[Snyk] Fix for 46 vulnerabilities

[Ariffirdausazman]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Command Injection SNYK-JS-NODENOTIFIER-1035794	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-loader

The new version differs by 41 commits.

• 1a76476 7.0.0
• 7307226 Point changelog to releases
• 174cb10 Merge branch '7.0'
• 2204871 Add prettier (Fix: minor fixes for MongoDB, script and Python query runners getredash/redash#409)
• dbec80d Make sure .babelrc is a file, not a directory (added instructions to check current version getredash/redash#427)
• aa485e4 Use bash codecov (Fix: python query runner didn't allow iterating lists getredash/redash#440)
• 16522b6 yarn.lock
• 660922b Update ava to the latest version 🚀 (MongoDB aggregation support + mongo documentation (as comments) getredash/redash#434)
• 5d248b5 Update cross-env to the latest version 🚀 (Feature: additional refresh times (5, 10, 15, 30 minutes) getredash/redash#431)
• 74ff2e6 Updated documentation to match webpack v2 changes. (Module 'highchart' is not available! getredash/redash#438)
• ed8711d Add note about webpack versions
• a7342de 7.0.0-beta.1
• fb8c271 Merge branch 'fix-options' into 7.0
• 1ed7ff5 Merge branch 'master' into 7.0
• e20f6b6 Changelog for 6.4.1 (Allow for forking the query and retaining the schedule getredash/redash#424)
• 87e4e85 target node 4 in preset env (fixed migration commands getredash/redash#423)
• 05a31c5 7.0.0-alpha.3
• ad77367 Ensure options are always an object (vagrant installation getredash/redash#413)
• e8aa302 Ensure options are always an object
• b9209e7 7.0.0-alpha.2
• 3f51915 Update yarn.lock
• c18b16a Fix merge conflict
• 906ab55 Merge branch 'master' into 7.0
• 70c8c4a Merge branch 'master' into 7.0

See the full diff

Package name: babel-plugin-angularjs-annotate

The new version differs by 36 commits.

• 70152ff update package-lock.json
• 542b63d bump version
• 16ebbe1 Merge branch 'babel7'
• 7ff15db Merge pull request Toggle % stacking isn't a toggle getredash/redash#43 from pioug/upgrade-babel
• b26b09b better tests?
• c3a57b5 silent tests
• 7d62409 bump babel
• 65eaece Use stable Babel version
• 2c983a6 Upgrade Babel 7
• ca3a046 Bump version for release
• b5398d4 Merge pull request Fixed installation dependencies, instructions getredash/redash#36 from noppa/directive-definition-in-variable
• 2b767cb Merge pull request Add forked to indicator to query getredash/redash#37 from sbrunner/nginject-not-alone
• 610ad96 Be able to have more comments in the @ ngInject comment
• efe4d1e Use double quotes for consistency
• 9575813 Add support for directive definition in a variable
• 5b40407 v0.8.2
• 00cb7cf update site
• 03da4fb fix function hoisting w/ nested array injects
• 4927c7c update circleci node version
• 3078c84 v0.8.1
• e390f77 build site
• 805c6f0 bump deps
• 39ffd0e play nicely with default function arguments
• 99c600c Merge branch 'master' of github.com:schmod/babel-plugin-angularjs-annotate

See the full diff

Package name: css-loader

The new version differs by 250 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (Unable to save the query getredash/redash#1209)
• 7bfe85d chore(deps): update (Add description to embed getredash/redash#1208)
• b5c9379 feat: postcss@8 (Add: show views in schema browser for Vertica data sources getredash/redash#1204)
• 92fe103 docs: context is localIdentContext in README (using function in redash getredash/redash#1202)
• e5a9272 chore(deps): update (Add: map marker cluster visualization getredash/redash#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (Bug: Duplicated Query getredash/redash#1196)
• dd52931 feat: hide warning on no plugins (Docs: fix typo in maintenance page title getredash/redash#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (Change: modify the argument order of moment.add function call getredash/redash#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (Does it seem to be possible to execute DDLs in Re:dash metadata? getredash/redash#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (Feature Request - Boxplot Visualization. getredash/redash#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (Is it possible to label pie charts after grouping? getredash/redash#1180)
• ec58a7c feat: the `importLoaders` can be `string` (Left Pane is not shown when database contains table that name has unicode characters (MSSQL) getredash/redash#1178)
• df490c7 test: sass-loader next (Fix: users list CLI command was broken getredash/redash#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (Add: 'list' command for org and groups CLI getredash/redash#1176)
• 4ce556a docs: fix type (Changing a parameter value in the UI causes an alert() when you haven't saved the query getredash/redash#1174)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• a7985a6 6.0.0
• be74dd9 Build: changelog update for 6.0.0
• 81aa06b Upgrade: [email protected] (#11869)
• 5f022bc Fix: no-else-return autofix produces name collisions (fixes #11069) (#11867)
• ded9548 Fix: multiline-comment-style incorrect message (#11864)
• cad074d Docs: Add JSHint W047 compat to no-floating-decimal (#11861)
• 41f6304 Upgrade: sinon (#11855)
• 167ce87 Chore: remove unuseable profile command (#11854)
• c844c6f Fix: max-len properly ignore trailing comments (fixes #11838) (#11841)
• 1b5661a Fix: no-var should not fix variables named 'let' (fixes #11830) (#11832)
• 4d75956 Build: CI with Azure Pipelines (#11845)
• 1db3462 Chore: rm superfluous argument & fix perf-multifiles-targets (#11834)
• c57a4a4 Upgrade: @ babel/polyfill => core-js v3 (#11833)
• 65faa04 Docs: Clarify prefer-destructuring array/object difference (fixes #9970) (#11851)
• 81c3823 Fix: require-atomic-updates reports parameters (fixes #11723) (#11774)
• aef8ea1 Sponsors: Sync README with website
• 4f48f5a 6.0.0-rc.0
• 6bad650 Build: changelog update for 6.0.0-rc.0
• f403b07 Update: introduce minKeys option to sort-keys rule (fixes #11624) (#11625)
• 87451f4 Fix: no-octal should report NonOctalDecimalIntegerLiteral (fixes #11794) (#11805)
• e4ab053 Update: support "bigint" in valid-typeof rule (#11802)
• e0fafc8 Chore: removes unnecessary assignment in loop (#11780)
• 20908a3 Docs: removed '>' prefix from from docs/working-with-rules (#11818)
• 1c43eef Sponsors: Sync README with website

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: node-sass

The new version differs by 90 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (Closes #3192: Add data source config options. getredash/redash#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 (client: Remove unused estraverse getredash/redash#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request ([WIP] Closes #3192: Add data source config options.  getredash/redash#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (Cypress based E2E tests getredash/redash#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (Add regenerate function of user's API key getredash/redash#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (Migrate DynamicForm to React getredash/redash#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (Improve tag link colors and fix group tags on Users page getredash/redash#3149)
• e80d4af chore: Drop EOL Node 15 (Show menu divider only if query is archived. getredash/redash#3122)
• d753397 feat: Add Node 17 support (V6 release getredash/redash#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (Some more visualizations UI updates getredash/redash#87)
• 636ebed feat: add `fallback` option (Feature: graphite query runner getredash/redash#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (Feature: pie charts getredash/redash#89)
• 2de70bb docs(README): fix typo in example (Weird behaviour when adding two widgets one after the other, to the same dashboard without refresh getredash/redash#81)
• ced5990 feat(index): add options validation (`schema-utils`) (Better support for large query results getredash/redash#78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-build-notifier

The new version differs by 43 commits.

• 6ee67a7 Updated doc comments
• f47b1bf 2.0.0 release
• 7154ebc Added code coverage ignore else
• 5a8aaf0 Fixed lint errors.
• 3818331 Added showDuration config option from master
• 7983df7 Added test mock for platform architecture.
• c04ca71 Added onComplileStart and onComplete callbacks from master
• 0b3d3b7 Removed accidantal commit
• 7c44e15 Removed accidantal commit
• 929ee09 Merge branch 'master' into release/2.0.0
• df25e60 Updated dependencies to latest.
• 69e43cd Temporarily disable failing tests.
• 76a2a87 Added test mock for process.arch
• 1a5987d Updated node-notifier to fix Toggle % stacking isn't a toggle getredash/redash#43; added test coverage.
• e153dd8 Updated changelog and package version
• d6b7feb Merge pull request User should be able to download a dataset from a dashboard getredash/redash#49 from yoavain/add-duration-to-notification
• 510f9cd Build time in notification
• db6552f Updated node-notifier dependency to latest version to fix when clicking "save" query (codemirror) text box gets cleared getredash/redash#45.
• b39b4a1 Merge pull request Chart results do not update on additional executions getredash/redash#44 from RoccoC/feature/callbacks
• 8f65131 Fixed lint errors
• c031929 Minor cleanup for consistency, bumped version
• 75c101c Merge pull request Special characters in column names cause issues getredash/redash#42 from phyzical/feature/Adding-custom-callback-functionailty
• 61edb0d Added TODO
• 4ace475 * simplified code and added params to be passed down, allowing for the type of compilation to be hadnled in the callbaack provided

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 5aad1e7 chore(release): 4.8.0
• 28ad7ed chore(deps): bump graceful-fs from 4.2.9 to 4.2.10 (Weekly Digest (11 November, 2019 - 18 November, 2019) getredash/redash#4368)
• 7920364 feat: export initialized socket client (Update rds-combined-ca-bundle.pem getredash/redash#4304)
• 4e7800e chore: update webpack (Add CHANGELOG entry for v8.0.1 getredash/redash#4367)
• fbda2a8 chore(deps-dev): bump body-parser from 1.19.2 to 1.20.0 (Add additional aggregate functions to Counter visualization getredash/redash#4366)
• 67c080b chore(deps-dev): bump puppeteer from 13.5.1 to 13.5.2 (Fix unicode encode error by column duplicate in presto datasource getredash/redash#4361)
• 56ec411 chore(deps): bump html-entities from 2.3.2 to 2.3.3 (Add some tests for Choropleth visualization getredash/redash#4358)
• ca8a53a chore: update deps and fix audit (Azure Data Warehouse through MS SQL (ODBC) runner doesn't work on a default docker image getredash/redash#4356)
• 501f6aa chore(deps-dev): bump @ babel/runtime
• 7d2b4f0 chore(deps-dev): bump @ babel/core
• 95e26fe test: add cases for `webSocketURL` with `server` option (phoenix does not work with phoenixdb=0.7 getredash/redash#4346)
• 84b4774 chore: migrate script for examples on `setupMiddlewares` option (password reset link error  getredash/redash#4347)
• a7ccab1 chore: replace deprecated String.prototype.substr() (Weekly Digest (4 November, 2019 - 11 November, 2019) getredash/redash#4343)
• 1bf2614 chore(deps-dev): bump lint-staged from 12.3.6 to 12.3.7 (Fix the DB migration so that the correct key is used for encrypting DS credentials getredash/redash#4344)
• 188497a chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 (GoogleSheets: Allow tab selection by name getredash/redash#4339)
• 7560a37 chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.6 (Widgets API is called when loading a dashboard getredash/redash#4341)
• dc2d6f7 chore(deps): bump http-proxy-middleware from 2.0.3 to 2.0.4 (Feature/last x days parameter getredash/redash#4333)
• 552e4ab chore(deps-dev): bump @ babel/runtime
• af3de07 chore(deps-dev): bump @ babel/core
• a80fa1f chore(deps): bump @ types/ws
• 457e1e5 chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 (Weekly Digest (28 October, 2019 - 4 November, 2019) getredash/redash#4334)
• b48ff7f chore(deps-dev): bump puppeteer from 13.5.0 to 13.5.1 (Query page title isn't shown on mobile in some scenarios getredash/redash#4330)
• 3ce15d4 chore(deps-dev): bump puppeteer from 13.4.1 to 13.5.0 (Cohort visualization isn't using the same font as the rest of the application getredash/redash#4329)
• a892235 chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 (Line Chart Groups Don't Auto Sort Correctly getredash/redash#4328)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 [Regular Expre...