[Snyk] Fix for 31 vulnerabilities

[urvi-occ]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Request Forgery (CSRF) SNYK-JS-APOLLOSERVER-3043107	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Information Exposure SNYK-JS-APOLLOSERVERCORE-5876618	No	No Known Exploit
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-DSET-2330881	No	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-IMPORTINTHEMIDDLE-5826054	No	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-PROTOBUFJS-2441248	No	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-PROTOBUFJS-5756498	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Improper Certificate Validation SNYK-JS-UNDICI-2928996	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	CRLF Injection SNYK-JS-UNDICI-2953389	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Information Exposure SNYK-JS-UNDICI-2957529	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	CRLF Injection SNYK-JS-UNDICI-2980276	No	No Known Exploit
	534/1000 Why? Has a fix available, CVSS 6.4	Server-side Request Forgery (SSRF) SNYK-JS-UNDICI-2980286	No	No Known Exploit
	551/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.6	CRLF Injection SNYK-JS-UNDICI-3323844	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845	No	Proof of Concept
	409/1000 Why? Has a fix available, CVSS 3.9	Information Exposure SNYK-JS-UNDICI-5962466	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @gen3/guppy

The new version differs by 60 commits.

• f1431d1 MIDRC-390 fix separate fields (Feat/ndh2 uc-cdis/data-portal#234)
• 7ee2eaa update apollo server and graphql (Fix/logging uc-cdis/data-portal#226)
• 5dd094e update react (fix(getSchema): use http agent for http://revproxy uc-cdis/data-portal#225)
• 88c3e36 update a handfull of dependencies and add some css to make table data look better (api key deletion was successful but portal pop up empty error message uc-cdis/data-portal#224)
• 01fec3d Remove core-js (fix(hostname): internal useage for openstack uc-cdis/data-portal#216)
• 4811ddf update storybook table to antd table from unsupported react-table (polish data portal for NHLBI uc-cdis/data-portal#222)
• 94a0c85 update eslint and fix formating errors (fix(login): better handle new empty commons uc-cdis/data-portal#223)
• a53a35a update a bunch of dev dependencies (Fix logging so its the user's IP not previous proxy IP uc-cdis/data-portal#221)
• f7e4ec2 update helmet to 7 (fix(shib): add shibbleth configuration uc-cdis/data-portal#220)
• f2172cc update node to 16 (Feat/config uc-cdis/data-portal#219)
• 1711ac3 fix: upgrade multiple dependencies with Snyk (chore(gtex): Add new GTEx commons uc-cdis/data-portal#196)
• 1622d79 fix: upgrade @ babel/runtime-corejs3 from 7.21.5 to 7.22.3 (Chore/router upgrade uc-cdis/data-portal#197)
• c1f4352 chore(deps): bump glob-parent and @ storybook/react (graph node's weight should be the max of all paths uc-cdis/data-portal#195)
• c8833be fix: upgrade node-fetch from 2.6.10 to 2.6.11 (tweak submission result to collapse 'full response' on error uc-cdis/data-portal#193)
• 8f39616 fix: upgrade multiple dependencies with Snyk (Fix/submit style uc-cdis/data-portal#194)
• 2257a22 upgrade @ gen3/ui-component to update dependencies (update keypair page for jwt tokens uc-cdis/data-portal#192)
• f2f91f3 fix: upgrade node-fetch from 2.6.9 to 2.6.10 (dictionary and api version only get updated to the footer after a while... uc-cdis/data-portal#191)
• 80eb79b fix: upgrade core-js from 3.30.1 to 3.30.2 (fix(Dictionary): tolerate , in enum props uc-cdis/data-portal#190)
• 3edeb3b fix: upgrade @ babel/core from 7.21.5 to 7.21.8 (Add Logos uc-cdis/data-portal#189)
• 66b7193 fix: upgrade @ babel/runtime-corejs3 from 7.21.0 to 7.21.5 (Feat/dict version uc-cdis/data-portal#188)
• 7dfa3d8 fix: upgrade multiple dependencies with Snyk (Feat/dict version uc-cdis/data-portal#187)
• a641ce4 (PXP-9147): add Count support to guppy connectedFilter and fix bugs (fix(align): fix align right file size uc-cdis/data-portal#180)
• 62de272 fix: upgrade eslint-plugin-jsx-a11y from 6.7.0 to 6.7.1 (Feat/dict version uc-cdis/data-portal#186)
• acf886e fix: upgrade multiple dependencies with Snyk (PXD-363 ⁃ style tiles should be configurable uc-cdis/data-portal#185)

See the full diff

Package name: @gen3/ui-component

The new version differs by 3 commits.

• 0a1ba05 chore(deps-dev): bump minimist from 1.2.5 to 1.2.6 ([Snyk] Fix for 1 vulnerabilities #108)
• 605035c fix: update stylelint to 14 ([Snyk] Security upgrade nunjucks from 3.2.3 to 3.2.4 #107)
• b8e8ac8 Update dependencies to patch FedRAMP vulnerabilities ([Snyk] Security upgrade npm from 6.14.13 to 7.21.0 #106)

See the full diff

Package name: @storybook/addon-actions

The new version differs by 250 commits.

• e89e51a v6.1.0
• d004d19 Update root, peer deps, version.ts/json to 6.1.0
• 1d07f01 6.1.0 changelog
• 178e9bd 6.1.0-rc.6 next.json version file
• 971eccd Update git head to 6.1.0-rc.6
• 9009e53 v6.1.0-rc.6
• eaceece Update root, peer deps, version.ts/json to 6.1.0-rc.6
• 5c0049b 6.1.0-rc.6 changelog
• 76d53b5 Merge pull request #13165 from storybookjs/13156-fix-cached-manager
• 4747fea Merge pull request #12845 from Tomastomaslol/12324_zoom_buttons_in_docs_do_not_work
• 74693f4 Drop the cache prop from managerConfig to make caching work on the 2nd run.
• 428b6e0 6.1.0-rc.5 next.json version file
• a72852d Update git head to 6.1.0-rc.5
• a8822ed v6.1.0-rc.5
• 6deb946 Update root, peer deps, version.ts/json to 6.1.0-rc.5
• 06b55c8 update 6.1-rc.5
• 875b933 Merge branch 'next' of github.com:storybookjs/storybook into next
• f701930 Merge pull request #13141 from ThibaudAV/update-angular-ex
• c8a819d Merge pull request #13162 from S1ngS1ng/patch-1
• cd7766e 6.1.0-rc.5 changelog addition
• 45ddc0c Merge pull request #13159 from storybookjs/12386-ie11-layout-centered
• f2123da 6.1.0-rc.5 changelog
• 30c5e98 fix incorrect component reference
• f6d4f0a Merge pull request #13155 from storybookjs/feature/sidebarClassNames

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 05070ca v6.5.0
• 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
• ca93284 6.5.0 changelog
• ff28cd9 6.5.0-rc.1 next.json version file
• 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
• 3f09d4e v6.5.0-rc.1
• 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
• 4b50e28 6.5.0-rc.1 changelog
• 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
• 95a5c80 move nextjs detection up
• 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
• 2948cae ArgsTable: Gracefully handle conditional args failures
• f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
• 73cf6ba adds MDX 2 docs and gotchas
• 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
• fef1a32 Fixes broken links
• 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
• ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
• 9583cea remove repeated test
• 1b396fd 6.5.0-rc.0 next.json version file
• 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
• c27fd9e v6.5.0-rc.0
• b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
• 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Request Forgery (CSRF)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn