[Snyk] Upgrade focus-trap from 6.3.0 to 6.9.4

[NOUIY]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade focus-trap from 6.3.0 to 6.9.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 19 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2022-06-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Improper Input Validation SNYK-JS-XMLDOM-3092935	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-PLIST-2405644	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	No Known Exploit
	Prototype Pollution SNYK-JS-XMLDOM-3042242	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	No Known Exploit
	Improper Input Validation SNYK-JS-XMLDOM-1534562	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	No Known Exploit
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Information Exposure SNYK-JS-LOG4JS-2348757	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	No Known Exploit
	Prototype Pollution SNYK-JS-FLAT-596927	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	669/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 9.8	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: focus-trap

• 6.9.4 - 2022-06-09
  

  Patch Changes

  • f68882e: Fix docs and typings to clarify that initialFocus, fallbackFocus, and setReturnFocus options can be functions that also return selector strings.
• 6.9.3 - 2022-05-25
  

  Patch Changes

  • 8a8b1f1: Bump tabbable to v5.3.3 to pick up a small bug fix to web component (shadow DOM) support.
• 6.9.2 - 2022-05-10
  

  Patch Changes

  • ef0ce48: Handle unexpected param (true) passed as the value for the initialFocus, fallbackFocus, and setReturnFocus options: Ignore and perform default behavior.
• 6.9.1 - 2022-05-06
  

  Patch Changes

  • 83262a7: Bumps tabbable to v5.3.2 to pick-up a fix to displayCheck=full (default) option behavior that caused issues with detached nodes.
• 6.9.0 - 2022-04-28
  

  Minor Changes

  • 2a57e4b: Add new trap.active and trap.paused readonly state properties on the trap so that the trap's active/paused state can be queried.

  Patch Changes

  • 8fd49df: Fixed bug where clickOutsideDeactivate handler would get called on the 'click' event even if the node clicked was in the trap. As with 'mousedown' and 'touchstart' events where this option is also used, the handler should only get called if the target node is outside the trap.
  • c32c60a: Fixed: onDeactivate, onPostDeactivate, and checkCanReturnFocus options originally given to createFocusTrap() were not being used by default when calling trap.deactivate({...}) with an option set even if that option set didn't specify any overrides of these options.
• 6.8.1 - 2022-04-22
  

  Patch Changes

  • 7c86111:
    • Bump tabbable to ^5.3.1 (fixing previous update which was incorrectly set to 5.3.0).
    • Fix tabbableOptions not being used in all internal uses of tabbable APIs.
    • Expose displayCheck option in tabbableOptions typings and pass it through to tabbable APIs.
    • Add info to README about testing traps in JSDom (which is not officially supported).
• 6.8.0 - 2022-04-20
  

  Minor Changes

  • 21458c9: Bumps tabbable to v5.3.0 and includes all changes from the past v6.8.0 beta releases. The big new feature is opt-in Shadow DOM support in tabbable, and a new getShadowRoot tabbable option exposed in a new tabbableOptions focus-trap config option.
• 6.8.0-beta.2 - 2022-03-12
• 6.8.0-beta.1 - 2022-02-12
  

  6.8.0-beta.1

• 6.8.0-beta.0 - 2022-01-28
  

  6.8.0-beta.0

• 6.7.3 - 2022-02-09
  

  Patch Changes

  • ab20d3d: Fix issue with focusing negative tabindex node and then tabbing away when this node is not the last node in the trap's container ((#611)[https://github.com//issues/611])
• 6.7.2 - 2022-01-12
• 6.7.1 - 2021-09-27
• 6.7.0 - 2021-09-24
• 6.6.1 - 2021-08-14
• 6.6.0 - 2021-07-01
• 6.5.1 - 2021-06-18
• 6.5.0 - 2021-06-07
• 6.4.0 - 2021-04-20
• 6.3.0 - 2021-01-16

from focus-trap GitHub release notes

Commit messages

Package name: focus-trap

• bceabad Version Packages ([Snyk] Upgrade eslint-plugin-prettier from 3.0.1 to 3.4.1 #718)
• f68882e Fix docs and typings for initialFocus, fallbackFocus, setReturnFocus ([Snyk] Upgrade colors from 1.1.2 to 1.4.0 #717)
• f4c8a6c [DEPENDABOT]: Bump @ babel/core from 7.18.0 to 7.18.2 ([Snyk] Upgrade terser from 3.10.8 to 3.17.0 #715)
• 7ef514a [DEPENDABOT]: Bump eslint from 8.16.0 to 8.17.0 ([Snyk] Upgrade webdriverio from 5.9.2 to 5.23.0 #710)
• a506fa3 [DEPENDABOT]: Bump typescript from 4.7.2 to 4.7.3 ([Snyk] Upgrade simple-git from 2.11.0 to 2.48.0 #711)
• 41fd7a9 [DEPENDABOT]: Bump rollup from 2.74.1 to 2.75.6 ([Snyk] Upgrade nock from 13.0.2 to 13.5.4 #712)
• b433cb4 [DEPENDABOT]: Bump eslint-plugin-jest from 26.2.2 to 26.5.3 ([Snyk] Upgrade eslint-plugin-import from 2.17.2 to 2.29.1 #713)
• 1f0b973 [DEPENDABOT]: Bump @ testing-library/cypress from 8.0.2 to 8.0.3 ([Snyk] Upgrade @octokit/request from 5.4.5 to 5.6.3 #714)
• d55f2f2 [DEPENDABOT]: Bump @ babel/eslint-parser from 7.17.0 to 7.18.2 ([Snyk] Upgrade glob from 7.0.3 to 7.2.3 #716)
• 72fff2d Version Packages ([Snyk] Upgrade etch from 0.9.0 to 0.14.1 #709)
• 8a8b1f1 Bump tabbable to v5.3.3 ([Snyk] Upgrade publish-release from 1.6.0 to 1.6.1 #708)
• 716f7b5 [DEPENDABOT]: Bump cypress from 9.6.1 to 9.7.0 ([Snyk] Upgrade @azure/storage-blob from 12.8.0 to 12.17.0 #702)
• b1795cd [DEPENDABOT]: Bump @ babel/preset-env from 7.17.12 to 7.18.2 ([Snyk] Upgrade request from 2.87.0 to 2.88.2 #707)
• 4ae99ae [DEPENDABOT]: Bump @ babel/core from 7.17.12 to 7.18.0 ([Snyk] Upgrade @octokit/rest from 15.9.5 to 15.18.3 #703)
• 0f0a64b [DEPENDABOT]: Bump typescript from 4.6.4 to 4.7.2 ([Snyk] Upgrade glob from 7.0.3 to 7.2.3 #704)
• 951366f [DEPENDABOT]: Bump rollup from 2.73.0 to 2.74.1 ([Snyk] Upgrade semver from 5.3.0 to 5.7.2 #705)
• 437592a [DEPENDABOT]: Bump eslint from 8.15.0 to 8.16.0 ([Snyk] Upgrade request-promise-native from 1.0.5 to 1.0.9 #706)
• b20b587 [DEPENDABOT]: Bump @ babel/core from 7.17.10 to 7.17.12 ([Snyk] Upgrade atom-package-manager from 2.6.2 to 2.6.5 #697)
• 6cf5606 [DEPENDABOT]: Bump eslint-plugin-jest from 26.1.5 to 26.2.2 ([Snyk] Upgrade postcss from 8.2.10 to 8.4.35 #696)
• 6faf542 [DEPENDABOT]: Bump rollup from 2.72.1 to 2.73.0 ([Snyk] Upgrade @azure/storage-blob from 12.8.0 to 12.17.0 #698)
• 4917fc5 [DEPENDABOT]: Bump @ babel/preset-env from 7.17.10 to 7.17.12 ([Snyk] Upgrade postcss from 8.2.10 to 8.4.35 #699)
• d452918 [DEPENDABOT]: Bump cypress from 9.6.0 to 9.6.1 ([Snyk] Upgrade @azure/storage-blob from 12.8.0 to 12.17.0 #694)
• 63cd254 [DEPENDABOT]: Bump rollup from 2.71.1 to 2.72.1 ([Snyk] Upgrade @azure/storage-blob from 12.8.0 to 12.17.0 #693)
• 53a1cf1 [DEPENDABOT]: Bump eslint from 8.14.0 to 8.15.0 ([Snyk] Upgrade @azure/storage-blob from 12.8.0 to 12.17.0 #695)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs