[Snyk] Fix for 20 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-APOLLOSERVERCORE-2928764	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	476/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.1	Cross-site Scripting (XSS) SNYK-JS-DATATABLESNET-1540544	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-IMMER-1540542	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767167	No	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767175	No	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-1767767	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-JQUERYUI-2946728	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-2840635	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JQUERYVALIDATION-2940620	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	594/1000 Why? Has a fix available, CVSS 7.6	Remote Code Execution (RCE) SNYK-JS-VUECLI-1731684	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 05070ca v6.5.0
• 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
• ca93284 6.5.0 changelog
• ff28cd9 6.5.0-rc.1 next.json version file
• 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
• 3f09d4e v6.5.0-rc.1
• 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
• 4b50e28 6.5.0-rc.1 changelog
• 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
• 95a5c80 move nextjs detection up
• 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
• 2948cae ArgsTable: Gracefully handle conditional args failures
• f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
• 73cf6ba adds MDX 2 docs and gotchas
• 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
• fef1a32 Fixes broken links
• 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
• ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
• 9583cea remove repeated test
• 1b396fd 6.5.0-rc.0 next.json version file
• 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
• c27fd9e v6.5.0-rc.0
• b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
• 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

See the full diff

Package name: @storybook/vue

The new version differs by 250 commits.

• 05070ca v6.5.0
• 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
• ca93284 6.5.0 changelog
• ff28cd9 6.5.0-rc.1 next.json version file
• 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
• 3f09d4e v6.5.0-rc.1
• 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
• 4b50e28 6.5.0-rc.1 changelog
• 0a6e347 Merge pull request #18220 from storybookjs/improve/detection-webpack5
• 95a5c80 move nextjs detection up
• 152e441 Merge pull request #18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
• 2948cae ArgsTable: Gracefully handle conditional args failures
• f837e31 Merge pull request #18246 from storybookjs/chore_docs_adds_mdx2_steps
• 73cf6ba adds MDX 2 docs and gotchas
• 64b07fe Merge pull request #18244 from storybookjs/chore_docs_cleanup_broken_links
• fef1a32 Fixes broken links
• 82ce9de Merge pull request #18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
• ebf9341 Merge pull request #18038 from bisubus/fix-vue3-tsx
• 9583cea remove repeated test
• 1b396fd 6.5.0-rc.0 next.json version file
• 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
• c27fd9e v6.5.0-rc.0
• b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
• 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

See the full diff

Package name: @vue/cli

The new version differs by 250 commits.

• 92d80a8 v5.0.1
• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Fix assert statements in DB unit tests internetarchive/openlibrary#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (fix text selection for selectable items internetarchive/openlibrary#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Create check-in on reading log add internetarchive/openlibrary#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Update authors.html internetarchive/openlibrary#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (ol-www0 anonymized IP metrics tools require upgrade internetarchive/openlibrary#6964)
• a2b6409 feat: add build stats hash support (Author not added to work if neither the pop-up author name, nor "Create a new record for" is selected on /books/add internetarchive/openlibrary#6980)

See the full diff

Package name: @vue/cli-service

The new version differs by 250 commits.

• 92d80a8 v5.0.1
• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Fix assert statements in DB unit tests internetarchive/openlibrary#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (fix text selection for selectable items internetarchive/openlibrary#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Create check-in on reading log add internetarchive/openlibrary#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Update authors.html internetarchive/openlibrary#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (ol-www0 anonymized IP metrics tools require upgrade internetarchive/openlibrary#6964)
• a2b6409 feat: add build stats hash support (Author not added to work if neither the pop-up author name, nor "Create a new record for" is selected on /books/add internetarchive/openlibrary#6980)

See the full diff

Package name: datatables.net-dt

The new version differs by 65 commits.

• d432cc3 Sync tag release - 1.11.0
• 1ffa75a a6ece4b2200e305b761f1ba2a893d8bcc5c5cb52 Fix: Language information being loaded in might not take into account the thousands and decimal separator options if using camelCase style
• a22b728 2fbd02e4f168a5b5a4f5e9a7a935230ffc694e05 Readme: Update package manager section
• 2e24d8c 82e29b70c11f82a33c180362fcb7680f6032a624
• 5c96990 Include types in package.json and correct folder
• 567b229 90d756c563582681fce93859952654d814bf1414 Update: Remove `zoom` hacks for IE6
• 3adece4 c786a08db6bf6a8cd9b9da1707bc0f776b380483 Fix: CSS for nested DataTable in a scrolling DataTable would have its sorting icons removed
• 71a2063 bff756573cff460d180af024046fa12173335650 Example: Add a search-side processing example for `-init search.return`.
• 8511e80 92eec59cf594ce7aadba5945031e2442c2086136 DEV tweaks to enter key example
• 0d48635 b732d779fe8861e16fabf41e83c2b5d7ade6e2b2 new: New initialisation option for search on return.
• 0cf6f84 f49883e2fd683142fe688f5670908a443d52c856 Fix: Rather than using Bootstrap 5's default row striping (which is 2n+1 based) we need to use the .odd selector to account for injected rows (child rows, rowgroup, etc).
• f41acf3 2c9940c023915984f5325b051af6748a887a8431 DEV tweaks to fuzzy search example
• 6a45873 2bef3655d1427404e06a18720ac380ce989dc9b8 new: New example for fuzzySearch - won't work until js file is added to cdn
• 53d4753 99456a13f37aa243e85d008869439d75f3a4c626 Types: Fix for old style `$().dataTable()` init
• 016639f e1c071b8e2b3e4ce6d3e508f4851c3a2c8ee9744 Types: Fix jQuery definitions
• 85d24e9 6cd6387e6a0c32c3c83f3a91c34ae3eda4cc5fcb Types: Typing for selectors and passing around the data type more
• 2fb0254 4d9ddb4ac48674f01c432d0488e1884db5308d69 Types: Row data type information can be passed around now
• 2331ac7 95508a92b2a5c638afbee859e774cd57dab7e135 Docs: Fix names of new static get/set methods
• 500443f d34661c11a58978b17afdc27bea78acfc5458444 Fix: Remove superflous aria roles
• ae133c6 bf1f0eb31dfdc5b9790c597b8c63bf4876d9c03f Docs: Add Bootstrap 5 to `-init dom`
• ef71e30 b5287626fe86319a25e1182ddddf8adf17ed7096 Fix: Scrollbar was showing on tables which had a border on the table
• 86daddb 0c7ee29e8de948282be59f640be0d7214c184cfa TEST updated tests for DD02036
• 5dc2f4f 01128f168f9b2112ea9e565bef0a67d3afcfc1d4 fix: Make requestChild event run before initComplete
• f761e80 aef9c8080d64820cf72b1fe957e36bff8688df5f fix: Fix mistake in docs by removing a third parameter documented in requestChild event that does not exist

See the full diff

Package name: jquery-ui

The new version differs by 160 commits.

• d6c028c 1.13.2
• 8cc5bae Checkboxradio: Don't re-evaluate text labels as HTML
• b53e7be All: Remove deprecated .click() usage in demos/tests
• bb00536 Build: Update AUTHORS.txt
• 9d1fc97 Datepicker: Capitalize some Indonesian words
• 1f467ba Selectmenu: Remove a call to the deprecated .focus() method
• ac1866f Build: Update AUTHORS.txt
• 395aa7d Datepicker: Add missing localization for prevText and nextText
• 218c6af Datepicker: Remove symbols in localization
• 3126e12 Datepicker: Remove symbols in localization
• e853971 Build(deps): Bump actions/checkout from 2 to 3
• d55645c Build(deps): Bump actions/cache from 2 to 3
• a4060a2 Build(deps): Bump actions/setup-node from 1 to 3
• d66fdd5 Build: Add dependabot.yml config (GitHub Actions)
• 50d35e6 Build: Update Grunt to resolve CVE-2022-1537
• e21a254 Build: Include all the files published to the CDN in npm/Bower packages
• 54074fc Build: Updating the main version to 1.13.2-pre.
• d2779bd Build: Update some npm dependencies
• 0c5becc Widget: Optimize attachment of the _untrackClassesElement listener
• 4a7cec3 Build: Add Felix to .mailmap, update AUTHORS.txt
• 933ce5d Autocomplete: Rewrite with a delay instead of appending the live region
• e90096e Build: Add extra Github action job for PR required checks configuration
• e0a78d4 Build: Switch from Travis to GitHub actions
• ed637b0 Widget: Make contextless widget construction work

See the full diff

Package name: jquery-validation

The new version differs by 21 commits.

• 5907740 1.19.5
• 5bbd80d Merge pull request from GHSA-ffmh-x56j-9rc3
• 3d3c1fb Chore: Add CodeQL analysis
• 0da4906 Core: fix deprecated jquery .submit() event shorthand (Show the language availability of a book when clicked on or have a translator internetarchive/openlibrary#2430)
• 1b79877 Localization: Add periods to messages (corrects avatar for public reading log + works for logged out user internetarchive/openlibrary#2266)
• b68e282 Chore: update changelog
• 3a4cd94 Build: Updating the master version to 1.19.5-pre.
• 91d2098 Build: update release steps
• 69cb17e Core: fix ReDoS vulnerability in url2 (fixing js lint issues internetarchive/openlibrary#2428)
• aa5bcdc Chore: update issue templates
• 350f6ae Core: fix validation for input type="date" (Code splitting: Separate graphs.js from the main entry point internetarchive/openlibrary#2360)
• 7828568 Gruntfile.js: add LICENSE.md to zip tarball (Auto-generate comments for edits w/ missing comments  internetarchive/openlibrary#2386)
• 3688078 Chore: switch to stale bot github action (Refresh the git submodule ./vendor/acs4_py in Travis CI internetarchive/openlibrary#2425)
• f8b0b53 README: update build status badge (refresh the git submodules in ./vendor internetarchive/openlibrary#2424)
• 25293cc Test: Switch from Travis to GitHub workflows (WIP: Taking jQuery UI off the critical path internetarchive/openlibrary#2423)
• 900a90b Core: fix code style (Create canonical method to get ASIN from Edition model internetarchive/openlibrary#2422)
• eb88df0 Core: wait for pendingRequests to finish before submitting form (Downloaded Database Dump JSON data format conversion failures internetarchive/openlibrary#2369)
• 31ea8ff Fixed bug for Html Editor(summernote) (Remove --monkeypatch solrupdater opts internetarchive/openlibrary#2154)
• df89cf0 Create SECURITY.md
• bda9a58 Build: added CVE-2021-21252 reference
• 322a575 Build: Updating the master version to 1.19.4-pre.

See the full diff

Package name: stylelint

The new version differs by 219 commits.

• 060310c 14.0.0
• ff4a1ef Prepare CHANGELOG
• 8d2f6e1 Bump postcss ("Unable to connect to infobase server" internetarchive/openlibrary#5619)
• f552608 Merge pull request Search Inside results do not display when result is only one item internetarchive/openlibrary#5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
• 7ed17ad Bump husky from 7.0.2 to 7.0.4
• 4d9f75e Merge pull request Allow bot changes to be indexed internetarchive/openlibrary#5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
• bc9dd0b Bump jest from 27.2.5 to 27.3.1
• 82e2507 Merge pull request added license info at bottom of form internetarchive/openlibrary#5604 from stylelint/v14
• 16d259f Update CHANGELOG.md
• 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (Hyphenated/spaced user names in url breaks list functionality internetarchive/openlibrary#5613)
• 8dca498 Show more info in missing customSyntax warning (Bump core-js from 3.16.0 to 3.16.4 internetarchive/openlibrary#5611)
• 2eee0a9 Remove v14 CI triggers (Bump workbox-webpack-plugin from 6.1.5 to 6.2.4 internetarchive/openlibrary#5610)
• 12f8081 14.0.0-0
• 5dd7ec1 Prepare 14.0.0
• 67313a3 Add support for `extends` in `overrides` config (Matrix to Slack bridge internetarchive/openlibrary#5603)
• b6fd2fc Document no need for postcss-html maintainer (Bundlesize bump internetarchive/openlibrary#5602)
• bf28025 Recommend using shared configs (Stop MARC counting as mIRC script on github internetarchive/openlibrary#5598)
• 07118d6 Update CHANGELOG.md
• 367142a Change `ignoreFiles` to be extendable (Send IA Swag packs to OL fellows internetarchive/openlibrary#5596)
• 1b4162f Fix conflicts in dependabot
• 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (Bump webpack-cli from 4.7.0 to 4.8.0 internetarchive/openlibrary#5601)
• 1f32094 Bump typescript from 4.4.3 to 4.4.4 (Import DNB ids from MARC records internetarchive/openlibrary#5599)
• 88b9575 Revise contributors section of README (Add book form does not have disclaimer. internetarchive/openlibrary#5585)
• e38da70 Use problem rather than violation in docs and types (Bump internetarchive from 2.0.2 to 2.1.0 internetarchive/openlibrary#5592)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Arbitrary Code Injection
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn