[Snyk] Fix for 13 vulnerabilities

[laxmanraparthi]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/package.json
  • superset-frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNCVALIDATOR-2311201	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-D3COLOR-1076592	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-DEEPOBJECTDIFF-3104594	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Sandbox Bypass SNYK-JS-WEBPACK-3358798	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 05070ca v6.5.0
• 88c6a62 Update root, peer deps, version.ts/json to 6.5.0 [ci skip]
• ca93284 6.5.0 changelog
• ff28cd9 6.5.0-rc.1 next.json version file
• 9e1f519 Update git head to 6.5.0-rc.1, update yarn.lock
• 3f09d4e v6.5.0-rc.1
• 82b7ac1 Update root, peer deps, version.ts/json to 6.5.0-rc.1 [ci skip]
• 4b50e28 6.5.0-rc.1 changelog
• 0a6e347 Merge pull request Save as dashboard with duplicating charts is not working after 1.4.0 upgrade apache/superset#18220 from storybookjs/improve/detection-webpack5
• 95a5c80 move nextjs detection up
• 152e441 Merge pull request Create role Programmatically in superset  apache/superset#18248 from storybookjs/18177-fix-conditional-args-fail-gracefully
• 2948cae ArgsTable: Gracefully handle conditional args failures
• f837e31 Merge pull request fix(listview): add nowrap to view mode container apache/superset#18246 from storybookjs/chore_docs_adds_mdx2_steps
• 73cf6ba adds MDX 2 docs and gotchas
• 64b07fe Merge pull request Support for user groups and assigning roles to them apart from derictly to users apache/superset#18244 from storybookjs/chore_docs_cleanup_broken_links
• fef1a32 Fixes broken links
• 82ce9de Merge pull request chore: add ci for docs-v2 apache/superset#18231 from Tomastomaslol/issue-18143-reset-button-broken-for-URL-values
• ebf9341 Merge pull request chore: change docs for docsv2 apache/superset#18038 from bisubus/fix-vue3-tsx
• 9583cea remove repeated test
• 1b396fd 6.5.0-rc.0 next.json version file
• 6cc69b5 Update git head to 6.5.0-rc.0, update yarn.lock
• c27fd9e v6.5.0-rc.0
• b56b1ce re add reset of args that was not set initially. Extend tests for onResetArgs
• 19ba77b Update root, peer deps, version.ts/json to 6.5.0-rc.0 [ci skip]

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: @svgr/webpack

The new version differs by 74 commits.

• af9a6cb v6.0.0
• e9469c3 Merge pull request Improvements to NVD3 charts (axis labels & min bar width) apache/superset#629 from gregberge/rewriting-docs
• eb3282b docs: rewriting
• 6f832f0 Merge pull request Pinning all dependencies to specific versions apache/superset#627 from gregberge/support-css-variables
• cbdb47f fix: support CSS variables
• 985444d chore: fix package-lock.json
• a5effba v6.0.0-alpha.4
• 3f071d6 Merge pull request Prevent the cannot-overwrite error message from being removed apache/superset#626 from gregberge/upgrade-deps
• daf6a08 chore(deps): upgrade
• 1c5f163 Merge pull request Redirect to druid datasource page when the user wants to add slice. Also, provide a link to the table page apache/superset#625 from gregberge/icon-size
• 483560d chore: fix package-lock.json
• 3c0b779 feat: allow to specify icon size
• 6ba16a3 Merge pull request Check ownership before a slice is deleted apache/superset#624 from gregberge/various-things
• f61c8ba chore: fix ref following refactoring
• 261e1b5 v6.0.0-alpha.3
• fe5c117 Merge pull request API for getting image apache/superset#623 from gregberge/webpack
• 9a4cbce docs(examples): update examples
• 1a8cc98 fix(webpack): fix webpack 5 behaviour with url-loader
• a857bb1 feat: support mask-type property (Update sql.js to fix a invalid error msg apache/superset#621)
• 5966714 fix(template): make it possible to use type in template (is it possible to have configurable intervals for fetching druid's segmentMetadata apache/superset#619)
• 9ea5da4 refactor(core): use exportName transform (make it possible to translate grains apache/superset#616)
• 8a1b0aa docs(readme): Fixing CRA link (minor correction on the right npm path apache/superset#618)
• 00a1d4b chore: fix package-lock.json
• f729efa v6.0.0-alpha.2

See the full diff

Package name: antd

The new version differs by 250 commits.

• 870b72a docs: 4.17.0 changelog (#32859)
• 3a5b6b8 chore(deps-dev): bump stylelint-config-standard from 23.0.0 to 24.0.0 (#32866)
• 7e2dc80 chore(.gitignore):add ignore for pnpm (#32860)
• 491cc4f fix: borderLeftRadius error for Input.Search #32808 (#32812)
• 958df3d docs: add demo for Input.Group (#32837)
• ce006bd docs: Version Robin (#32830)
• 3f495bb chore: Upgrade react router v6 (#32821)
• 43569b9 docs: update customize-theme-variable.zh-CN.md
• 7ed7c60 style: fix Tree icon align bug (#32822)
• 01887b4 fix: if breadcrumbRender return false, breadcrumb will hidden (#32738)
• 5f642cb fix: tag animation demo (#32804)
• 852a451 chore(Tag): update tween-one (#32800)
• 90aff3a docs: fix Spin API ts description (#32786)
• 8a3b5d9 fix: Form horizontal broken style when select item is too long (#32778)
• a73f4a3 docs: Fix the link in Table's API doc (#32779)
• ecc54dd fix: codepen demo error using hooks (#32766)
• cf15379 docs: add 4.17.0-alpha.10 changelog (#32775)
• f7380b7 chore(deps-dev): bump eslint-plugin-unicorn from 37.0.1 to 38.0.0 (#32765)
• b1ea2e4 fix: opening animation of the bottom drawer (#32761)
• 10a8578 fix: Spin tip can be react node (#32733)
• fa65cd3 chore(deps-dev): bump @ types/gtag.js from 0.0.7 to 0.0.8 (#32746)
• f88bd4d refactor: Move part mixins less to theme instead (#32763)
• 5360722 chore: update form demo
• ea52572 chore(💄): fix issue template

See the full diff

Package name: babel-jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (test: removed unicode_test example from unit tests apache/superset#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (SQL init sentences per session as part of the Sources->Databases configuration apache/superset#11441)
• 2226742 chore: minor simplify format results error (feat: annotation layers CRUD list view apache/superset#11432)
• 78eb25d chore: remove needless assign (build: disable pr reviews for pr-lint action apache/superset#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (fix: is_temporal should be overridden by is_dttm value apache/superset#11429)
• 27bee72 fix: run GC before collecting open handles (fix: add schema name to datasource field in chart list apache/superset#11278)
• 50451df feat: use fallback if prettier not found (fix: long labels now truncate with ellipsis apache/superset#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (fix: Explore popovers issues apache/superset#11428)
• 9633a26 feat: support reporters written in ESM (fix: moved inline inputs styles to component's less file apache/superset#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (More owners toggle in CRUD view renders with extra ellipsis apache/superset#11263)
• 57e32e9 Detect open handles with done callbacks (fix: better error messages for dashboard properties modal apache/superset#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (docs: fix 'npm run build' + run 'npm audit fix' apache/superset#10995)
• 4fa3a0b feat: custom haste (fix: Disabling timezone of dataframe before passing Prophet apache/superset#11107)
• 2047a36 chore: bump deps (Apply button gets pushed out of filter box when the filter box is small with too many filter values selected  apache/superset#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (feat: Excel file export apache/superset#9924)
• db643a1 Link to Jest config (Issue while using Forecasting  apache/superset#11106)
• b16082c Fix locale issue fix: bump pydruid to 0.6.0 apache/superset#10014 (fix: multiple issues with FilterPopover apache/superset#11412)

See the full diff

Package name: cross-env

The new version differs by 7 commits.

• 61ebf59 fix: bumped cross-spawn to version 7.0.0 (Query Time Lookups for Dimensions in Druid apache/superset#211)
• a75fd0e fix: remove is-windows dependency ('DruidDatasource' object has no attribute 'database' apache/superset#207)
• 4889923 docs: add note for windows issues
• 2b36bb3 docs: add Jason-Cooke as a contributor (Test that coverage actually works apache/superset#201)
• 41ab3b0 docs: Fix typo (Add a sankey example apache/superset#200)
• 553705c docs(README): list @ naholyr/cross-env in Other Solutions section (Javascript linting error breaks the build apache/superset#189)
• 5d0f19f docs: remove codesponsor (Adding docstrings ! apache/superset#186)

See the full diff

Package name: d3-color

The new version differs by 21 commits.

• 7a1573e 3.1.0
• 75c19c4 update LICENSE
• ef94e01 update dependencies
• 5e9f757 method shorthand
• e4bc34e formatHex8 ([Snyk] Fix for 12 vulnerabilities #103)
• ac660c6 {rgb,hsl}.clamp() ([Snyk] Security upgrade axios from 0.25.0 to 1.6.3 #102)
• 70e3a04 clamp HSL format ([Snyk] Fix for 12 vulnerabilities #101)
• 994d8fd avoid backtracking ([Snyk] Security upgrade jest from 26.6.3 to 27.0.0 #100)
• 7d61bbe 3.0.1
• 93bc4ff related Generate copyright from LICENSE. d3/d3#3502; extract copyrights from LICENSE
• 611e1c3 3.0.0
• 4c2be7e Adopt type=module ([Snyk] Security upgrade pillow from 9.3.0 to 10.0.1 #90)
• 017a463 v2.0.0
• 7de7354 Merge pull request [Snyk] Fix for 1 vulnerabilities #75 from d3/two
• 0ecd740 v2.0.0-rc.1
• 0eb9594 Merge pull request [Snyk] Security upgrade @storybook/react from 6.5.16 to 7.0.0 #76 from d3/radians
• cc0a51b Merge pull request [Snyk] Fix for 1 vulnerabilities #77 from d3/document-extensions
• fd23843 document extensions
• d86e36b link to https://d3js.org/d3-color.v2.min.js
• c1b93f1 normalize "degrees" and "radians" for deg2rad conversions
• 693572b deliberate ES6 syntax

See the full diff

Package name: d3-scale

The new version differs by 91 commits.

• f7cb35b 4.0.0
• 120ad7a adopt InternMap for ordinal scales (Would be good to log tracebacks apache/superset#237)
• ac30873 Adopt type=module (CHORE - Remove Trailing Spaces apache/superset#246)
• 2b7db62 3.3.0
• f3cfd2c update dependencies
• 80ff9b2 adopt d3-time’s ticks
• 8afe6bd 3.2.4
• 60e10c4 update dependencies
• 116ac06 Treat null as undefined. (Spark SQL backend (to support Elasticsearch, Cassandra, etc) apache/superset#241)
• c7efc99 3.2.3
• 5d3e9c3 Update d3-array.
• 1ff6522 yarn
• 957482b Update tickFormat.js
• 42d546e scaleQuantile performance fixup
• 0a427eb time_copy is part of the API but was missing from the README
• 1dd3f5a Merge pull request Add 'Percent of previous' to sunburst vis. Appease npm warnings for data tables and d3.layout.cloud apache/superset#219 from d3/links-v6
• 8460207 v3.2.2
• 6169111 d3 dependencies
• 0a55cc8 Merge pull request fixing cache timeout setting apache/superset#210 from domoritz/fix-nice
• 5046251 links to d3@6 versions
• d0a2fe4 fix documentation: the diverging scale's default domain is [0, 0.5, 1]
• da99948 Use var
• 0932d15 Merge pull request Query Time Lookups for Dimensions in Druid apache/superset#211 from oluckyman/patch-1
• 2751067 Fix a typo

See the full diff

Package name: eslint-plugin-import

The new version differs by 33 commits.

• b0131d2 Bump to v2.25.0
• 7463de2 utils: v2.7.0
• 900ac9a [resolvers/webpack] [deps] update `is-core-module`
• c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
• 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
• 62e2d88 [New] Support `eslint` v8
• 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
• dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
• 4f0f560 [Docs] `no-namespace`: fix a typo
• 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
• 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
• 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
• 471790f [Tests] fix skip usage
• fd85369 [Tests] skip failing test on eslint < 6 + node < 8
• 64423e9 [Tests] add passing test for export-star
• 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
• 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
• 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
• 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
• 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
• 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
• 7c382f0 [New] `no-unused-modules`: support dynamic imports
• 7579748 [utils] [new] add `visit`, to support dynamic imports
• 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: html-webpack-plugin

The new version differs by 13 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
• 2f5de7a Remove archived plugin

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (test: removed unicode_test example from unit tests apache/superset#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (SQL init sentences per session as part of the Sources->Databases configuration apache/superset#11441)
• 2226742 chore: minor simplify format results error (feat: annotation layers CRUD list view apache/superset#11432)
• 78eb25d chore: remove needless assign (build: disable pr reviews for pr-lint action apache/superset#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (fix: is_temporal should be overridden by is_dttm value apache/superset#11429)
• 27bee72 fix: run GC before collecting open handles (fix: add schema name to datasource field in chart list apache/superset#11278)
• 50451df feat: use fallback if prettier not found (fix: long labels now truncate with ellipsis apache/superset#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (fix: Explore popovers issues apache/superset#11428)
• 9633a26 feat: support reporters written in ESM (fix: moved inline inputs styles to component's less file apache/superset#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (More owners toggle in CRUD view renders with extra ellipsis apache/superset#11263)
• 57e32e9 Detect open handles with done callbacks (fix: better error messages for dashboard properties modal apache/superset#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (docs: fix 'npm run build' + run 'npm audit fix' apache/superset#10995)
• 4fa3a0b feat: custom haste (fix: Disabling timezone of dataframe before passing Prophet apache/superset#11107)
• 2047a36 chore: bump deps (Apply button gets pushed out of filter box when the filter box is small with too many filter values selected  apache/superset#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (feat: Excel file export apache/superset#9924)
• db643a1 Link to Jest config (Issue while using Forecasting  apache/superset#11106)
• b16082c Fix locale issue fix: bump pydruid to 0.6.0 apache/superset#10014 (fix: multiple issues with FilterPopover apache/superset#11412)

See the full diff

Package name: lerna

The new version differs by 154 commits.

• 3900fe9 chore(misc): publish 7.0.0
• ede2a31 chore: merge pull request Update messages.json apache/superset#3716 from lerna/v7
• 405cfe3 chore: docs
• 63180d0 chore: fix tests after merge commit
• 40f5226 Merge branch 'main' into v7
• 7307520 chore: release v7.0.0-alpha.8
• 5095b04 chore: deps updates (Update messages.po apache/superset#3715)
• aca9efc chore: deps updates ([translate] finish and update Chinese translate file apache/superset#3714)
• 16df3e9 chore: deps updates ( [translation] added japanese support apache/superset#3713)
• 83f9a05 chore: remove unnecessary deps duplication between root and main pkg (Box Plot not showing X-axis values apache/superset#3712)
• ab5ecd3 chore: add missing deps in legacy-package-management
• 83b45d2 chore: docs updates
• e7e0489 chore: rework publish directory and assets (fix the slice permission issue after user click-edit new slice title apache/superset#3711)
• d326fd7 chore: release v7.0.0-alpha.7
• bb0ea3c chore: bump to latest nx
• 53e71e4 fix: share project data when nesting commands (Intall Superset same instance in different server apache/superset#3709)
• fd57e02 chore: release v7.0.0-alpha.6
• ce4b352 fix: improve github client missing env var error
• e82618b fix: daemon communication
• a6be819 chore: docs updates
• 52c11ed chore: restore command tests
• 647dbb5 fix: support nx 16.3.1+ (Timezone offset doesn't work for filtering and grouping in PgSQL apache/superset#3707)
• 59d7146 chore: fix init test (Show continuous timeline on x-axis for Time Series plots apache/superset#3708)
• b0c5cd3 chore: release 7.0.0-alpha.5

See the full diff

Package name: react-jsonschema-form

The new version differs by 59 commits.

• 58a3534 Bump version v1.3.0
• 2a6b830 Limit cases where "required" attribute is used on checkboxes (typo fix to Update countries.md apache/superset#1194)
• 1651066 Add the full source maps by default for development (Adding a 'Misc Charts' dashboard as part of the examples apache/superset#1208)
• 10a6b64 Bug Fix empty html useless added by PR Fixing druid culster perms to mirror sqla databases apache/superset#1123 / v1.2.0 (Testing in progress apache/superset#1158)
• 92233e4 Add more schemas to validate against (models: fix slice creation apache/superset#1130)
• aebfab9 Improve handling of decimal points and trailing zeroes in numbers ([docs] improve security section around managing roles apache/superset#1183)
• 07decc5 Merge branch 'master' of https://github.com/mozilla-services/react-jsonschema-form
• c355ddb Merge branch 'huhuaaa-feature/fix-enum-empty-bug'
• 5aaf863 test: fix tests
• 9153444 Merge branch 'feature/fix-enum-empty-bug' of https://github.com/huhuaaa/react-jsonschema-form into huhuaaa-feature/fix-enum-empty-bug
• a7be6ee Remove build:readme script and toctoc dep (Download button, share button, and url shortener button stay not in sync with visualization while editing apache/superset#1189)
• f9d4c63 Fix multiple bugs related to switching between anyOf/oneOf options (--WIP-- add faves/starred things to /welcome apache/superset#1169)
• 4d17bd8 test: move the test to the right file
• bece2a5 Generate code coverage reports using nyc (Embedded Dashboards apache/superset#1170)
• aa862ab test: add enum test
• 59038c0 Submit event should return original event as second param (Bring DB in sync with the models.py apache/superset#1172)
• 919a164 Add various always-ignore files and directories to .gitignore (Druid metadata cannot be retrieved when the whole dataset has the same timestamp apache/superset#1171)
• 6e79281 Infer field type from const value ([sqllab] db migration - setting Database.allow_run_sync=True apache/superset#1174)
• b481f58 Oops, bump version in package-lock.json too
• a1eedfb Bump v1.2.1
• 54091b1 style: npm run cs-format
• f999547 Fixed a bug.The selector have a empty option, when use enum and the default value is 0 or false or ''.
• 174e136 Fix uiSchema for additionalProperties (Clicking on a user's role who is not active and making them active fires an error apache/superset#1144)
• 2368740 replace submit button paragraph tag with div (Warn the users about duplicate countries in the Worldmap apache/superset#766)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 5d64468 Merge pull request [Proposal] Superset Frontend Testing Guidelines apache/superset#16792 from webpack/update-version
• 67af5ec chore(release): 5.76.0
• 97b1718 Merge pull request Read MAPBOX_API_KEY from environment apache/superset#16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request Oauth registration not working apache/superset#16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request feat(plugin-chart-echarts): [feature-parity] support extra control for the area chart V2 apache/superset#16493 from piwysocki/patch-1
• 5f34acf feat: Add `target` to `LoaderContext` type
• b7fc4d8 Merge pull request feat: Helm chart: Support hostAliases apache/superset#16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request chore: Select component refactoring - SaveModal - Iteration 5 apache/superset#16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request "pybabel extract" gives "NameError: name 'SQLLAB_TIMEOUT' is not defined" apache/superset#16613 from jakebailey/ts-logo
• 302eb37 Merge pull request fix: TemporalWrapperType string representation apache/superset#16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• 4d561a6 Add test for behaviour of filesystem-cached assets with loaders
• dfaa3b4 lint: remove trailing comma
• dcc3e71 Serialize code generator data to support generated assets
• b67626c Merge pull request What design pattern or architectural pattern does Superset use? apache/superset#16491 from lvivski/main
• d957cdf Fix formatting
• 6011163 Fix formatting
• ea5e864 Fix HTML5 logo in README
• 2112f9b Replace TypeScript logo in README
• 5513dd6 Merge branch 'webpack:main' into patch-1
• 4b4ca3b Merge pull request #16500 from Jack-Works/avoid-cross-realm-object
• 4f39c9f fix: type error
• c922ee1 chore: revert breaking change

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For m...