[Snyk] Fix for 2 vulnerabilities

[YounixM]

Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • frontend/package.json
  • frontend/yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	833/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.8	Prototype Pollution SNYK-JS-UPLOT-6209224	No	Proof of Concept
	498/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 2.1	Regular Expression Denial of Service (ReDoS) SNYK-JS-VUETEMPLATECOMPILER-8219888	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

---

Important

Upgrade dependencies to fix vulnerabilities and update getRandomColor() in utils.ts.

• Dependencies:
  • Upgrade @signozhq/design-tokens from 0.0.8 to 1.1.4 in frontend/package.json.
  • Upgrade uplot from 1.6.26 to 1.6.31 in frontend/package.json.
• Vulnerabilities:
  • Fixes Prototype Pollution vulnerability in uplot.
  • Fixes Regular Expression Denial of Service (ReDoS) vulnerability in vue-template-compiler.
• Code Changes:
  • Update import and usage of Color to ColorType in getRandomColor() in utils.ts.

^{This description was created by for 2a6cfd5. It will automatically update as commits are pushed.}

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ ahmadshaheer
❌ snyk-bot
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Reviewed everything up to ec27a2a in 11 seconds

More details

• Looked at 22 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 3 drafted comments based on config settings.

1. frontend/package.json:45

• Draft comment:
  Ensure that the update to @signozhq/design-tokens from 0.0.8 to 1.0.0 is compatible with the rest of the codebase, as this is a major version change and may introduce breaking changes.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The PR updates dependencies to fix vulnerabilities. It's important to ensure that the updated versions are compatible with the rest of the codebase.

2. frontend/package.json:126

• Draft comment:
  Ensure that the update to uplot from 1.6.26 to 1.6.31 is compatible with the rest of the codebase, as this update addresses a security vulnerability.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The PR updates dependencies to fix vulnerabilities. It's important to ensure that the updated versions are compatible with the rest of the codebase.

3. frontend/package.json:45

• Draft comment:
  Ensure that design tokens are used consistently throughout the project to maintain design consistency.
• Reason this comment was not posted:
  Confidence changes required: 33%
  The package.json file does not contain any violations of the specified rules. The changes made are related to dependency updates, which are appropriate for the context of the PR.

Workflow ID: wflow_SQMigU9OCYF1bUpv

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Incremental review on 58224ce in 9 seconds

More details

• Looked at 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 2 drafted comments based on config settings.

1. frontend/package.json:45

• Draft comment:
  The PR description states that @signozhq/design-tokens should be upgraded to 1.0.0, but the actual version here is 1.1.3. Please ensure the description matches the changes made.
• Reason this comment was not posted:
  Comment did not seem useful.

2. frontend/package.json:45

• Draft comment:
  Ensure to use design tokens or predefined color constants instead of hardcoding color values in your components to maintain consistency in design and theming.
• Reason this comment was not posted:
  Confidence changes required: 33%
  The package.json file does not contain any violations of the specified rules. The changes made are related to dependency updates, which are not relevant to the rules provided.

Workflow ID: wflow_fe8LQXZcIln7xgP0

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Incremental review on 14b3d8f in 9 seconds

More details

• Looked at 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 2 drafted comments based on config settings.

1. frontend/package.json:45

• Draft comment:
  The version of @signozhq/design-tokens has been updated to 1.1.3 to address security vulnerabilities. Ensure that this version is compatible with the rest of your codebase.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The PR updates the version of @signozhq/design-tokens to 1.1.3 in package.json. This change is consistent with the PR description and addresses the security vulnerabilities mentioned.

2. frontend/package.json:45

• Draft comment:
  Ensure that @signozhq/design-tokens is used throughout the codebase to maintain consistency in design and theming, avoiding hardcoded color values.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The package.json file looks fine in terms of the rules provided. No hardcoded colors, inline styles, or ClickHouseReader interface issues are present here.

Workflow ID: wflow_SuqLjkJAWhhBt2o7

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Incremental review on 43470d6 in 11 seconds

More details

• Looked at 13 lines of code in 1 files
• Skipped 1 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. frontend/package.json:45

• Draft comment:
  Ensure that the updated version of @signozhq/design-tokens is compatible with other dependencies and the overall project setup. Test thoroughly after upgrading.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The PR updates the version of @signozhq/design-tokens and uplot in package.json. I need to ensure that the changes are consistent and correct.

Workflow ID: wflow_grYOKlKVhR5sv6af

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Incremental review on a8618b2 in 8 seconds

More details

• Looked at 51 lines of code in 2 files
• Skipped 1 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. frontend/src/container/ExplorerOptions/utils.ts:1

• Draft comment:

import { Color } from '@signozhq/design-tokens';

• Reason this comment was not posted:
  Confidence changes required: 10%
  The import statement for ColorType is unnecessary since ColorType is not used anywhere in the file. Removing it will clean up the code.

Workflow ID: wflow_XsAKYid90MRWrkEn

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

❌ Changes requested. Incremental review on eaf041f in 25 seconds

More details

• Looked at 51 lines of code in 2 files
• Skipped 1 files when reviewing.
• Skipped posting 0 drafted comments based on config settings.

Workflow ID: wflow_KEezEzDsED0t8mpS

---

Want Ellipsis to fix these issues? Tag @ellipsis-dev in a comment. You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[ellipsis-dev]

👍 Looks good to me! Incremental review on d76bd33 in 15 seconds

More details

• Looked at 51 lines of code in 2 files
• Skipped 1 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. frontend/src/container/ExplorerOptions/utils.ts:1

• Draft comment:
  Color is no longer used and can be removed from the import statement.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The import of Color is unnecessary after the change to ColorType. It should be removed to clean up the code.

Workflow ID: wflow_XheWuzLDFtaIVs9j

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

[ellipsis-dev]

👍 Looks good to me! Incremental review on 2a6cfd5 in 10 seconds

More details

• Looked at 33 lines of code in 2 files
• Skipped 1 files when reviewing.
• Skipped posting 1 drafted comments based on config settings.

1. frontend/src/container/ExplorerOptions/utils.ts:1

• Draft comment:
  Color is imported but not used. Consider removing it to clean up the code.
• Reason this comment was not posted:
  Confidence changes required: 50%
  The import statement for Color is no longer necessary since ColorType is being used instead. Removing unused imports is a best practice to keep the code clean and maintainable.

Workflow ID: wflow_JFifWeKK9k1KdyKc

---

You can customize Ellipsis with 👍 / 👎 feedback, review rules, user-specific overrides, quiet mode, and more.

[github-actions]

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>