[Snyk] Fix for 15 vulnerabilities

[matrix-compute]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 823, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0107, Social Trends: No, Days since published: 1065, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 14, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00094, Social Trends: No, Days since published: 381, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	No	No Known Exploit
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00248, Social Trends: No, Days since published: 405, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	No	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00164, Social Trends: No, Days since published: 401, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	No	No Known Exploit
	104/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00137, Social Trends: No, Days since published: 695, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	49/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 74, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	46/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 776, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.92, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	Yes	No Known Exploit
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 176, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	160/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1142, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.66, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 668, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	276/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00267, Social Trends: No, Days since published: 155, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.81, Score Version: V5	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	No	Proof of Concept
	276/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0024, Social Trends: No, Days since published: 155, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.81, Score Version: V5	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	No	Proof of Concept
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2270, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 51608c8 Bump version from "7.1.0-rc.2" to "7.1.0" [skip ci]
• 99088fd Merge pull request How to insert newline in table cell apache/superset#23473 from storybookjs/version-prerelease-from-7.1.0-rc.2
• 9e8912c Update CHANGELOG.md [skip ci]
• 7862f9e Write changelog for 7.1.0
• 80edfa4 Merge pull request fix: Preserves selected scopes when toggling between scope types apache/superset#23475 from storybookjs/fix/lint-issue
• 027ef0c remove unused import
• fa8c5f6 Merge pull request margin setting for legend in mixed chart is not working apache/superset#23472 from storybookjs/fix/improve-svelte-error
• 29a1103 move error message from log to error
• 4c371e0 Merge pull request fix: broken helm chart ingress apache/superset#23471 from storybookjs/update-pr-template
• 1161323 Update PULL_REQUEST_TEMPLATE.md
• fdd07b7 fix typo
• 36935e9 Restore prerelease changelogs before 7.1.0-alpha.30
• 3531eb3 Merge pull request fix: refuse to start with default secret on non debug envs apache/superset#23186 from re-taro/fix/jsdoc
• 9f9070d Merge pull request fix(sankey): Return the exact faulty link instead of root apache/superset#23444 from storybookjs/chore_docs_adds_mdx_video_callout
• f88a170 Merge branch 'next' into chore_docs_adds_mdx_video_callout
• 6c733aa Merge pull request feat: add ability to disable cache apache/superset#23439 from storybookjs/chore_docs_autodocs_toc
• 2035c5f Addressing feedback
• 59c3af4 Adds MDX video callout
• cfcb363 Merge pull request Load custom fonts in Superset apache/superset#23442 from storybookjs/chore_docs_web_snippets_fix
• 950218f Fixes autodocs webcomponents snippets
• e7479e7 Bump version from "7.1.0-rc.1" to "7.1.0-rc.2" [skip ci]
• c1b4e2e Merge pull request fix: prevent ForeignKeyViolation error on delete apache/superset#23414 from storybookjs/version-prerelease-from-7.1.0-rc.1
• 4124e95 Write changelog for 7.1.0-rc.2
• 15f6768 Adds TOC documentation

See the full diff

Package name: @storybook/builder-webpack5

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: babel-jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (test: removed unicode_test example from unit tests apache/superset#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (SQL init sentences per session as part of the Sources->Databases configuration apache/superset#11441)
• 2226742 chore: minor simplify format results error (feat: annotation layers CRUD list view apache/superset#11432)
• 78eb25d chore: remove needless assign (build: disable pr reviews for pr-lint action apache/superset#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (fix: is_temporal should be overridden by is_dttm value apache/superset#11429)
• 27bee72 fix: run GC before collecting open handles (fix: add schema name to datasource field in chart list apache/superset#11278)
• 50451df feat: use fallback if prettier not found (fix: long labels now truncate with ellipsis apache/superset#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (fix: Explore popovers issues apache/superset#11428)
• 9633a26 feat: support reporters written in ESM (fix: moved inline inputs styles to component's less file apache/superset#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (More owners toggle in CRUD view renders with extra ellipsis apache/superset#11263)
• 57e32e9 Detect open handles with done callbacks (fix: better error messages for dashboard properties modal apache/superset#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (docs: fix 'npm run build' + run 'npm audit fix' apache/superset#10995)
• 4fa3a0b feat: custom haste (fix: Disabling timezone of dataframe before passing Prophet apache/superset#11107)
• 2047a36 chore: bump deps (Apply button gets pushed out of filter box when the filter box is small with too many filter values selected  apache/superset#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (feat: Excel file export apache/superset#9924)
• db643a1 Link to Jest config (Issue while using Forecasting  apache/superset#11106)
• b16082c Fix locale issue fix: bump pydruid to 0.6.0 apache/superset#10014 (fix: multiple issues with FilterPopover apache/superset#11412)

See the full diff

Package name: eslint-import-resolver-typescript

The new version differs by 13 commits.

• 6683854 chore(release): 3.0.0
• 67c8d59 feat!: remove depracated directory option
• 93339ca refactor: workaround for https://github.com/Reproduce baseUrl + .js extension with .ts source privatenumber/get-tsconfig#19
• 78a08e0 feat!: use get-tsconfig to replace tsconfig-paths
• 322cb29 feat!: bump globby, use synckit for sync fn
• 1e1b5a6 feat: ignore `node_modules` folder in `projects` option glob ([Snyk] Security upgrade sqlparse from 0.4.4 to 0.5.0 #105)
• b2edbc8 chore(deps)!: bump tsconfig-paths to ^4.0.0 ([Snyk] Security upgrade swagger-ui-react from 4.1.3 to 5.12.2 #104)
• 1bc9f42 chore(release): 2.7.1
• 664465f fix: per package.json warning ([Snyk] Security upgrade holidays from 0.27.1 to 0.45 #101)
• 9ec18d7 chore(release): 2.7.0
• 1e39028 feat: support `.cjs` `.mjs` `.cts` `.mts` extensions (build(deps): bump express and @applitools/eyes-storybook in /superset-frontend #84)
• 4487788 chore(release): 2.6.0
• 2e7b4f4 fix: upgrade (dev)Dependencies ([Snyk] Security upgrade eslint from 7.32.0 to 9.0.0 #99)

See the full diff

Package name: fork-ts-checker-webpack-plugin

The new version differs by 32 commits.

• 6d7f64f fix: remove console.log in getInfrastructureLogger
• fc928f4 Release v7.0.0 (Adding an option to make separators in dashboard apache/superset#699)
• 954385e refactor: upgrade project dependencies (Tutorials apache/superset#698)
• c358dfb Merge pull request Adding new visualizations apache/superset#697 from TypeStrong/feature/merge-main-into-alpha
• 050cdae Merge branch 'main' of github.com:TypeStrong/fork-ts-checker-webpack-plugin into alpha
• 03abe7b docs: add plugin logo (Adding in Second and Minute time grains for MySQL apache/superset#696)
• 4b13fd3 feat: simplify logger options (Druid : Datasource Link throws sqlalchemy.exc.OperationalError apache/superset#695)
• 39ebae6 refactor: rename files to match convention (druid apache/superset#693)
• f7dfdcf feat: migrate from reporters to workers (Smarter redirect on slice creation apache/superset#691)
• 61f7cdf feat: implement write-dts mode (Flask-AppBuilder has upgraded to 1.8.0 apache/superset#679)
• b1c0d9a revert: "fix: support "setup" attribute in <script> tag in vue 3 (Showing only dashboards on welcome page apache/superset#676)" ("Add Slices" modal on dashboard page apache/superset#678)
• 40e4ecf fix: support "setup" attribute in <script> tag in vue 3 (Showing only dashboards on welcome page apache/superset#676)
• a0ad06f refactor: add eslint rules to enforce import order (Can you publish a new version to PyPI? apache/superset#671)
• 871bfe8 fix: require typescript@^3.8.0 for build: true mode (Reintroducing showControls as an option apache/superset#672)
• 551f2fb feat: add support for eslint 8 (A cleaner right side of the navbar with a Github link apache/superset#666)
• e9a4e8d revert: support "setup" attribute in <script> tag in vue 3 (Fixing the examples's dashboard positioning apache/superset#667)
• 2cfe45f fix: support "setup" attribute in <script> tag in vue 3 (Fixing the examples's dashboard positioning apache/superset#667)
• 34ebcd8 fix: add missing peer dependencies (Only owners can update their slice and dashboard objects apache/superset#507)
• 14c2d23 chore(deps): bump tmpl from 1.0.4 to 1.0.5 (Support IATA airport code to display cities on the world map? apache/superset#656)
• ad466df feat: port changes from main branch (Add impyla to recommended packages for Impala apache/superset#649)
• 82e8448 feat: remove support for TypeScript < 3.6.0 (Installing on fedora, vanilla environment , failing at cryptography  apache/superset#643)
• 6ffbbed chore: upgrade dev dependencies
• 59a1b29 feat: drop support for node 10
• 27a7c14 chore: remove unused dependencies

See the full diff

Package name: jest

The new version differs by 250 commits.

• 75006e4 v29.0.0
• 7c82a9f chore: update jest-watch-typeahead again
• 352ff29 chore: update changelog for release
• 33ad8c3 docs: Jest 29 blog post (Dashboard / Charts not loading (first time after login, every login) in superset #supersetissues #superset apache/superset#13103)
• dda77e5 docs: collapse 28.0 and 28.1 docs (chore: update docs for new alerts and reporting feature apache/superset#13104)
• c0dc84c chore: update jest-watch-typeahead
• 05f6217 fix: support deep CJS re-exports when using ESM (fix legend sunburst  apache/superset#13170)
• 490fd88 chore: update yarn (Database error apache/superset#13169)
• 98936a2 docs: Update Enzyme links to use new URL (#13166)
• 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` ([settings] List Users-> Filter changed by can be set with empty value apache/superset#12443)
• ae2bed7 chore: tweak regex used in e2e tests (fix: healthcheck for docker compose apache/superset#13129)
• 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (2 TIme Column Filter for Superset Apache apache/superset#13115)
• fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (fix(wip): Changes to support presto impersionation with ldap apache/superset#13156)
• 075b489 fix: ignore `EISDIR` when resolving symlinks (fix(alerts&reports): Alerts & Reports will use values from WEBDRIVER_WINDOW option apache/superset#13157)
• 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` ([explore] BigQuery DatabaseError surfaced as UnknownError with bad formatting  apache/superset#13155)
• 4def94b v29.0.0-alpha.6
• 0f00d4e fix: replace non-CLI `rimraf` usage (Issue in sql Editor on trying to run query or selecting table in SQL LAB apache/superset#13151)
• 6a90a2c fix: Allow updating inline snapshots when test includes JSX (fix: session error fixed related to thumbnails. apache/superset#12760)
• 983274a feat: Let `babel` find config when updating inline snapshots (feat(alerts): apply SQL limit to all alerts apache/superset#13150)
• d2ff18a chore: make prettierPath optional in `SnapshotState` (chore: change test environment to jsdom apache/superset#13149)
• 7d8d01c feat(circus): added each to failing tests (refactor: remove deprecated field from frontend usage apache/superset#13142)
• a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (fix: handle lack of dynamic plugins apache/superset#13141)
• 79b5e41 chore: get rid of peer dep warning in website
• 812763d chore: enable 'no-duplicate-imports' (fix(chart-data-api): support numeric temporal columns apache/superset#13138)

See the full diff

Package name: lerna

The new version differs by 51 commits.

• 3900fe9 chore(misc): publish 7.0.0
• ede2a31 chore: merge pull request Update messages.json apache/superset#3716 from lerna/v7
• 405cfe3 chore: docs
• 63180d0 chore: fix tests after merge commit
• 40f5226 Merge branch 'main' into v7
• 7307520 chore: release v7.0.0-alpha.8
• 5095b04 chore: deps updates (Update messages.po apache/superset#3715)
• aca9efc chore: deps updates ([translate] finish and update Chinese translate file apache/superset#3714)
• 16df3e9 chore: deps updates ( [translation] added japanese support apache/superset#3713)
• 83f9a05 chore: remove unnecessary deps duplication between root and main pkg (Box Plot not showing X-axis values apache/superset#3712)
• ab5ecd3 chore: add missing deps in legacy-package-management
• 83b45d2 chore: docs updates
• e7e0489 chore: rework publish directory and assets (fix the slice permission issue after user click-edit new slice title apache/superset#3711)
• d326fd7 chore: release v7.0.0-alpha.7
• bb0ea3c chore: bump to latest nx
• 53e71e4 fix: share project data when nesting commands (Intall Superset same instance in different server apache/superset#3709)
• fd57e02 chore: release v7.0.0-alpha.6
• ce4b352 fix: improve github client missing env var error
• e82618b fix: daemon communication
• a6be819 chore: docs updates
• 52c11ed chore: restore command tests
• 647dbb5 fix: support nx 16.3.1+ (Timezone offset doesn't work for filtering and grouping in PgSQL apache/superset#3707)
• 59d7146 chore: fix init test (Show continuous timeline on x-axis for Time Series plots apache/superset#3708)
• b0c5cd3 chore: release 7.0.0-alpha.5

See the full diff

Package name: prettier-plugin-packagejson

The new version differs by 109 commits.

• 24f78da Merge pull request build(deps): bump es5-ext from 0.10.53 to 0.10.63 in /docs #63 from matzkoh/sort-package-json-v2
• 0dfc9f5 feat: bump sort-package-json to v2
• 319fc41 Merge pull request build(deps-dev): bump prettier from 3.0.3 to 3.2.5 in /superset-websocket #60 from matzkoh/renovate/lock-file-maintenance
• 96bcc5a chore(ci): fix job name
• 0b51b1a Merge pull request build(deps): bump ioredis and @types/ioredis in /superset-websocket #59 from matzkoh/renovate/prettier-2.8.x
• e626f3a Merge pull request build(deps-dev): bump @types/uuid from 9.0.7 to 9.0.8 in /superset-websocket #62 from matzkoh/matzkoh-patch-1
• 5a2cd3f chore(docs): Update badges
• 4939c56 chore(deps): lock file maintenance
• 4670c69 chore(deps): update dependency prettier to v2.8.3
• 3ec966d Merge pull request build(deps): bump ws from 8.15.0 to 8.16.0 in /superset-websocket #61 from matzkoh/github-actions
• f4ed996 chore(ci): migrate codecov action
• 9fe7b91 chore(ci): github actions
• af1ce60 chore(deps): lock file maintenance
• 78f4f4a chore(deps): lock file maintenance
• 01363e3 chore(deps): lock file maintenance
• 83035c8 chore(deps): lock file maintenance
• 4f57d65 chore(deps): update dependency prettier to v2.8.1
• 39d451c chore(deps): lock file maintenance
• 14d494e chore(deps): update dependency prettier to v2.8.0
• c8d2edc chore(deps): update dependency jest to v29.3.1
• 1e4bbd1 chore(deps): update dependency jest to v29.3.0
• b871760 chore(deps): lock file maintenance
• 0792548 chore(deps): update dependency jest to v29.2.2
• 93fbf08 chore(deps): update dependency jest to v29.2.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn