberg#853)
• 88fee05 Chore: bump lerna to latest `5.5.1`
• 0f964ba Merge pull request Add full-content tests for parsing + blocks list + serialization WordPress/gutenberg#849 from steveukx/changeset-release/main
• 6460a1f Version Packages

See the full diff

Package name: storybook

The new version differs by 250 commits.

• 49f18e8 Bump version from "8.0.0-rc.5" to "8.0.0" [skip ci]
• 6c30c31 Trigger release of 8.0.0 with empty commit
• 8c7c296 Write changelog [skip ci]
• 82e153f Merge pull request Search for posts when adding links is potentially VERY slow WordPress/gutenberg#26358 from storybookjs/framework-doc-svelte-vite
• fffbbc9 Add `svelte-vite` framework doc
• 298d60c Merge pull request Full Site Editing: Hide empty sections in template navigation UI WordPress/gutenberg#26265 from storybookjs/framework-doc-react-webpack5
• f9646dd Address comments
• d392a90 Add `react-webpack5` framework doc
• 3004edf Merge pull request Full Site Editing: De-emphasise inactive templates in template navigation UI WordPress/gutenberg#26264 from storybookjs/framework-doc-react-vite
• 3586fc9 Address comments
• 116fd4a Add react-vite framework doc
• 9050c69 Bump version from "8.0.0-rc.4" to "8.0.0-rc.5" [skip ci]
• 1e33053 Merge pull request Set theme jekyll-theme-hacker WordPress/gutenberg#26412 from storybookjs/version-non-patch-from-8.0.0-rc.4
• cdfd820 Write changelog for 8.0.0-rc.5 [skip ci]
• eac3a3b Merge pull request Excessive minimum 200px height in Shortcode block WordPress/gutenberg#26410 from storybookjs/norbert/fix-automigration-latest-detection
• d978771 add a flag for detecting is the latest version we got from npm matches the version of the CLI exactly
• bfa0570 Bump version from "8.0.0-rc.3" to "8.0.0-rc.4" [skip ci]
• 46bc788 Merge pull request Mobile Release v99.99.99 WordPress/gutenberg#26370 from storybookjs/version-non-patch-from-8.0.0-rc.3
• a6e4d90 Write changelog for 8.0.0-rc.4 [skip ci]
• 37276b2 Merge pull request Writing flow: Column: Horizontal multi-selection starting from text fails WordPress/gutenberg#26321 from storybookjs/docs_snapshot_testing
• c1fc191 Merge branch 'next' into docs_snapshot_testing
• 4f6f044 Merge pull request [RNMobile] Initial HTML E2E test WordPress/gutenberg#26405 from storybookjs/norbert/fix-esbuild-version
• 9c2d525 fix the esbuild compatibility versions ranges
• 973fa2d Merge pull request Pick.Hmkoreas.com WordPress/gutenberg#26398 from storybookjs/docs_fix_tables

See the full diff

Package name: uglify-js

The new version differs by 121 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (Used TreeSelect in HierarchicalTermSelector. WordPress/gutenberg#5160)
• eb93d92 fix corner case in `awaits` (Improve Slash command search prioritiziation WordPress/gutenberg#5158)
• a0250ec fix corner case in `dead_code` (Cannot resize image galleries WordPress/gutenberg#5154)
• 2580162 parse `let` as symbol names correctly (Tests: Improve string cast render test WordPress/gutenberg#5151)
• 32ae994 fix issues in tests flagged by LGTM (Add my_ prefix to callback function for registering post type WordPress/gutenberg#5150)
• 03aec89 fix corner cases in `strings` & `templates` (Link Target Attributes WordPress/gutenberg#5147)
• faf0190 document ECMAScript quirks (Updated React's official Website's link WordPress/gutenberg#5148)
• c8b0f68 fix corner case in `merge_vars` (Gallery BLock: Backspace/delete removes the selected image in a gallery block WordPress/gutenberg#5143)
• 87b9916 fix corner case in `inline` (Framework: Support nested templates WordPress/gutenberg#5141)
• 940887f fix corner case in `evaluate` (Nested blocks: Show the side inserter on empty paragraphs WordPress/gutenberg#5139)
• 0b2573c fix corner case in `templates` (Framework: Support registering and invoking actions in the data module WordPress/gutenberg#5137)
• 1575210 avoid potential RegExp denial-of-service ( Fixed a bug in paragraph affecting content writing when block is left/right aligned. WordPress/gutenberg#5135)
• f766bab enhance `templates` (Impossible to tell number of columns in a Columns block just by looking at it WordPress/gutenberg#5131)
• 436a293 enhance `dead_code` (Increasing number of columns causes them to overlap WordPress/gutenberg#5130)
• 55418fd fix corner case in `rests` (Heading section should be visible while clicking through Document Outline (Content Structure) WordPress/gutenberg#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (Requirement: Classic Text block WordPress/gutenberg#5123)
• c3aef23 fix corner case in `reduce_vars` (Saved blocks preview: consider to make it available to keyboard users WordPress/gutenberg#5121)
• db94d21 fix corner case in `side_effects` (wp.utils.WordCounter is not a constructor WordPress/gutenberg#5118)
• 9634a9d fix corner cases in `optional_chains` (Blocks: Avoid autofocus behavior for blocks without focusable elements WordPress/gutenberg#5110)
• befb99b fix corner case in `inline` (Can't add different blocks to columns WordPress/gutenberg#5115)
• 02eb8ba fix corner case in `collapse_vars` (How to add blocks is not obvious enough and only getting worse. WordPress/gutenberg#5113)
• c09f63a fix corner case in `rests` (Fixed gallery link attribute selector. WordPress/gutenberg#5109)

See the full diff

Package name: webdriverio

The new version differs by 250 commits.

• b00f506 v8.33.0
• 915f780 [browserstack-service] Add Funnel Data instrumentation [v8] (Add e2e test for simple keyboard navigation through blocks WordPress/gutenberg#12392)
• ad93e91 (webdriver): fix custom request error message override (Keep the cursor position in the Classic Block WordPress/gutenberg#12393)
• 57327cd (webdriver): improve error stack for failing bidi commands (Fix: Image that is uploaded to an existing gallery does not appear in the edit gallery view WordPress/gutenberg#12435)
• ed2bd48 (webdriver): don't retry 'move target out of bounds' errors - fixes Data: Avoid responding to componentDidUpdate in withDispatch WordPress/gutenberg#11866
• bbbbece (feat): enable chromium protocol for edge (RangeControl: add solid color to left side of track WordPress/gutenberg#12432)
• 8a9e2fa Bump nock from 13.5.3 to 13.5.4 (Quick Draft from dashboard does not work WordPress/gutenberg#12404)
• 4f110af Bump @ aws-sdk/client-cloudfront from 3.515.0 to 3.525.0 (fix(synchronizeBlocksWithTemplate): Fix, merge template attributes on update WordPress/gutenberg#12406)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Apr 22, 2024 3:17pm
gutenberg-wd9x	❌ Failed (Inspect)			Apr 22, 2024 3:17pm

[guardrails]

⚠️ We detected 11 security issues in this pull request:

Vulnerable Libraries (11)

Severity	Details
High	pkg:npm/@storybook/react-webpack5@7.2.2 (t) upgrade to: > 7.2.2
High	pkg:npm/@octokit/rest@16.26.0 (t) upgrade to: > 16.26.0
High	pkg:npm/lint-staged@10.0.1 (t) upgrade to: > 10.0.1
Critical	pkg:npm/lerna@7.1.4 (t) upgrade to: > 7.1.4
Medium	pkg:npm/postcss@8.4.16 (t) upgrade to: 8.4.31
High	pkg:npm/appium@2.0.0 (t) upgrade to: > 2.0.0
Critical	pkg:npm/webdriverio@8.16.20 (t) upgrade to: > 8.16.20
Critical	pkg:npm/simple-git@3.5.0 (t) upgrade to: 3.16.0
High	pkg:npm/@storybook/addon-docs@7.2.2 (t) upgrade to: > 7.2.2
Critical	pkg:npm/react-native@0.71.15 (t) upgrade to: > 0.71.15
High	pkg:npm/node-fetch@2.6.1 (t) upgrade to: 3.1.1,2.6.7

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.