[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • lib/core/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: terser-webpack-plugin

The new version differs by 36 commits.

• 8c68450 chore(release): 2.1.1
• 62b3677 chore(deps): update ([Snyk] Security upgrade axios from 0.18.1 to 0.21.1 #167)
• 6bdee64 fix: logic for extracting and preserving comments ([Snyk] Security upgrade axios from 0.18.1 to 0.21.1 #166)
• 6355274 refactor: code ([Snyk] Security upgrade react-scripts from 3.3.0 to 4.0.0 #165)
• d5df728 chore(release): 2.1.0
• 9bbe824 refactor: code ([Snyk] Security upgrade react-scripts from 2.1.5 to 3.0.0 #158)
• aba8ba7 fix: correct interpretation url for extracted comment file ([Snyk] Security upgrade react-syntax-highlighter from 8.1.0 to 13.0.0 #157)
• 2b4d2a4 feat: emit warning when comment file conlict with an existing asset ([Snyk] Security upgrade expo from 33.0.7 to 34.0.1 #156)
• efbd383 docs: add missing breaking change for 2.0.0 ([Snyk] Security upgrade react-syntax-highlighter from 8.1.0 to 13.0.0 #155)
• 5fe3337 feat: improve naming of extracted file with comments ([Snyk] Security upgrade webpack from 4.44.2 to 5.1.1 #154)
• cea7243 Chore deps update ([Snyk] Security upgrade webpack from 4.44.2 to 5.1.1 #153)
• 5821456 docs: clarify default value for sourceMap option ([Snyk] Fix for 1 vulnerabilities #151)
• cf91c43 docs: update readme to reflect new default options ([Snyk] Security upgrade react-scripts from 3.3.0 to 3.4.4 #147)
• 0b9681d chore(release): 2.0.1
• 6613a97 fix: revert do not run parallel mode when you have only one file ([Snyk] Security upgrade react-scripts from 3.3.0 to 3.4.4 #146)
• 815e533 fix: reduce memory usage ([Snyk] Upgrade @storybook/node-logger from 5.2.0-beta.18 to 5.3.21 #145)
• 42a0f9c chore(release): 2.0.0
• ae56c17 docs: remove legacy link on old version of plugin ([Snyk] Fix for 1 vulnerabilities #142)
• dcf875b refactor: tests ([Snyk] Security upgrade graphiql from 0.13.2 to 0.14.0 #141)
• dd37ca1 feat: respect `devtool` values for source map generation ([Snyk] Fix for 1 vulnerabilities #140)
• 080baff docs: issue-83 ([Snyk] Fix for 1 vulnerabilities #139)
• 0537591 fix: parallel on wsl ([Snyk] Security upgrade react-scripts from 3.3.0 to 3.4.3 #138)
• 527a055 refactor: migrate on `jest-worker` ([Snyk] Security upgrade react-scripts from 2.1.5 to 3.4.3 #137)
• cc1c081 refactor: code ([Snyk] Security upgrade react-scripts from 3.3.0 to 3.4.3 #136)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• f2f998b 5.1.1
• bcd6190 Merge pull request Addon-controls: Fix update logic for argTypes with custom names storybookjs/storybook#11704 from webpack/bugfix/delete-asset
• 11935a9 Merge pull request Server: Serialize Object controls as JSON over the wire storybookjs/storybook#11703 from webpack/bugfix/11678
• 63ba54c update chunk to files mapping when deleting assets
• 4669600 Merge pull request Addon-knobs: Move @types/react-color to devDeps storybookjs/storybook#11690 from webpack/bugfix/11673
• 234373e Merge pull request Naming variable before export default breaks code display storybookjs/storybook#11702 from webpack/deps/terser
• b6bc273 fix infinite loop in inner graph optimization
• 50c3a83 fix unused modules in chunk when optimizing runtime-specific
• 5d9d9b9 fix runtime-specific handling in concatenated modules
• 250e37c add test case
• 7925652 upgrade terser-webpack-plugin
• 27796db Merge pull request #11669 from webpack/dependabot/npm_and_yarn/ts-loader-8.0.5
• bd5aab8 Merge pull request Sidebar subheadings unexpectedly appearing  storybookjs/storybook#11692 from webpack/dependabot/npm_and_yarn/babel/core-7.12.0
• 886bbd5 Merge pull request Storybook can't find x.component.html when npm package is built with Angular 10 storybookjs/storybook#11693 from webpack/dependabot/npm_and_yarn/react-dom-16.14.0
• 3a14b3d Merge pull request Build Storybook iframe.html Failed to load resource storybookjs/storybook#11694 from webpack/dependabot/npm_and_yarn/react-16.14.0
• ddf9936 chore(deps-dev): bump react from 16.13.1 to 16.14.0
• dc6e69a chore(deps-dev): bump react-dom from 16.13.1 to 16.14.0
• 8f18de9 chore(deps-dev): bump @babel/core from 7.11.6 to 7.12.0
• c0410e8 Merge pull request ActionBar not clickable in the Actions addon storybookjs/storybook#11686 from webpack/bugfix/11677
• 4504046 order runtime chunks correctly when they depend on each other
• 74a44cd add comment to help tagging for the bot
• e97efb7 chore(deps-dev): bump ts-loader from 8.0.4 to 8.0.5
• 77329b4 5.1.0
• 48c10f3 Merge pull request Storybook + Angular CSF Stories causes 'Multiple defintions' error in IE11 storybookjs/storybook#11653 from log2-hwan/fix-moduletemplate-deprecation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[stale]

Hi everyone! Seems like there hasn't been much going on in this issue lately. If there are still questions, comments, or bugs, please feel free to continue the discussion. Unfortunately, we don't have time to get to every issue. We are always open to contributions so please send us a pull request if you would like to help. Inactive issues will be closed after 30 days. Thanks!

[stale]

Hey there, it's me again! I am going close this issue to help our maintainers focus on the current development roadmap instead. If the issue mentioned is still a concern, please open a new ticket and mention this old one. Cheers and thanks for using Storybook!