Bump loader-utils, next and @storybook/react

[dependabot[bot]]

Bumps loader-utils to 2.0.4 and updates ancestor dependencies loader-utils, next and @storybook/react. These dependencies need to be updated together.

Updates loader-utils from 1.4.0 to 2.0.4

Release notes

Sourced from loader-utils's releases.

v2.0.4

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

v1.4.2

1.4.2 (2022-11-11)

Bug Fixes

• ReDoS problem (#226) (17cbf8f)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

2.0.4 (2022-11-11)

Bug Fixes

• ReDoS problem (#225) (ac09944)

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

Commits

• 6688b50 chore(release): 2.0.4
• ac09944 fix: ReDoS problem (#225)
• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• 5fb5562 chore(release): 2.0.1
• 1069f61 fix: md4 support on Node.js v17 (#193)
• d9f4e23 chore(release): 2.0.0
• 865dc03 refactor: switch to md4 by default (#168)
• Additional commits viewable in compare view

Updates next from 9.4.4 to 13.0.4

Release notes

Sourced from next's releases.

v13.0.4

Core Changes

• Show link to the docs for route segment config options: #42779
• fix: Fix regression of swc minifier: #42790
• Add additional item to RSC payload, preparing for head.tsx on navigation: #42791
• Use window.location directly instead of parsing into URL: #42888
• feat(next-swc/relay): Add javascript to language: #42894
• types(#42003): better typing for next/link: #42117
• Ensure query is provided correctly with middleware rewrites: #42818
• feat(next/swc): allow to run custom turbopack binary: #42656
• fix: Error: NEXT_REDIRECT crashing server in prod: #42793
• Update caching for swc turbo builds: #42929
• Handle head.js on client-side navigation: #42904
• feat(jest): respect transpilePackages in tests: #42987
• App files ending with page registred as page files: #42996
• Allow generateStaticParams to be a synchronous function in app directory: #42942
• chore(eslint-config-next): bump eslint-import-resolver-typescript: #43010
• Ensure next.config.js function is handled for turbo: #43015
• Fix app page check on windows: #43022
• Add middleware prefetching config: #42936
• Fix middleware prefetch cases: #43056
• Ensure backslash is correctly handled in find-page-file: #43057
• Fix app render: escape segment value #42626: #42823

Documentation Changes

• docs: fix middleware docs cookie example: #42816
• Update docs/advanced-features/debugging.md: #42842
• docs(edge-api-routes): fixes example: #42903
• Update SFCC example to use TypeScript + @next/font: #42865
• Add more details to invalid-next-config doc: #42917
• typo: #42968
• Document regions config for experimental-edge: #43009
• docs: Add examples of using multiple weights and styles: #43031

Example Changes

• chore(examples): next/future/image -> next/image: #42794
• docs(examples): auth0 update callback URL: #42855
• Updates Apollo Server Examples to use Apollo Server 4 & @​as-integrations/next: #42771
• Improve with-algolia-react-instantsearch example and convert to TypeScript: #42617
• Convert blog cover images to next/image: #42908
• Make cover image full width: #42916
• Convert with-app-layout example to TypeScript: #42930
• Tigris example with Next.js: #42662
• feat(examples): with-grafbase: #42898
• docs(examples): add postgres.js example: #42962
• Remove with-atlaskit example: #42973
• Remove with-carbon-components example: #42976

... (truncated)

Commits

• 58fa90f v13.0.4
• ef81fc3 v13.0.4-canary.5
• 4d2b7e5 Fix app render: escape segment value #42626 (#42823)
• 22b16e1 Ensure backslash is correctly handled in find-page-file (#43057)
• 2f744a1 Fix middleware prefetch cases (#43056)
• cb8eeef Update build-wasm to checkout directly (#43054)
• ed4a148 v13.0.4-canary.4
• 0440404 feat(examples): use experimental edge runtime with grafbase (#42992)
• 533c242 Add middleware prefetching config (#42936)
• 07d3da1 Convert with-cssed, with-csx, with-styled-jsx examples to TypeScript (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by vercel-release-bot, a new releaser for next since your current version.

Updates @storybook/react from 5.3.19 to 6.5.13

Release notes

Sourced from @​storybook/react's releases.

v6.5.13

Bug Fixes

• Telemetry: Send start/build events even when there is no generator #19507
• Telemetry: Fix inconsistent debug #19509
• Addon-docs: Pass remarks plugins to mdx loader #18740
• Angular: Alias decorateStory as applyDecorators #19189

v6.5.13-alpha.1

Bug Fixes

• Telemetry: Send start/build events even when there is no generator #19507
• Telemetry: Fix inconsistent debug #19509

v6.5.13-alpha.0

Bug Fixes

• Addon-docs: Pass remarks plugins to mdx loader #18740
• Angular: Alias decorateStory as applyDecorators #19189

v6.5.12

Bug Fixes

• React: Fix issue with react 18 implementation #19125

v6.5.11

Bug Fixes

• CLI: Fix race condition in sb init #19083
• Core: Fix WebProjectAnnotations export in preview-web for back-compat #19048
• Addon-interactions: Fix IE support by replacing array includes #18993
• Vue: Fix enum check in extractArgTypes #18959
• React: Fix callback behavior in react@18 #18737
• Store: always call composeConfigs in setProjectAnnotations #18916
• Telemetry: improve addon extraction logic #18868
• Addon-docs: Check for undefined before reading property in extractArgTypes.ts #18710nance

v6.5.11-alpha.2

Bug Fixes

• CLI: Fix race condition in sb init #19083
• Core: Fix WebProjectAnnotations export in preview-web for back-compat #19048
• Addon-interactions: Fix IE support by replacing array includes #18993

v6.5.11-alpha.1

Bug Fixes

• Vue: Fix enum check in extractArgTypes #18959

v6.5.11-alpha.0

... (truncated)

Changelog

Sourced from @​storybook/react's changelog.

6.5.13 (October 24, 2022)

Bug Fixes

• Telemetry: Send start/build events even when there is no generator #19507
• Telemetry: Fix inconsistent debug #19509
• Addon-docs: Pass remarks plugins to mdx loader #18740
• Angular: Alias decorateStory as applyDecorators #19189

6.5.13-alpha.1 (October 24, 2022)

Bug Fixes

• Telemetry: Send start/build events even when there is no generator #19507
• Telemetry: Fix inconsistent debug #19509

6.5.13-alpha.0 (September 28, 2022)

Bug Fixes

• Addon-docs: Pass remarks plugins to mdx loader #18740
• Angular: Alias decorateStory as applyDecorators #19189

6.5.12 (September 14, 2022)

Bug Fixes

• React: Fix issue with react 18 implementation #19125

6.5.11 (September 13, 2022)

Bug Fixes

• CLI: Fix race condition in sb init #19083
• Core: Fix WebProjectAnnotations export in preview-web for back-compat #19048
• Addon-interactions: Fix IE support by replacing array includes #18993
• Vue: Fix enum check in extractArgTypes #18959
• React: Fix callback behavior in react@18 #18737
• Store: always call composeConfigs in setProjectAnnotations #18916
• Telemetry: improve addon extraction logic #18868
• Addon-docs: Check for undefined before reading property in extractArgTypes.ts #18710nance

6.5.11-alpha.2 (September 7, 2022)

Bug Fixes

• CLI: Fix race condition in sb init #19083
• Core: Fix WebProjectAnnotations export in preview-web for back-compat #19048
• Addon-interactions: Fix IE support by replacing array includes #18993

... (truncated)

Commits

• 9bc627d v6.5.13
• ef45ce7 Update git head to 6.5.13-alpha.1, update yarn.lock [ci skip]
• 03f5ebe v6.5.13-alpha.1
• fc66892 Update git head to 6.5.13-alpha.0, update yarn.lock [ci skip]
• 1423ff5 v6.5.13-alpha.0
• ad38b6b Update git head to 6.5.12, update yarn.lock [ci skip]
• e3991cb v6.5.12
• 6b2bd0a Merge pull request #19125 from storybookjs/react-18-followup
• 5be644b Update git head to 6.5.11, update yarn.lock [ci skip]
• db56a25 v6.5.11
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[guardrails[bot]]

:warning: We detected 8 security issues in this pull request:

Vulnerable Libraries (8)

Severity	Details
Critical	pkg:npm/[email protected]@1.4.2 (t) - no patch available
Medium	pkg:npm/[email protected]@7.0.39 (t) - no patch available
High	pkg:npm/[email protected]@1.0.0 (t) upgrade to: 3.0.1,4.0.1
High	pkg:npm/[email protected]@4.2.4 (t) - no patch available
Critical	pkg:npm/[email protected]@3.17.4 (t) - no patch available
High	@storybook/[email protected] upgrade to: >=6.1.21
High	[email protected] (t) upgrade to: >5.0.0
High	[email protected] (t) upgrade to: >4.46.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.