devDeps: squirrelly 9

[legobeat]

Explanation

CVE-2021-32819 / GHSA-q8j6-pwqx-pm96

Change (guess who 😉): squirrellyjs/squirrelly#254

v9 release notes: https://github.com/squirrellyjs/squirrelly/releases/tag/v9.0.0

Testing instructions

$ yarn dist
$ yarn start

TODO:

• port custom patch

Pre-merge author checklist

• I've clearly explained:
  • What problem this PR is solving
  • How this problem was solved
  • How reviewers can test my changes
• Sufficient automated test coverage has been added

Pre-merge reviewer checklist

• Manual testing (e.g. pull and build branch, run in browser, test code being changed)
• PR is linked to the appropriate GitHub issue
• IF this PR fixes a bug in the release milestone, add this PR to the release milestone

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Critical CVE	✅ 0 issues
CVE	✅ 0 issues
Mild CVE	✅ 0 issues
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Filesystem access	✅ 0 issues
Network access	✅ 0 issues
Shell access	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
GitHub dependency	✅ 0 issues
No bug tracker	✅ 0 issues
No contributors or author data	✅ 0 issues
No README	✅ 0 issues
Deprecated	✅ 0 issues
New author	✅ 0 issues
Unstable ownership	✅ 0 issues
Non-existent author	✅ 0 issues
Unmaintained	✅ 0 issues
Unpublished package	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues
AI detected security risk	✅ 0 issues
AI warning	✅ 0 issues

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
squirrelly@9.0.0	8.0.8...9.0.0	None	+0/-0	nebrelbug

[codecov]

Codecov Report

Merging #19113 (47b4932) into develop (49f8052) will decrease coverage by 0.01%.
The diff coverage is n/a.

❗ Current head 47b4932 differs from pull request most recent head d86d9bb. Consider uploading reports for the commit d86d9bb to get more accurate results

@@             Coverage Diff             @@
##           develop   #19113      +/-   ##
===========================================
- Coverage    70.09%   70.08%   -0.01%     
===========================================
  Files          963      963              
  Lines        37222    37222              
  Branches      9622     9622              
===========================================
- Hits         26089    26087       -2     
- Misses       11133    11135       +2     

see 2 files with indirect coverage changes

[legobeat]

@kumavis ci e2e timeout errors look unrelated but merging is blockeddue to not all checks passing. Should I do a no-diff force-push to retrigger the flakey test?

EDIT: Had to do it anyway due to merge-conflict. Nothing should be changed here from last review round.