[Snyk] Fix for 7 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/typescript/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2421199	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') SNYK-JS-SIMPLEGIT-2434306	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3112221	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SIMPLEGIT-3177391	Yes	Proof of Concept
	741/1000 Why? Recently disclosed, Has a fix available, CVSS 9.1	Insufficiently Protected Credentials SNYK-JS-TYPEDRESTCLIENT-5487993	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: simple-git

The new version differs by 250 commits.

• d716d32 Merge pull request [Snyk] Fix for 3 vulnerabilities #877 from steveukx/changeset-release/main
• 1a12952 Version Packages
• 12b8fc3 Merge pull request [Snyk] Security upgrade gulp-format-md from 0.1.12 to 2.0.0 #864 from steveukx/dependabot/npm_and_yarn/minimatch-3.0.5
• ec97a39 Block unsafe pack (push --exec) ([Snyk] Security upgrade tap from 7.1.2 to 16.0.0 #882)
• 0a623e5 Feat/unsafe pack ([Snyk] Fix for 2 vulnerabilities #881)
• b45d08b Merge pull request [Snyk] Security upgrade webpack from 3.12.0 to 5.0.0 #876 from steveukx/feat/support-checkout-B
• 97fde2c Add support for using the `-B` modifier instead of the default `-b` when using `checkoutBranch` / `checkoutLocalBranch`.
• edfd459 Update readme.md
• 459ec92 Merge pull request [Snyk] Fix for 1 vulnerabilities #868 from steveukx/changeset-release/main
• c9fc61f Version Packages
• de570ac Fix/non strings ([Snyk] Fix for 1 vulnerabilities #867)
• 7efdcbc chore(deps): bump minimatch from 3.0.4 to 3.0.5
• e1d66b6 Merge pull request [Snyk] Fix for 4 vulnerabilities #863 from steveukx/changeset-release/main
• d4764bf Version Packages
• 7746480 Chore: bump lerna, jest and create prettier workflow ([Snyk] Fix for 23 vulnerabilities #862)
• 47030d5 Merge pull request [Snyk] Fix for 1 vulnerabilities #861 from steveukx/security/protocols
• 6b3c631 Create the `unsafe` plugin to configure how `simple-git` treats known potentially unsafe operations.
• 3324eed Merge pull request [Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #855 from steveukx/changeset-release/main
• e459622 Version Packages
• 2ea0231 Merge pull request [Snyk] Fix for 5 vulnerabilities #854 from steveukx/chore/update-lerna
• 5a2e7e4 Add version parsing support for non-numeric patches (to include built… ([Snyk] Fix for 3 vulnerabilities #853)
• 88fee05 Chore: bump lerna to latest `5.5.1`
• 0f964ba Merge pull request [Snyk] Security upgrade tap from 0.4.13 to 1.0.8 #849 from steveukx/changeset-release/main
• 6460a1f Version Packages

See the full diff

Package name: xml2js

The new version differs by 18 commits.

• bd0f780 Bump dependency versions to fix security issues
• 3a8d46e Update lockfile
• 9f730bb Update package.json with latest PR
• 50a492a Merge pull request [Snyk] Fix for 1 vulnerabilities #603 from autopulated/master
• 7bc3c5d Merge pull request [Snyk] Fix for 1 vulnerabilities #598 from fnimick/master
• f412a12 Merge pull request [Snyk] Fix for 1 vulnerabilities #635 from wisesimpson/patch-1
• d318ce0 Update README.md
• 581b19a use Object.create(null) to create all parsed objects (prevent prototype replacement)
• a212950 Add documentation for `explicitCharkey` option
• 1832e0b Merge pull request [Snyk] Fix for 1 vulnerabilities #512 from economia/master
• 198063c Merge pull request [Snyk] Fix for 1 vulnerabilities #556 from Omega-Ariston/fix-issue544
• 0d71785 Merge pull request [Snyk] Fix for 1 vulnerabilities #562 from Omega-Ariston/addDocExample
• a44bad4 Update README.md
• a3ae596 append example to README for issue [Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #552
• aad6dd6 fix issue554
• fa32064 readme updated with default empty tag as function
• f074644 cr fixes (will be squashed after another cr)
• 19a4c2f Call function for emptyTag if specified

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Remote Code Execution (RCE)
🦉 Prototype Pollution