[Snyk] Fix for 2 vulnerabilities

[rusackas]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/package.json
  • superset-frontend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ASYNCVALIDATOR-2311201	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: antd

The new version differs by 250 commits.

• 870b72a docs: 4.17.0 changelog (#32859)
• 3a5b6b8 chore(deps-dev): bump stylelint-config-standard from 23.0.0 to 24.0.0 (#32866)
• 7e2dc80 chore(.gitignore):add ignore for pnpm (#32860)
• 491cc4f fix: borderLeftRadius error for Input.Search #32808 (#32812)
• 958df3d docs: add demo for Input.Group (#32837)
• ce006bd docs: Version Robin (#32830)
• 3f495bb chore: Upgrade react router v6 (#32821)
• 43569b9 docs: update customize-theme-variable.zh-CN.md
• 7ed7c60 style: fix Tree icon align bug (#32822)
• 01887b4 fix: if breadcrumbRender return false, breadcrumb will hidden (#32738)
• 5f642cb fix: tag animation demo (#32804)
• 852a451 chore(Tag): update tween-one (#32800)
• 90aff3a docs: fix Spin API ts description (#32786)
• 8a3b5d9 fix: Form horizontal broken style when select item is too long (#32778)
• a73f4a3 docs: Fix the link in Table's API doc (#32779)
• ecc54dd fix: codepen demo error using hooks (#32766)
• cf15379 docs: add 4.17.0-alpha.10 changelog (#32775)
• f7380b7 chore(deps-dev): bump eslint-plugin-unicorn from 37.0.1 to 38.0.0 (#32765)
• b1ea2e4 fix: opening animation of the bottom drawer (#32761)
• 10a8578 fix: Spin tip can be react node (#32733)
• fa65cd3 chore(deps-dev): bump @ types/gtag.js from 0.0.7 to 0.0.8 (#32746)
• f88bd4d refactor: Move part mixins less to theme instead (#32763)
• 5360722 chore: update form demo
• ea52572 chore(💄): fix issue template

See the full diff

Package name: react-jsonschema-form

The new version differs by 59 commits.

• 58a3534 Bump version v1.3.0
• 2a6b830 Limit cases where "required" attribute is used on checkboxes (typo fix to Update countries.md apache/superset#1194)
• 1651066 Add the full source maps by default for development (Adding a 'Misc Charts' dashboard as part of the examples apache/superset#1208)
• 10a6b64 Bug Fix empty html useless added by PR Fixing druid culster perms to mirror sqla databases apache/superset#1123 / v1.2.0 (Testing in progress apache/superset#1158)
• 92233e4 Add more schemas to validate against (models: fix slice creation apache/superset#1130)
• aebfab9 Improve handling of decimal points and trailing zeroes in numbers ([docs] improve security section around managing roles apache/superset#1183)
• 07decc5 Merge branch 'master' of https://github.com/mozilla-services/react-jsonschema-form
• c355ddb Merge branch 'huhuaaa-feature/fix-enum-empty-bug'
• 5aaf863 test: fix tests
• 9153444 Merge branch 'feature/fix-enum-empty-bug' of https://github.com/huhuaaa/react-jsonschema-form into huhuaaa-feature/fix-enum-empty-bug
• a7be6ee Remove build:readme script and toctoc dep (Download button, share button, and url shortener button stay not in sync with visualization while editing apache/superset#1189)
• f9d4c63 Fix multiple bugs related to switching between anyOf/oneOf options (--WIP-- add faves/starred things to /welcome apache/superset#1169)
• 4d17bd8 test: move the test to the right file
• bece2a5 Generate code coverage reports using nyc (Embedded Dashboards apache/superset#1170)
• aa862ab test: add enum test
• 59038c0 Submit event should return original event as second param (Bring DB in sync with the models.py apache/superset#1172)
• 919a164 Add various always-ignore files and directories to .gitignore (Druid metadata cannot be retrieved when the whole dataset has the same timestamp apache/superset#1171)
• 6e79281 Infer field type from const value ([sqllab] db migration - setting Database.allow_run_sync=True apache/superset#1174)
• b481f58 Oops, bump version in package-lock.json too
• a1eedfb Bump v1.2.1
• 54091b1 style: npm run cs-format
• f999547 Fixed a bug.The selector have a empty option, when use enum and the default value is 0 or false or ''.
• 174e136 Fix uiSchema for additionalProperties (Clicking on a user's role who is not active and making them active fires an error apache/superset#1144)
• 2368740 replace submit button paragraph tag with div (build(deps): update datamaps requirement from ^0.5.8 to ^0.5.9 in /superset-frontend/plugins/legacy-plugin-chart-world-map #766)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

[codecov-commenter]

Codecov Report

Base: 66.92% // Head: 81.47% // Increases project coverage by +14.54% 🎉

Coverage data is based on head (3a5e6a5) compared to base (b773354).
Patch has no changes to coverable lines.

Additional details and impacted files

@@             Coverage Diff             @@
##           master     #290       +/-   ##
===========================================
+ Coverage   66.92%   81.47%   +14.54%     
===========================================
  Files        1805      474     -1331     
  Lines       69074    33374    -35700     
  Branches     7378        0     -7378     
===========================================
- Hits        46228    27190    -19038     
+ Misses      20940     6184    -14756     
+ Partials     1906        0     -1906     

Flag	Coverage Δ
hive	52.92% <ø> (ø)
javascript	?
mysql	78.35% <ø> (ø)
postgres	78.41% <ø> (ø)
presto	52.82% <ø> (ø)
python	81.47% <ø> (ø)
sqlite	76.90% <ø> (ø)
unit	51.06% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ugins/legacy-plugin-chart-sankey-loop/src/index.js
...t-controls/src/operators/utils/isTimeComparison.ts
...ls/DndColumnSelectControl/DndAdhocFilterOption.tsx
...et-chart-deckgl/src/layers/Geojson/controlPanel.ts
superset-frontend/src/utils/isBot.ts
...gins/legacy-preset-chart-nvd3/src/NVD3Controls.tsx
...uperset-frontend/src/components/Dropdown/index.tsx
...frontend/plugins/plugin-chart-table/src/Styles.tsx
...ns/plugin-chart-word-cloud/src/chart/WordCloud.tsx
...t-frontend/src/dashboard/reducers/nativeFilters.ts
... and 1321 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.