[Snyk] Fix for 1 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @typescript-eslint/eslint-plugin

The new version differs by 170 commits.

• 18e7b5b chore: publish v2.32.0
• 18668b7 feat: bump dependencies and align AST ([Snyk] Security upgrade actionpack from 4.2.5 to 4.2.11.3 #2007)
• 6987ecc fix(eslint-plugin): [no-base-to-string] support boolean in unions ([Snyk] Security upgrade express from 4.12.4 to 4.19.2 #1979)
• 56d9870 fix(eslint-plugin): [no-type-alias] handle readonly types in aliases ([Snyk] Security upgrade rack from 1.6.5 to 2.0.9.1 #1990)
• 51ca404 fix(eslint-plugin): [no-unused-expressions] inherit `messages` from base rule ([Snyk] Security upgrade django from 1.6.1 to 1.6.3 #1992)
• 176054c chore: publish v2.31.0
• 1f3c344 chore: upgrade to prettier 2.0 ([Snyk] Security upgrade python from 3.6-slim to 3.13.0a4-slim #1970)
• b18bc35 feat(eslint-plugin): new extended rule 'no-invalid-this' ([Snyk] Security upgrade cryptography from 2.6.1 to 42.0.2 #1823)
• 2f0824b feat(eslint-plugin): [prefer-optional-chain] added option to convert to suggestion fixer ([Snyk] Security upgrade django from 2.0.1 to 2.2.28 #1965)
• 7f3fba3 fix(eslint-plugin): [method-signature-style] fix overloaded methods to an intersection type ([Snyk] Security upgrade django from 1.6.1 to 3.2.25 #1966)
• f78f13a fix(eslint-plugin): no-base-to-string boolean expression detect ([Snyk] Security upgrade django from 1.6.1 to 2.2.28 #1969)
• b35070e fix(eslint-plugin): [unbound-method] false positives for unary expressions ([Snyk] Security upgrade django from 2.0.1 to 3.2.25 #1964)
• f82fd7b fix(eslint-plugin): [return-await] await in a normal function ([Snyk] Security upgrade django from 1.6.1 to 3.2.25 #1962)
• 05476ca docs(eslint-plugin): [naming-convention] correct typo in example ([Snyk] Security upgrade django from 2.0.1 to 3.2.25 #1961)
• 80d934b chore: turn on `no-poorly-typed-ts-props` ([Snyk] Security upgrade django from 1.6.1 to 3.2.14 #1955)
• b609b43 chore: fix CI ([Snyk] Security upgrade standard from 4.5.4 to 6.0.0 #1958)
• 56ea7c9 feat(eslint-plugin-internal): add rule no-poorly-typed-ts-props ([Snyk] Security upgrade django from 1.6.1 to 3.2.25 #1949)
• 2dd1638 feat(experimental-utils): expose our RuleTester extension ([Snyk] Security upgrade python from 3.7-slim to 3.13.0a3-slim #1948)
• 383f931 fix(eslint-plugin): [dot-notation] handle missing declarations ([Snyk] Security upgrade python from 3.6-slim to 3.13.0a3-slim #1947)
• f7ec192 feat(eslint-plugin): [member-ordering] add decorators support ([Snyk] Security upgrade node-uuid from 1.4.0 to 1.4.8 #1870)
• 1b4e430 chore: publish v2.30.0
• 2f45e99 fix(eslint-plugin): fix no-base-to-string boolean literal check ([Snyk] Security upgrade node-uuid from 1.4.0 to 1.4.8 #1850)
• ed2bd60 fix(eslint-plugin): [prefer-string-starts-ends-with] check for negative start index in slice ([Snyk] Security upgrade istanbul from 0.3.22 to 0.4.5 #1920)
• a85c3e1 feat(eslint-plugin): add extension rule `dot-notation` ([Snyk] Security upgrade node-uuid from 1.4.0 to 1.4.8 #1867)

See the full diff

Package name: cross-spawn

The new version differs by 11 commits.

• 0e7cd3d chore(release): 7.0.0
• 6fdaf5a chore: update deps
• 16feb53 refactor: drop support for versions below Node.js 8 ([Snyk] Security upgrade django from 1.6.1 to 2.2.25 #125)
• 48bee1d chore: fix tests
• 9c9d627 chore: remove extra space after badges (made with screpto)
• 47aff71 chore: do not auto-publish on release due to 2FA (made with screpto)
• 85339d4 chore: remove greenkeeper badge (made with screpto)
• 6450fe7 chore: update babel preset
• 18ebd93 chore: update dev deps
• bbd342b chore: add missing new line to readme
• 8f20cbc chore: fix some more linting errors

See the full diff

Package name: danger

The new version differs by 212 commits.

• 54f7f7a Release 11.2.1
• d7cd274 Try wrap up PR
• 042c4fa Merge branch 'main' of https://github.com/danger/danger-js
• 0f48d32 Merge pull request [Snyk] Security upgrade rack from 1.6.5 to 2.0.9.1 #1342 from pepix/support-arm64-target
• 64d9833 Merge pull request [Snyk] Security upgrade lodash from 4.17.15 to 4.17.20 #1345 from connyay/cjh-bump-jwt
• dea9c6c Upgrade jsonwebtoken and @ types/jsonwebtoken
• 40bdfe1 Add a new workflow to build binaries for macOS architectres on GitHub Actions
• 4efada7 Update release-it.json and create-homebrew-tap-pr.sh
• 16271cd Support arm64 binary generation
• ad3c542 Release 11.2.0
• 6829c33 CHANGELOG for release
• c3641dc Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #1331 from hcomde/issue_1138_gitlab_threads
• f8453e9 Merge pull request [Snyk] Security upgrade nyc from 6.6.1 to 15.0.0 #1337 from stodirascu/fix-github-action
• beb7f41 Moving the GITHUB_WORKFLOW check before actually getting the userInfo
• 90f595b GitLab: Add support to use threads instead of comments
• 639898f Merge pull request [Snyk] Security upgrade wd from 0.2.27 to 1.0.0 #1336 from falkenhawk/patch-1
• 7b60e62 fix messing the order of messages
• 0c8804f Merge pull request [Snyk] Fix for 1 vulnerabilities #1332 from ivankatliarchuk/issue_1330
• 886616b use this.log instead
• 98fd3f0 update message
• c4d1cbf wip
• 3a97856 update CHANGELOG
• 6b47827 added environment variable DANGER_SKIP_WHEN_EMPTY
• 2bcccbd Update issue_template.md

See the full diff

Package name: eslint

The new version differs by 210 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: nock

The new version differs by 234 commits.

• 11dba99 fix ([Snyk] Fix for 1 vulnerabilities #1659)
• bf1d7d6 test: Clarify that cleanAll removes persistent mocks ([Snyk] Security upgrade nyc from 3.2.2 to 5.0.0 #1647)
• e661d0d bug(recorder): replace qs lib with native querystring. ([Snyk] Fix for 1 vulnerabilities #1653)
• 05ae31e Refactor lifecycle tests using got / async ([Snyk] Fix for 1 vulnerabilities #1646)
• 26fc08f Async Reply functions (always emit errors) ([Snyk] Fix for 20 vulnerabilities #1596)
• 35221ce refactor: overhaul body and query matching ([Snyk] Security upgrade tap from 11.1.3 to 18.0.0 #1632)
• 88e85ac fix: trigger release ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #1645)
• e744b0a bug: handle content-type request headers when arrays
• 87cac20 refactor: default function arguments ([Snyk] Fix for 1 vulnerabilities #1640)
• 9c504f6 refactor: default options on recorder, remove dead code ([Snyk] Fix for 2 vulnerabilities #1641)
• ad264cb test: change tests to use test domain ([Snyk] Fix for 1 vulnerabilities #1639)
• 4a4b8ec feat(overrider): added support for header modifications before end()
• 213014b Display the badge correctly ([Snyk] Security upgrade tap from 1.4.1 to 18.0.0 #1637)
• df1a5cd refactor: Convert Scope to a class ([Snyk] Fix for 1 vulnerabilities #1636)
• 3bdadef refactor: Convert Socket to a class ([Snyk] Security upgrade standard from 7.1.2 to 16.0.0 #1635)
• 08b1b6b refactor: Convert DelayedBody to a class ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #1634)
• f385edd Advertise and enforce 100% coverage, drop Coveralls ([Snyk] Fix for 1 vulnerabilities #1633)
• 60a055b refactor(interceptor): separate hostname matching
• 2a54482 feat(interceptor): duplicate query calls throw ([Snyk] Security upgrade django from 1.6.1 to 2.2.28 #1630)
• f015929 chore(deps): bump lodash from 4.17.11 to 4.17.13 ([Snyk] Fix for 6 vulnerabilities #1629)
• c78ceb3 Clean up some more hostnames in tests ([Snyk] Security upgrade sanitize from 4.6.2 to 5.2.1 #1627)
• a2208d1 feat(interceptor): duplicate query keys throw
• 880224a refactor: Scope.pendingMocks
• a201ac0 test(socket): add coverage for timeout without a callback

See the full diff

Package name: os-name

The new version differs by 4 commits.

• 3bd71d6 4.0.0
• a1adfb8 Require Node.js 10
• 6e18891 Tidelift tasks
• 4de9adc Create funding.yml

See the full diff

Package name: restify

The new version differs by 41 commits.

• 2053ef6 chore(master): release 10.0.0
• 3f94e4f chore: upgrade release-please (please work)
• c21f6a8 chore: remove wrong link from CHANGELOG.md
• 5795223 feat!: support v18.x
• f384900 chore: Update example to allow downgrading to http1
• fa52f60 feat: bump dtrace-provider version to avoid MacOS errors
• e911d17 chore: upgrade send@^0.18.0
• c9e5dfd chore: upgrade mime@^3.0.0
• 15b8458 chore: upgrade semver@^7.0.0
• 1e25d31 chore: upgrade pidusage@^3.0.0
• 70370d9 chore: upgrade pino@^8.0.0
• de36103 chore: upgrade lru-cache@^7.0.0
• c944080 chore: upgrade uuid@^9.0.0
• 50bfac7 chore: upgrade csv@^6.0.0
• 638930c chore(examples): delete bench example in favor of the benchmark script
• a70880e chore(examples): update socket.io
• 23a80ae chore(examples): update todoapp
• 7228b94 chore: bump find-my-way to ^7.2.0
• caba351 updated package.json [ci skip]
• bf2e42a updated CHANGELOG.md [ci skip]
• c15111f chore: drop support for EOL Node.js versions
• d052b7c feat: deprecate req.closed
• 839fb4a chore: bump version of http-signature to ^1.3.6 ([Snyk] Security upgrade django from 1.6.1 to 1.6.3 #1889)
• cc483e0 chore: remove travis and update github ci ([Snyk] Security upgrade node-uuid from 1.4.0 to 1.4.8 #1878)

See the full diff

Package name: semver

The new version differs by 140 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease ([Snyk] Security upgrade minimatch from 3.0.0 to 3.0.2 #566)
• 5c8efbc fix: preserve build in raw after inc ([Snyk] Security upgrade jsonpointer from 2.0.0 to 5.0.0 #565)
• 717534e fix: better handling of whitespace ([Snyk] Security upgrade minimist from 0.0.8 to 1.2.6 #564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 ([Snyk] Security upgrade django from 2.0.1 to 3.2.15 #558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error ([Snyk] Security upgrade aiohttp from 2.2.2 to 3.8.0 #559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 ([Snyk] Fix for 10 vulnerabilities #555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message ([Snyk] Fix for 10 vulnerabilities #552)
• 503a4e5 feat: allow identifierBase to be false ([Snyk] Fix for 61 vulnerabilities #548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions ([Snyk] Fix for 3 vulnerabilities #546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare ([Snyk] Fix for 10 vulnerabilities #547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD ([Snyk] Security upgrade rack-protection from 1.5.3 to 1.5.3 #545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 ([Snyk] Fix for 5 vulnerabilities #538)
• aa516b5 fix: faster parse options ([Snyk] Fix for 1 vulnerabilities #535)
• 61e6ea1 fix: faster cache key factory for range ([Snyk] Security upgrade marked from 0.3.6 to 4.0.10 #536)
• f8b8b61 fix: optimistic parse ([Snyk] Fix for 5 vulnerabilities #541)
• 796cbe2 fix: semver.diff prerelease to release recognition ([Snyk] Fix for 1 vulnerabilities #533)
• 3f222b1 fix: reuse comparators on subset ([Snyk] Security upgrade debug from 2.2.0 to 2.6.9 #537)
• 113f513 feat: identifierBase parameter for .inc ([Snyk] Fix for 1 vulnerabilities #532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: snyk-policy

The new version differs by 2 commits.

• cc835cc Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.18 #48 from snyk/feat/semver-7
• 5a70662 feat: upgrade semver to 7

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: update-notifier

The new version differs by 2 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)