[Snyk-dev] Fix for 9 vulnerabilities

[lili2311]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • lib/core/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNTOJSX-3310443	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/node-logger

The new version differs by 250 commits.

• 7d4d6ab v6.4.0
• 86e2d61 Update root, peer deps, version.ts/json to 6.4.0 [ci skip]
• ec6fd3b 6.4.0 changelog
• b88d2d9 6.4.0-rc.11 next.json version file
• 2d78019 Update git head to 6.4.0-rc.11, update yarn.lock
• 77eb43c v6.4.0-rc.11
• ca91e77 Update root, peer deps, version.ts/json to 6.4.0-rc.11 [ci skip]
• 52ed4b0 6.4.0-rc.11 changelog
• 4f23295 Merge pull request Core: Fix breaking change in process/browser storybookjs/storybook#16795 from SebastienGllmt/patch-1
• d443c73 Fix breaking changing process/browser
• 16678e0 6.4.0-rc.10 next.json version file
• 0e8f1c2 Update git head to 6.4.0-rc.10, update yarn.lock
• 5ae60fc v6.4.0-rc.10
• 135ca93 Update root, peer deps, version.ts/json to 6.4.0-rc.10 [ci skip]
• a89d8e9 6.4.0-rc.10 changelog
• 68c4086 Merge pull request Core: Allow args/argTypes/component to be set via parameters for storiesOf back-compat storybookjs/storybook#16791 from storybookjs/16756-argTypes-storiesOf
• 0a03181 Merge pull request Core: Sort the results of globby when constructing Story Index storybookjs/storybook#16788 from storybookjs/16767-sort-stories-index
• 8b4b8fc Merge pull request Core: Don't log a console error when the story is missing storybookjs/storybook#16783 from storybookjs/remove-missing-console-error
• 465a4be Merge branch 'next' into 16756-argTypes-storiesOf
• 1799997 Merge pull request Addon-docs: Wait for the story component to render before emitting storybookjs/storybook#16792 from storybookjs/16745-fix-docs-story-rendered
• 38aadfc Merge pull request Core: Ensure that context.args is always set storybookjs/storybook#16790 from storybookjs/16743-argTypeTargets-no-args
• 068ee39 Fix typo
• 809b59e Remove console log
• 1636334 Wait for the story component to render before emitting

See the full diff

Package name: @storybook/ui

The new version differs by 250 commits.

• 7d4d6ab v6.4.0
• 86e2d61 Update root, peer deps, version.ts/json to 6.4.0 [ci skip]
• ec6fd3b 6.4.0 changelog
• b88d2d9 6.4.0-rc.11 next.json version file
• 2d78019 Update git head to 6.4.0-rc.11, update yarn.lock
• 77eb43c v6.4.0-rc.11
• ca91e77 Update root, peer deps, version.ts/json to 6.4.0-rc.11 [ci skip]
• 52ed4b0 6.4.0-rc.11 changelog
• 4f23295 Merge pull request Core: Fix breaking change in process/browser storybookjs/storybook#16795 from SebastienGllmt/patch-1
• d443c73 Fix breaking changing process/browser
• 16678e0 6.4.0-rc.10 next.json version file
• 0e8f1c2 Update git head to 6.4.0-rc.10, update yarn.lock
• 5ae60fc v6.4.0-rc.10
• 135ca93 Update root, peer deps, version.ts/json to 6.4.0-rc.10 [ci skip]
• a89d8e9 6.4.0-rc.10 changelog
• 68c4086 Merge pull request Core: Allow args/argTypes/component to be set via parameters for storiesOf back-compat storybookjs/storybook#16791 from storybookjs/16756-argTypes-storiesOf
• 0a03181 Merge pull request Core: Sort the results of globby when constructing Story Index storybookjs/storybook#16788 from storybookjs/16767-sort-stories-index
• 8b4b8fc Merge pull request Core: Don't log a console error when the story is missing storybookjs/storybook#16783 from storybookjs/remove-missing-console-error
• 465a4be Merge branch 'next' into 16756-argTypes-storiesOf
• 1799997 Merge pull request Addon-docs: Wait for the story component to render before emitting storybookjs/storybook#16792 from storybookjs/16745-fix-docs-story-rendered
• 38aadfc Merge pull request Core: Ensure that context.args is always set storybookjs/storybook#16790 from storybookjs/16743-argTypeTargets-no-args
• 068ee39 Fix typo
• 809b59e Remove console log
• 1636334 Wait for the story component to render before emitting

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Cross-site Scripting (XSS)