deps: update to fixed semver

[legobeat]

Explanation

Resolves:

└─ semver
   ├─ ID: 1093264
   ├─ Issue: semver vulnerable to Regular Expression Denial of Service
   ├─ URL: https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
   ├─ Severity: moderate
   ├─ Vulnerable Versions: >=7.0.0 <7.5.2
   │
   ├─ Tree Versions
   │  └─ 7.3.7
   │
   └─ Dependents
      └─ @truffle/codec@npm:0.14.12

Manual Testing Steps

Pre-merge author checklist

• I've clearly explained:
  • What problem this PR is solving
  • How this problem was solved
  • How reviewers can test my changes
• Sufficient automated test coverage has been added

Pre-merge reviewer checklist

• Manual testing (e.g. pull and build branch, run in browser, test code being changed)
• PR is linked to the appropriate GitHub issue
• IF this PR fixes a bug in the release milestone, add this PR to the release milestone

If further QA is required (e.g. new feature, complex testing steps, large refactor), add the Extension QA Board label.

In this case, a QA Engineer approval will be be required.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[socket-security]

Updated and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
addons-linter	5.32.0...6.12.0	None	+7/-12	20.2 MB	addons-robot
@truffle/decoder	5.5.0...6.1.3	None	+2/-9	2.9 MB	haltman

🚮 Removed packages: @truffle/codec@0.14.17, ganache@7.0.4

[legobeat]

Some issue parsing @truffle/decoders axios:

[main] scripts:core:dist:standardEntryPoints: Bundling failed! See details below.
[main] scripts:core:dist:standardEntryPoints: [SyntaxError: 'import' and 'export' may appear only with 'sourceType: module'] {
[main]   line: 1,
[main]   column: 1,
[main]   annotated: '\n' +
[main]     '/app/node_modules/@truffle/decoder/node_modules/axios/index.js:1\n' +
[main]     "import axios from './lib/axios.js';\n" +
[main]     '^\n' +
[main]     "ParseError: 'import' and 'export' may appear only with 'sourceType: module'",
[main]   stream: Labeled {
[main]     _readableState: ReadableState {
[main]       objectMode: true,
[main]       highWaterMark: 16,
[main]       buffer: BufferList { length: 0 },
[main]       length: 0,
[main]       pipes: [Labeled],
[main]       pipesCount: 1,
[main]       flowing: true,
[main]       ended: false,
[main]       endEmitted: false,
[main]       reading: true,
[main]       sync: false,
[main]       needReadable: true,
[main]       emittedReadable: false,
[main]       readableListening: false,
[main]       resumeScheduled: false,
[main]       destroyed: false,
[main]       defaultEncoding: 'utf8',
[main]       awaitDrain: 0,
[main]       readingMore: false,
[main]       decoder: null,
[main]       encoding: null
[main]     },
[main]     readable: true,
[main]     _events: [Object: null prototype] {
[main]       end: [Array],
[main]       finish: [Function],
[main]       error: [Function (anonymous)],
[main]       data: [Function: ondata],
[main]       _mutate: [Function]
[main]     },
[main]     _eventsCount: 5,
[main]     _maxListeners: undefined,
[main]     _writableState: WritableState {
[main]       objectMode: true,
[main]       highWaterMark: 16,
[main]       finalCalled: false,
[main]       needDrain: false,
[main]       ending: false,
[main]       ended: false,
[main]       finished: false,
[main]       destroyed: false,
[main]       decodeStrings: true,
[main]       defaultEncoding: 'utf8',
[main]       length: 1,
[main]       writing: true,
[main]       corked: 0,
[main]       sync: true,
[main]       bufferProcessing: false,
[main]       onwrite: [Function (anonymous)],
[main]       writecb: [Function: nop],
[main]       writelen: 1,
[main]       bufferedRequest: null,
[main]       lastBufferedRequest: null,
[main]       pendingcb: 1,
[main]       prefinished: false,
[main]       errorEmitted: false,
[main]       bufferedRequestCount: 0,
[main]       corkedRequestsFree: [CorkedRequest]
[main]     },
[main]     writable: true,
[main]     allowHalfOpen: true,
[main]     _options: { objectMode: true },
[main]     _wrapOptions: { objectMode: true },
[main]     _streams: [ [DestroyableTransform] ],
[main]     length: 1,
[main]     label: 'syntax',
[main]     [Symbol(kCapture)]: false
[main]   }
[main] }
[main] MetaMask build: Encountered an error while running task "scripts:dist".
[main] Error: MetaMask build: runInChildProcess for task "scripts:core:dist:standardEntryPoints" encountered an error "1".
[main]     at ChildProcess.<anonymous> (/app/development/build/task.js:96:13)
[main]     at Object.onceWrapper (node:events:628:26)
[main]     at ChildProcess.emit (node:events:513:28)
[main]     at ChildProcess._handle.onexit (node:internal/child_process:291:12)
[main] yarn build:dev scripts:dist --policy-only --lint-fence-files=false --build-type=main exited with code 1

https://app.circleci.com/pipelines/github/MetaMask/metamask-extension/55584/workflows/727c829e-19e0-45af-b6bf-1530c217c7ab/jobs/1662199

[legobeat]

It's complaining about this line: https://github.com/axios/axios/blob/6600d51e6bbb7db984484ea09f62ec22f9044ed8/index.js#L1

https://github.com/axios/axios/blob/6600d51e6bbb7db984484ea09f62ec22f9044ed8/package.json#L23 (probably not relevant)

babel/babelify#294
babel/babelify#103

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity in the last 60 days. It will be closed in 14 days. Thank you for your contributions.

[github-actions]

This PR was closed because there has been no follow up activity in the last 14 days. Thank you for your contributions.