[Snyk-dev] Fix for 1 vulnerabilities

[lili2311]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • app/polymer/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/core

The new version differs by 250 commits.

• 829c72e v6.2.0
• f8bfee0 Update root, peer deps, version.ts/json to 6.2.0
• 2814acc CLI: Don't update versions.json on CLI prepare
• 637daa1 Update 6.2 changelog
• c760793 6.2 release
• 5595b1e Merge pull request Controls: Fix edge case in datetime control storybookjs/storybook#14348 from gabiseabra/fix/issue_13771
• a686a99 6.2.0-rc.13 next.json version file
• 6be8b92 Update git head to 6.2.0-rc.13
• c1dfd5b v6.2.0-rc.13
• 4ef7b5a Update root, peer deps, version.ts/json to 6.2.0-rc.13
• d954d50 6.2.0-rc.13 changelog
• 1913c92 Merge pull request [Documentation]: Update my-component-story-use-globaltype.mdx.mdx storybookjs/storybook#14390 from YozhEzhi/patch-1
• ee98e0e Merge branch 'next' of github.com:storybookjs/storybook into next
• a8aadc4 Update CHANGELOG.md
• 44eca58 Merge pull request Controls: QA fixes for Object and Color controls storybookjs/storybook#14392 from storybookjs/fix-raw-toggle
• f10ef90 Merge pull request [Documentation]: Update my-component-story-use-globaltype.js.mdx storybookjs/storybook#14391 from YozhEzhi/patch-3
• b1ee5e9 Prevent invalid initial color to be accepted as preset
• 2c6b796 Color picker can't deal with 'transparent' keyword
• 6951762 Don't show RAW toggle when data isn't representable by REJT
• 259b12a Update my-component-story-use-globaltype.js.mdx
• a8a846b Update my-component-story-use-globaltype.mdx.mdx
• 57fc3cd 6.2.0-rc.12 next.json version file
• ba0f535 Fix changelog
• 6ec5750 Update git head to 6.2.0-rc.12

See the full diff

Package name: webpack

The new version differs by 250 commits.

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• 8bf907b fix: handle ASI for export declaration
• 420cb39 fix: handle ASI for export declaration
• 844fe4b fix: ts types
• e8384b2 chore(deps-dev): bump @ types/node from 22.2.0 to 22.3.0 in the dependencies group
• 78f7842 chore(deps-dev): bump @ types/node in the dependencies group
• a2b0f9b fix: ts types
• 46cee28 feat: support `webpackIgnore` for `new URL()` construction
• 71ce863 fix: mangle destruction incorrect with export named default
• ddbea27 test: name in multi compiler mode
• 04d70cd test: name in multi compiler mode
• ebd3050 test: more
• 5cdd031 feat: support `webpackIgnore` for `new URL()` construction
• 0d856a3 fix: mangle destruction incorrect with export named default
• cb6ffaf fix: handle ASI for export named declarations

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)