[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • app/vue/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Doesn't work on Windows if launched from a shell with lowercase drive letter storybookjs/storybook#860)
• e7525c9 test: nested url (Add a suite of tests to check with new versions of React Native storybookjs/storybook#859)
• 7259faa test: css hacks (Is there a way to get this working with Exponent? storybookjs/storybook#858)
• 5e6034c feat: allow to filter import at-rules (Co-locate stories with components. storybookjs/storybook#857)
• 5e702e7 feat: allow filtering urls (Reconnect websocket connection on close storybookjs/storybook#856)
• 9642aa5 test: css stuff (Storybook webapp preview area is blank storybookjs/storybook#855)
• 3338656 fix: reduce number of require for url (Decorators may get applied multiple times storybookjs/storybook#854)
• 533abbe test: issue 636 (Support modules storybookjs/storybook#853)
• 08c551c refactor: better warning on invalid url resolution (Write a contributor guide storybookjs/storybook#852)
• b0aa159 test: issue react-native peer dependency warning storybookjs/storybook#589 (Write unit tests storybookjs/storybook#851)
• f599c70 fix: broken unucode characters (Can only use one device at a time storybookjs/storybook#850)
• 1e551f3 test: issue 286 (Support RN 0.43.x storybookjs/storybook#849)
• 419d27b docs: improve readme (how to debug app storybookjs/storybook#848)
• d94a698 refactor: webpack-default (RelayQL: Unexpected invocation ... storybookjs/storybook#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Hook on leaveing a story storybookjs/storybook#845)
• 8a6ea10 refactor: postcss plugins (Don't work if Debug server host is setted: websocket: connection error", "Failed to connect to localhost/127.0.0.1:7007 storybookjs/storybook#844)
• fdcf687 fix: url resolving logic (Doesn't work on Windows if launched from a shell with lowercase drive letter storybookjs/storybook#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Add a suite of tests to check with new versions of React Native storybookjs/storybook#842)
• ee2d253 test: importLoaders option (Is there a way to get this working with Exponent? storybookjs/storybook#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Merge channel-postmsg into this repo storybookjs/storybook#840)
• fe94ebc test: icss reserved keywords (Is there a way to get this working with Exponent? storybookjs/storybook#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Co-locate stories with components. storybookjs/storybook#838)

See the full diff

Package name: json5

The new version differs by 91 commits.

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add __proto__ to objects and arrays
• 072eb40 1.0.1
• e7bdcd1 Update CHANGELOG for v1.0.1
• 342d575 Remove package.json5 file
• 0336c9c Fix unclosed object and array bug
• 25929ab Fix typo in API documentation
• 607c18f Readme: fix typo in attribution. [skip ci]
• 1d64ece 1.0.0
• ef1f94a Fix headings in README
• 1c5d18d Remove remnant in README
• d904cd6 Update dependencies
• 156ae20 Add contributing guidelines
• f920edc Update CHANGELOG for v1.0
• 4c7fbd2 Update README for v1.0
• 5cbd656 Update copyright year
• 1d1c92d Explain STDIN and STDOUT using in CLI
• a95ec35 Update package.json5 with coverage integration
• f60448e Integrate Coveralls
• d17173c 1.0.0-beta.4
• d828908 Fix and ensure signed numbers are parsed properly
• dc2cfbc Make all tests run
• ad03a13 Test on Node v9

See the full diff

Package name: style-loader

The new version differs by 22 commits.

• 5d73db7 chore(release): 0.20.0
• 08ce425 chore(package): update dependencies
• 28f603f refactor: remove comments from bundle source code
• dda8b89 test: rename && update HMR tests
• 23c3567 fix(options): add `transform` option validation (`{String}`)
• e0c4b19 fix(options): support passing a `{Function}` (`options.insertInto`)
• ac8430c ci(travis): update `node` v4.3.0...4.8.0
• 0eb8fe7 feat: support passing a `{Function}` (`options.insertInto`) ([Snyk] Security upgrade gatsby from 1.9.131 to 2.32.8 #279)
• 3a4cb53 fix(index): enable HMR in case `locals` (`css-modules`) are unchanged ([Snyk] Fix for 134 vulnerabilities #298)
• 9b46128 fix(addStyles): check if `HTMLIFrameElement` exist ([Snyk] Security upgrade webpack from 3.12.0 to 5.94.0 #296)
• a7734e6 chore(package): update repository url ([Snyk] Fix for 1 vulnerabilities #290)
• 6ca2ecb chore(release): 0.19.1
• 2bfc93e fix(addStyles): correctly check `singleton` behavior when `{Boolean}` (`options.singleton`) ([Snyk] Security upgrade react-native from 0.49.5 to 0.69.12 #285)
• 57c457d docs: fixed missing commas in configuration examples ([Snyk] Security upgrade react-native from 0.49.5 to 0.69.12 #266)
• c9707f1 chore(release): 0.19.0
• 378e906 feat: add option to enable/disable HMR (`options.hmr`) ([Snyk] Fix for 1 vulnerabilities #264)
• 67120f8 feat: support 'before' insertions (`options.insertAt`) ([Snyk] Security upgrade gatsby from 1.9.131 to 2.1.1 #253)
• a2ae3ac docs(README): fix bash code highlight ([Snyk] Fix for 2 vulnerabilities #262)
• ce53bd9 docs(readme): fix typo ([Snyk] Security upgrade webpack-dev-middleware from 1.12.2 to 5.3.4 #260)
• 57e171f docs: Fixes typo in readme ([Snyk] Security upgrade gatsby from 1.9.131 to 2.0.0 #258)
• 01ceef8 docs(README): fix example (`options.insertInto`) ([Snyk] Fix for 1 vulnerabilities #251)
• 25e8e89 feat: add support for iframes (`options.insertInto`) ([Snyk] Security upgrade @storybook/components from 3.4.12 to 4.0.0 #248)

See the full diff

Package name: url-loader

The new version differs by 11 commits.

• 0eeaaa9 chore(release): 1.0.0
• 0390cdb test: standardize (`@ webpack-contrib/test-utils`) ([Snyk] Fix for 1 vulnerabilities #114)
• 457618b fix(index): use `Buffer.from` instead of deprecated `new Buffer` ([Snyk] Fix for 1 vulnerabilities #113)
• b4be0c8 ci(circle): Fix rebuild issues
• 4a62cd5 ci(circle): Generate checksum from lock file
• 5aeba3e chore: Update to defaults rc.1
• 3c87902 chore(release): 1.0.0-beta.0
• b61859c chore: Fix package.json prop ordering
• f9174d2 docs(readme): Updates coverage badge
• 5ce17f7 docs(readme): Update CI status badge
• 073b588 refactor: apply `webpack-defaults` ([Snyk] Security upgrade webpack from 3.12.0 to 4.0.0 #102)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request Migrate webpack configuration in 5.x storybookjs/storybook#6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request Addon-info doesn't work with Vue jsx components storybookjs/storybook#6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request A11y design enhancements storybookjs/storybook#6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request Storybook does not work with RN0.59.+ storybookjs/storybook#6452 from webpack/update_acorn
• 9179980 Merge pull request FIX viewmode being hard-coded making custom addons of type TAB impossible storybookjs/storybook#6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request Viewport addon has unnecessary scrollbar when dimension is set to 100% storybookjs/storybook#6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request Emit event on updating background storybookjs/storybook#6561 from joshunger/patch-1
• 6e175bc Merge pull request Fix react-native preview only ui storybookjs/storybook#6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request Expose method to stop in standalone dev server storybookjs/storybook#6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request Clicking knobs button doesn't work storybookjs/storybook#6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)