[Snyk] Fix for 14 vulnerabilities

[matrix-compute]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 922, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0107, Social Trends: No, Days since published: 1165, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 113, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	/1000 Why?	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept
	104/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00137, Social Trends: No, Days since published: 795, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	49/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 173, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.06, Score Version: V5	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 276, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	/1000 Why?	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept
	/1000 Why?	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept
	160/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1242, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.66, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	No	Proof of Concept
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 768, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	276/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00267, Social Trends: No, Days since published: 254, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.81, Score Version: V5	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	No	Proof of Concept
	276/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0024, Social Trends: No, Days since published: 254, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.81, Score Version: V5	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	No	Mature
	/1000 Why?	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• 49f18e8 Bump version from "8.0.0-rc.5" to "8.0.0" [skip ci]
• 6c30c31 Trigger release of 8.0.0 with empty commit
• 8c7c296 Write changelog [skip ci]
• 82e153f Merge pull request Can't save a dataset from SQL Lab if it contains a CTE named "data" apache/superset#26358 from storybookjs/framework-doc-svelte-vite
• fffbbc9 Add `svelte-vite` framework doc
• 298d60c Merge pull request Subscribe to session timeout apache/superset#26265 from storybookjs/framework-doc-react-webpack5
• f9646dd Address comments
• d392a90 Add `react-webpack5` framework doc
• 3004edf Merge pull request fix: Stacked charts with numerical columns apache/superset#26264 from storybookjs/framework-doc-react-vite
• 3586fc9 Address comments
• 116fd4a Add react-vite framework doc
• 9050c69 Bump version from "8.0.0-rc.4" to "8.0.0-rc.5" [skip ci]
• 1e33053 Merge pull request fix(embedded): Hide dashboard fullscreen option for embedded context apache/superset#26412 from storybookjs/version-non-patch-from-8.0.0-rc.4
• cdfd820 Write changelog for 8.0.0-rc.5 [skip ci]
• eac3a3b Merge pull request fix(dashboard): Chart menu disable is fixed on chart-fullscreen in issue #25992 apache/superset#26410 from storybookjs/norbert/fix-automigration-latest-detection
• d978771 add a flag for detecting is the latest version we got from npm matches the version of the CLI exactly
• bfa0570 Bump version from "8.0.0-rc.3" to "8.0.0-rc.4" [skip ci]
• 46bc788 Merge pull request docs: Install a supported webdriver in the Celery worker on Kubernetes deployment apache/superset#26370 from storybookjs/version-non-patch-from-8.0.0-rc.3
• a6e4d90 Write changelog for 8.0.0-rc.4 [skip ci]
• 37276b2 Merge pull request In 3.1.0rc3, color rendering of charts displayed in dashboard view is different than color rendering in chart view --regression from 2.1.0 apache/superset#26321 from storybookjs/docs_snapshot_testing
• c1fc191 Merge branch 'next' into docs_snapshot_testing
• 4f6f044 Merge pull request fix(sqllab): Bump duckdb-engine version to 0.9.5 apache/superset#26405 from storybookjs/norbert/fix-esbuild-version
• 9c2d525 fix the esbuild compatibility versions ranges
• 973fa2d Merge pull request fix(embed): an error occurred while rendering the visualization: error: Item with key ... is not registered. apache/superset#26398 from storybookjs/docs_fix_tables

See the full diff

Package name: @storybook/addon-essentials

The new version differs by 250 commits.

• 49f18e8 Bump version from "8.0.0-rc.5" to "8.0.0" [skip ci]
• 6c30c31 Trigger release of 8.0.0 with empty commit
• 8c7c296 Write changelog [skip ci]
• 82e153f Merge pull request Can't save a dataset from SQL Lab if it contains a CTE named "data" apache/superset#26358 from storybookjs/framework-doc-svelte-vite
• fffbbc9 Add `svelte-vite` framework doc
• 298d60c Merge pull request Subscribe to session timeout apache/superset#26265 from storybookjs/framework-doc-react-webpack5
• f9646dd Address comments
• d392a90 Add `react-webpack5` framework doc
• 3004edf Merge pull request fix: Stacked charts with numerical columns apache/superset#26264 from storybookjs/framework-doc-react-vite
• 3586fc9 Address comments
• 116fd4a Add react-vite framework doc
• 9050c69 Bump version from "8.0.0-rc.4" to "8.0.0-rc.5" [skip ci]
• 1e33053 Merge pull request fix(embedded): Hide dashboard fullscreen option for embedded context apache/superset#26412 from storybookjs/version-non-patch-from-8.0.0-rc.4
• cdfd820 Write changelog for 8.0.0-rc.5 [skip ci]
• eac3a3b Merge pull request fix(dashboard): Chart menu disable is fixed on chart-fullscreen in issue #25992 apache/superset#26410 from storybookjs/norbert/fix-automigration-latest-detection
• d978771 add a flag for detecting is the latest version we got from npm matches the version of the CLI exactly
• bfa0570 Bump version from "8.0.0-rc.3" to "8.0.0-rc.4" [skip ci]
• 46bc788 Merge pull request docs: Install a supported webdriver in the Celery worker on Kubernetes deployment apache/superset#26370 from storybookjs/version-non-patch-from-8.0.0-rc.3
• a6e4d90 Write changelog for 8.0.0-rc.4 [skip ci]
• 37276b2 Merge pull request In 3.1.0rc3, color rendering of charts displayed in dashboard view is different than color rendering in chart view --regression from 2.1.0 apache/superset#26321 from storybookjs/docs_snapshot_testing
• c1fc191 Merge branch 'next' into docs_snapshot_testing
• 4f6f044 Merge pull request fix(sqllab): Bump duckdb-engine version to 0.9.5 apache/superset#26405 from storybookjs/norbert/fix-esbuild-version
• 9c2d525 fix the esbuild compatibility versions ranges
• 973fa2d Merge pull request fix(embed): an error occurred while rendering the visualization: error: Item with key ... is not registered. apache/superset#26398 from storybookjs/docs_fix_tables

See the full diff

Package name: @storybook/react

The new version differs by 250 commits.

• 4f2afa6 v7.0.0
• 03292b0 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• b2dc5cf Revert "Update root, peer deps, version.ts/json to 7.0.0 [ci skip]"
• 7f391a3 Update root, peer deps, version.ts/json to 7.0.0 [ci skip]
• f0b53cb 7.0.0 changelog
• 930917d Merge pull request Additions/suggestions to improve the Superset DB query table apache/superset#21856 from storybookjs/docs/interactions-addon-migration
• f1c13da 7.0.0-rc.11 next.json version file [skip ci]
• 512a2ae Update git head to 7.0.0-rc.11, update yarn.lock [ci skip]
• 908c324 v7.0.0-rc.11
• 5edc7c0 Update root, peer deps, version.ts/json to 7.0.0-rc.11 [ci skip]
• 324d9bb 7.0.0-rc.11 changelog
• 37d9737 interactions debugger is now default
• 9682f7c Merge pull request #21833 from storybookjs/kasper/fix-strict-args-decorator-with-interface
• a08ffc7 Put @ storybook/csf version back into next
• 2cc1d36 Merge pull request feat(db_engine_specs): Allow uploaded columns of dtype datetime to be stored as TIMESTAMP in the Hive schema apache/superset#21850 from storybookjs/fix/tone-down-dependency-alerts
• 941103b Merge pull request when i run command with npm run build, it tell me react not support css property apache/superset#21851 from storybookjs/valentin/export-application-config-decorator
• 31700c0 Export applicationConfig decorator and adjust documentation for usage
• 3d9544f Merge pull request chore(deps-dev): bump @typescript-eslint/parser from 4.19.0 to 5.40.1 in /superset-websocket apache/superset#21846 from storybookjs/chore_docs_webpack_tweaks
• 79b590b Tweaks to the Webpack docs
• d193be5 Merge pull request refactor: return initial exception and check if it's user error apache/superset#21836 from storybookjs/fix/downgrade-remark-deps
• 79b1fde Merge pull request fix(sqllab): Fix spacing on Schedule option in SqlEditor dropdown apache/superset#21832 from storybookjs/fix/polyfill-global
• 590f053 downgrade remark related dependencies
• b421d95 only provide critical duplicated dependency warning on major version difference
• acace30 Merge pull request fix(report): Capture unexpected errors in report screenshots. Fixes #21653 apache/superset#21724 from jungpaeng/docs/fix-controls

See the full diff

Package name: babel-jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (test: removed unicode_test example from unit tests apache/superset#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (SQL init sentences per session as part of the Sources->Databases configuration apache/superset#11441)
• 2226742 chore: minor simplify format results error (feat: annotation layers CRUD list view apache/superset#11432)
• 78eb25d chore: remove needless assign (build: disable pr reviews for pr-lint action apache/superset#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (fix: is_temporal should be overridden by is_dttm value apache/superset#11429)
• 27bee72 fix: run GC before collecting open handles (fix: add schema name to datasource field in chart list apache/superset#11278)
• 50451df feat: use fallback if prettier not found (fix: long labels now truncate with ellipsis apache/superset#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (fix: Explore popovers issues apache/superset#11428)
• 9633a26 feat: support reporters written in ESM (fix: moved inline inputs styles to component's less file apache/superset#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (More owners toggle in CRUD view renders with extra ellipsis apache/superset#11263)
• 57e32e9 Detect open handles with done callbacks (fix: better error messages for dashboard properties modal apache/superset#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (docs: fix 'npm run build' + run 'npm audit fix' apache/superset#10995)
• 4fa3a0b feat: custom haste (fix: Disabling timezone of dataframe before passing Prophet apache/superset#11107)
• 2047a36 chore: bump deps (Apply button gets pushed out of filter box when the filter box is small with too many filter values selected  apache/superset#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (feat: Excel file export apache/superset#9924)
• db643a1 Link to Jest config (Issue while using Forecasting  apache/superset#11106)
• b16082c Fix locale issue fix: bump pydruid to 0.6.0 apache/superset#10014 (fix: multiple issues with FilterPopover apache/superset#11412)

See the full diff

Package name: jest

The new version differs by 250 commits.

• 8f9b812 v28.0.0
• f424551 feat: Jest 28 blog post (get_viz viz_obj = viz.viz_types[viz_type](↵KeyError: 'yh_color_table'↵") apache/superset#12732)
• c79f8d6 feat: roll v28 docs ([Question] How to avoid duplicate queries when one is running apache/superset#12733)
• e9f6610 Remove `core.autocrlf` config on CI (chore[explore]: Save date if Ok not clicked apache/superset#12731)
• 9342a23 docs: add mention of expect breaking change to upgrade guide (fix: Replace space with tabulator and enter as separators apache/superset#12730)
• e1f2515 chore: add missing `throw`
• 039f43e chore: combine all v27 docs into a single one ([SIP-94] Support star schemas apache/superset#12729)
• 256c1af chore(website): add some admonitions to 25.x ([SQL Lab] broken in Safari apache/superset#12565)
• fc85b8f fix: replace hash routine md5 with sha256 ([chart]wrap metric text in chart tooltip apache/superset#12722)
• c1a57cb chore(deps): bump isbinaryfile dependency to ^5.0.0 (Webdriver stopped working after 1.0.0 upgrade. apache/superset#12726)
• 9ebfe0a chorer: add note about babel config to upgrade guide ([SIP] Propose visualizations based on data apache/superset#12724)
• 4ec4b98 chore: cache yarn deps on netlify ([SIP] Add a top level data navigation to each chart apache/superset#12725)
• 62afb83 chore: revert docs: link fix in CONTRIBUTING.md apache/superset#12718 and simply do not bundle type declarations of `@ jest/globals` (remove Multi-line chart plugin apache/superset#12721)
• 4f1d199 Add Yarn dedupe CI check (Wrong redirect link in CONTRIBUTING.md apache/superset#12717)
• 7a8c9cf Lock source-map-support verion to 0.5.13 (#12720)
• 811228d Support error logging before jest retry ([Chart]Line Chart Time Series markers not correct after zoom apache/superset#12201)
• a28db24 chore: do not bundle type definitions for packages which have only one `.d.ts` file (docs: link fix in CONTRIBUTING.md apache/superset#12718)
• 49ee158 update dependency @ microsoft/api-extractor to 7.23.0 (feat(native-filters): apply scoping of native filters to dashboard apache/superset#12716)
• e72c52f feat(jest-runner): export `TestRunner` interface types and reexport types from other packages ([alert]can't add alerts and reports apache/superset#12715)
• 3c6f14b feat(jest-resolve): expose `PackageFilter`, `PathFilter` and `PackageJSON` types (<html> <head> <script data-ad-client="ca-pub-2014719345840065" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js”> </script> <title>Example HTML page</title> </head> <body> http://connectionjewelry.com </body> </html> apache/superset#12712)
• a293b75 refactor(jest-transform): rename TransformerConfig ([explore]clear search input when switching dataset  apache/superset#12708)
• 625e0bc show that setupFilesAfterEnv scripts can define beforeAll (fix(load_examples): better fix for load_data apache/superset#12702)
• 0208815 feat(jest-resolve): expose `JestResolver`, `AsyncResolver` and `SyncResolver` types ([explore]cosmetic improvement suggestions  apache/superset#12707)
• 75c7c40 docs: use admonitions in ExpectAPI.md ([Explore] Hide "Predictive Analytics" when "fbprophet" is not installed apache/superset#12679)

See the full diff

Package name: lerna

The new version differs by 161 commits.

• 5646a45 chore(misc): publish 8.0.1
• 1b91cc0 chore: ci tweaks (Styling issues with percentage metrics  apache/superset#3921)
• 8f7a32b fix(version): create correct independent tags when using --sign-git-tag (Run a separate celery cluster from the webserver?  apache/superset#3917)
• f5fdcba fix: update node-gyp usage to v10 to resolve npm warning (Additional empty line added to clipboard apache/superset#3919)
• ce0221d chore: disable verbose logging in other node versions workflow
• d733920 chore: fix other-node-versions by removing @ 8 specifier from corepack prepare pnpm (When checking if you should renderTriggered make sure controls[key] exists apache/superset#3912)
• a8cf247 chore(child-process): convert to typescript (Issue with Dimension Specs apache/superset#3908)
• 2ba1a0c chore: update v8 release notes
• 9c71696 chore: update v8 release notes
• b664840 chore(misc): publish 8.0.0
• c836974 chore: restore corepack in task runner e2e
• d4d2bdf chore: disable cloud for task runner e2e ci
• 9f1adbe chore: disable cloud for task runner e2e ci
• 9bdfbf4 chore: disable cloud for task runner e2e ci
• 5cd5b20 chore: task runner e2e ci tweaks
• a2b00b6 chore: comment out NX_BRANCH env var
• 32d9f63 chore: fix formatting
• 2553e44 chore: disable verbose logging in CI
• 2ff3705 chore: add missing updates
• 4f5edee feat!: stop publishing @ lerna/child-process (Superset not running. Error in config file apache/superset#3909)
• 4445fce chore(run): enable strict type checking (In Bubble Chart, avoid X Axis, Y Axis duplicate name, caused ValueErr… apache/superset#3907)
• 837af93 feat!(deps): update yargs and yargs-parser to latest (Fixes default hanlding in Altered slice tag apache/superset#3903)
• 3b05947 feat(version): add --premajor-version-bump option to force patch bumps for non-breaking changes in premajor packages (Fix slug function apache/superset#3876)
• a3cb7ca feat(version): use corepack for install when enabled ([dashboard bug] Fix standalone slice apache/superset#3877)

See the full diff

Package name: webpack-dev-server

The new version differs by 88 commits.

• 064644a chore(release): 5.0.0
• 4e4c97f refactor: improve migration (Visualization Types apache/superset#5040)
• b453380 chore(deps): bump (bugfix when use "Time Series - Line Chart" and "Big Number with Trendline" on dashboard apache/superset#5035)
• 975c719 fix: improve error handling for WebsocketServer ([Explore] [Adhoc Metrics/Filters] Force Ace editor to refresh when it is shown apache/superset#5038)
• 48f56d5 test: fix
• 6406db6 test: fix
• 555bddd test: fix
• ba0a2fc test: fix
• b087461 test: improve
• 017dd9d test: update logic
• fead975 test: update
• d0e092b chore(deps): bump puppeteer
• 1f3bbfb chore(deps): bump marked
• 309dfc0 test: skip broken test
• e1b6421 chore(deps): update webpack
• c6b947e test: update
• aaf31e2 test: update
• 3ed63d2 test: update
• 0466cf1 test: update
• f9615a4 chore(deps): bump
• 811b01b chore(deps): bump
• 7c676e2 chore: bump deps
• 26aae7e fix: clean 'close' event listeners on socket server after generating new proxy config. (Wrong queries created apache/superset#5001)
• 5ec6a39 chore: update webpack-dev-middleware and other deps ([Explore][Adhoc Filters] Expanding the Adhoc Filter popover when the content expands apache/superset#5032)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn