[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-POLISHED-1298071	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URIJS-1319803	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-URIJS-1319806	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: react-jsonschema-form

The new version differs by 59 commits.

• 58a3534 Bump version v1.3.0
• 2a6b830 Limit cases where "required" attribute is used on checkboxes (typo fix to Update countries.md apache/superset#1194)
• 1651066 Add the full source maps by default for development (Adding a 'Misc Charts' dashboard as part of the examples apache/superset#1208)
• 10a6b64 Bug Fix empty html useless added by PR Fixing druid culster perms to mirror sqla databases apache/superset#1123 / v1.2.0 (Testing in progress apache/superset#1158)
• 92233e4 Add more schemas to validate against (models: fix slice creation apache/superset#1130)
• aebfab9 Improve handling of decimal points and trailing zeroes in numbers ([docs] improve security section around managing roles apache/superset#1183)
• 07decc5 Merge branch 'master' of https://github.com/mozilla-services/react-jsonschema-form
• c355ddb Merge branch 'huhuaaa-feature/fix-enum-empty-bug'
• 5aaf863 test: fix tests
• 9153444 Merge branch 'feature/fix-enum-empty-bug' of https://github.com/huhuaaa/react-jsonschema-form into huhuaaa-feature/fix-enum-empty-bug
• a7be6ee Remove build:readme script and toctoc dep (Download button, share button, and url shortener button stay not in sync with visualization while editing apache/superset#1189)
• f9d4c63 Fix multiple bugs related to switching between anyOf/oneOf options (--WIP-- add faves/starred things to /welcome apache/superset#1169)
• 4d17bd8 test: move the test to the right file
• bece2a5 Generate code coverage reports using nyc (Embedded Dashboards apache/superset#1170)
• aa862ab test: add enum test
• 59038c0 Submit event should return original event as second param (Bring DB in sync with the models.py apache/superset#1172)
• 919a164 Add various always-ignore files and directories to .gitignore (Druid metadata cannot be retrieved when the whole dataset has the same timestamp apache/superset#1171)
• 6e79281 Infer field type from const value ([sqllab] db migration - setting Database.allow_run_sync=True apache/superset#1174)
• b481f58 Oops, bump version in package-lock.json too
• a1eedfb Bump v1.2.1
• 54091b1 style: npm run cs-format
• f999547 Fixed a bug.The selector have a empty option, when use enum and the default value is 0 or false or ''.
• 174e136 Fix uiSchema for additionalProperties (Clicking on a user's role who is not active and making them active fires an error apache/superset#1144)
• 2368740 replace submit button paragraph tag with div (Warn the users about duplicate countries in the Worldmap apache/superset#766)

See the full diff

Package name: react-markdown

The new version differs by 18 commits.

• 45b9977 5.0.0
• eeea3c2 Update `changelog.md`
• 5d6c9f1 Refactor scripts
• d29478f Add type tests
• 4f5dbe2 Add note
• 7a5e3a1 Add `allowDangerousHtml`, preferred over `escapeHtml`
• 2675ae2 Remove docs on `source`
• 34b0883 Change default branch to `main`
• 22a5e49 Refactor and test for 100% coverage
• b3aa6e0 Rewrite readme for unified, more examples
• a9f163d Move demo to `website` branch
• 4f1a407 Change to clean project, update, refactor scripts
• ebebf51 Upgrade remark to version 8, unified to version 9
• e400f6f Upgrade to remark-parse@6
• 3260f57 Run tests on node 12
• 6eff8d1 Pass AST node to all non-tag/non-fragment renderers as prop
• ca25be1 Fix link to demo in readme
• 9b4eb84 Updated remark-parse github link (Fixing issue #444 color function chokes on non-string param apache/superset#447)

See the full diff

Package name: urijs

The new version differs by 6 commits.

• 19e54c7 chore(build): bumping to version 1.19.7
• 547d4b6 build: update jquery
• aab4a43 build: remove obsolete build tools
• ac43ca8 fix(parse): more backslash galore Adding support for Druid post aggregations (continued) apache/superset#410
• 622db6d docs: add security policy
• 8e51b00 fix(parse): prevent overwriting __proto__ in parseQuery()

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. For admin, please label this issue .pinned to prevent stale bot from closing the issue.