[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/components/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	402/1000 Why? Proof of Concept exploit, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	Yes	Proof of Concept
	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	Yes	Proof of Concept
	372/1000 Why? Proof of Concept exploit, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	130/1000 Why? CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	/1000 Why?	Command Injection SNYK-JS-SIMPLEGIT-2421199	Yes	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SIMPLEGIT-2434306	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chromatic

The new version differs by 250 commits.

• aebf072 5.6.1
• 91dbb1e Release 5.6.1
• 2a45bcf Update localtunnel dependency to fix Axios vulnerability
• f5ae911 5.6.1-rc.0
• e1e312d 5.6.0
• 9ebf2b6 Update changelog
• b61ba5c Add npm version badge.
• ee650a4 5.6.0-rc.0
• 361871b Update changelog
• a5fabfa Update changelog
• f1f0046 Merge pull request [Snyk] Security upgrade socket.io-client from 2.5.0 to 3.0.0 #231 from SasanFarrokh/patch-1
• c40a0db Merge pull request [Snyk] Security upgrade overmind-devtools from 19.0.1 to 29.0.0 #193 from chromaui/record-repo-slug
• ab0ffb8 Merge branch 'next' into record-repo-slug
• 0ad731d Merge pull request [Snyk] Security upgrade react-error-overlay from 1.0.10 to 2.0.0 #228 from chromaui/dependabot/npm_and_yarn/node-notifier-8.0.1
• edc8a68 Merge branch 'next' into patch-1
• c131e0f Merge branch 'next' into record-repo-slug
• 7588430 Update changelog
• bb55b6a Merge pull request [Snyk] Security upgrade karma from 3.0.0 to 6.0.0 #233 from chromaui/branch-name-flag
• a30f4e5 Merge branch 'next' into branch-name-flag
• 1f0f314 Bump node-notifier from 8.0.0 to 8.0.1
• 9df6116 Merge pull request [Snyk] Fix for 1 vulnerabilities #237 from chromaui/fix-spawn-params
• 1c178ad Support ownerName prefix in --branch-name flag.
• 7b80bd5 Ensure we get integers.
• 53e6500 5.5.1-dev.1

See the full diff

Package name: simple-git

The new version differs by 86 commits.

• 66c903c Merge pull request [Snyk] Security upgrade chromatic from 4.0.3 to 5.3.0 #776 from steveukx/changeset-release/main
• 4fc3747 Version Packages
• 9665dee Merge pull request [Snyk] Security upgrade vscode from 1.1.0 to 1.1.37 #775 from steveukx/snyk/clone
• 2040de6 Prevent use of `--upload-pack` as a command in `git.clone` to avoid potential accidental command execution.
• 9bf9baa Merge pull request [Snyk] Security upgrade nodemon from 1.19.4 to 2.0.0 #772 from steveukx/changeset-release/main
• 64c41db Version Packages
• 357b4de Merge pull request [Snyk] Security upgrade vscode from 1.0.1 to 1.1.37 #771 from steveukx/feat/status-with-nulls
• ed412ef Status Summary should use null terminators to allow files with spaces in their names
• 94c2462 Merge pull request [Snyk] Fix for 2 vulnerabilities #768 from steveukx/changeset-release/main
• 9113366 Version Packages
• 372efa0 Merge pull request [Snyk] Fix for 2 vulnerabilities #767 from steveukx/feat/fix-fetch-snyk
• d119ec4 Prevent use of `--upload-pack` as a command in `git.fetch` to avoid potential accidental command execution.
• e4ff627 Merge pull request [Snyk] Security upgrade semantic-release from 15.13.1 to 17.0.1 #761 from steveukx/changeset-release/main
• fcc7618 Version Packages
• 7c24bb0 Merge pull request [Snyk] Fix for 2 vulnerabilities #760 from steveukx/fix/project-readme
• 80651d5 Remove pre-publish step of copying `readme.md`, no longer required
• 0d0c198 Merge pull request [Snyk] Security upgrade @typescript-eslint/eslint-plugin from 4.2.0 to 5.10.0 #759 from steveukx/changeset-release/main
• 6838e24 Version Packages
• d53875f Merge pull request [Snyk] Security upgrade sass-formatter from 0.4.15 to 0.7.4 #758 from steveukx/fix/project-readme
• ac4f38f Move workspace readme into the `simple-git` package, symlink to it from the workspace
• e9f0461 Move workspace readme into the `simple-git` package, symlink to it from the workspace
• bcfa6f8 Merge pull request [Snyk] Security upgrade parcel-bundler from 1.9.7 to 1.12.5 #756 from steveukx/changeset-release/main
• 7a29566 Version Packages
• 50a8a6b Merge pull request [Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #755 from steveukx/release-attempt

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)