[Snyk] Fix for 4 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/tsconfig-paths/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: lint-staged

The new version differs by 250 commits.

• 885a644 Merge pull request [Snyk] Fix for 3 vulnerabilities #852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request [Snyk] Fix for 1 vulnerabilities #837 from okonet/serial-git-add

See the full diff

Package name: nyc

The new version differs by 21 commits.

• 4a6b327 chore(release): 13.0.1
• ae5318b chore: Update istanbul dependencies. ([Snyk] Fix for 1 vulnerabilities #896)
• d0b76e2 fix: Enable es-modules by default. ([Snyk] Fix for 1 vulnerabilities #889)
• 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing ([Snyk] Fix for 4 vulnerabilities #863)
• c325799 docs: reference babel 7 in all places ([Snyk] Fix for 2 vulnerabilities #881)
• 7483ed9 fix: use uuid/v4 to generate unique identifiers. ([Snyk] Fix for 8 vulnerabilities #883)
• 8ab1ae3 chore: update dependencies ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #872)
• 52b69ef fix: Update caching-transform options. ([Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #873)
• 624a723 chore: update dependencies ([Snyk] Fix for 1 vulnerabilities #866)
• a5818f5 chore(release): 13.0.0
• f0d98a5 docs: update README.md with babel configuration info ([Snyk] Fix for 1 vulnerabilities #860)
• 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report ([Snyk] Fix for 1 vulnerabilities #859)
• f09cf02 chore: update dependencies ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #855)
• d0f654c fix: source was being instrumented twice, due to upstream fix in ista… ([Snyk] Fix for 3 vulnerabilities #853)
• adb310c chore(release): 12.0.2
• ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 ([Snyk] Fix for 5 vulnerabilities #854)
• b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
• 9fc20e4 chore(release): 12.0.1
• 3e087d4 chore: upgrade to version of istanbul with optional catch binding ([Snyk] Security upgrade jest from 24.9.0 to 27.0.0 #851)
• eaf3f70 chore(release): 12.0.0
• 19b7d21 chore: upgrade to newest version of istanbul codebase ([Snyk] Fix for 1 vulnerabilities #848)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution