[Snyk] Fix for 2 vulnerabilities

[ekmixon]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @semantic-release/npm

The new version differs by 159 commits.

• 410b73d Merge pull request Possible to override the text renderer? markedjs/marked#581 from semantic-release/beta
• fc6fd18 Merge branch 'master' of github.com:semantic-release/npm into beta
• 93f2f73 chore(deps): lock file maintenance (quoting in pre code blocks markedjs/marked#590)
• 3930bf1 chore(deps): update dependency semantic-release to v20.1.3 (#588 Add option to allow json output instead of a string markedjs/marked#589)
• 4dae1ea build(deps): bump webpack from 5.75.0 to 5.76.1
• 0d914cb chore(deps): update dependency sinon to v15.0.2 (Github Task Lists markedjs/marked#587)
• dff7f90 chore(deps): update dependency dockerode to v3.3.5 (Trailing ) dropped in javascript links markedjs/marked#586)
• c6e74d4 chore(deps): lock file maintenance (allowing dot before extension markedjs/marked#585)
• c434c47 Merge pull request Do not render strong or em when text contains tag markedjs/marked#582 from semantic-release/provenance
• a6aad6f ci(provenance): enabled provenance for publishing
• 5fa2115 chore(deps): update dependency semantic-release to v20.1.1 (Errant space appears when indenting a code block in an ordered list item markedjs/marked#584)
• 9ad8402 chore(deps): lock file maintenance (The double underscores at the beginning of the word break the html layout markedjs/marked#583)
• ed0b20f Merge branch 'master' of github.com:semantic-release/npm into beta
• 23eb1e3 chore(deps): lock file maintenance (* being parsed from markdown seemingly at random. markedjs/marked#580)
• 3266f40 ci(release): configured the release job to use the latest lts version of node
• 725f044 chore(deps): updated semantic-release to the latest stable version
• 31bc1f3 Merge pull request Added ignore() method to disable specific markup. markedjs/marked#579 from semantic-release/npm-9
• 2a79f80 fix(deps): upgraded npm to v9
• c46c466 chore(deps): lock file maintenance (typographic switch markedjs/marked#573)
• f450a28 chore(deps): lock file maintenance (Option to not sanitize links / anchor tags markedjs/marked#572)
• 2b8ac2e Merge pull request Correct version in bower.json markedjs/marked#567 from semantic-release/sr-peer
• 1d0ed0f chore(deps): update dependency semantic-release to v20.1.0 (Option to render only parts of the Markdown syntax markedjs/marked#571)
• 22e70ad feat(semantic-release-peer): raised the minimum peer requirement to the first version that supports loading esm plugins
• bd05849 chore(deps): update dependency semantic-release to v20.0.4 (Correct def_blocks test expected outcome and make test pass markedjs/marked#570)

See the full diff

Package name: semantic-release

The new version differs by 219 commits.

• deb1b7f Merge pull request Code block ignores newlines markedjs/marked#2741 from semantic-release/beta
• 2d7f607 chore(lint): ran prettier against the release workflow file
• 91eae11 ci(release): enabled provenance for publishing to npm
• 050412e Merge branch 'master' of github.com:semantic-release/semantic-release into beta
• d647433 fix(deps): updated to the latest version of the npm plugin
• f1d6e65 chore(deps): update dependency dockerode to v3.3.5
• c38b53a fix(deps): update dependency execa to v7.1.1
• fbede54 fix(deps): update dependency cosmiconfig to v8.1.2
• 6d286cd chore(deps): update dependency sinon to v15.0.2 (feat: add preprocess and postprocess hooks markedjs/marked#2730)
• bc6d8b4 chore(deps): update dependency testdouble to v3.17.0 (chore(deps-dev): Bump eslint from 8.33.0 to 8.34.0 markedjs/marked#2731)
• 9986f6f chore(deps): lock file maintenance
• 6bd6afd docs: add `new` to create `WritableStreamBuffer` instances (chore(deps-dev): Bump semantic-release from 20.0.3 to 20.1.0 markedjs/marked#2724)
• 00714c0 chore(deps): lock file maintenance ([Question] Extra lex results when dealing with text within a list markedjs/marked#2684)
• c71d5d9 test: Windows support in integration tests (GFM blockquote markedjs/marked#2722)
• c04e827 test: update docker config for windows support (async: true inconsistent return type (Promise | string) + docs update markedjs/marked#2721
• 6ead75b test: index test should reset `testdouble` (GFM blockquote markedjs/marked#2723)
• ab3dfe4 chore(deps): update dependency c8 to v7.13.0 (chore(deps-dev): Bump semantic-release from 20.0.2 to 20.0.3 markedjs/marked#2716)
• df6dbf0 docs(navigation): removed the hash from the configuration usage page
• ea8ed80 docs(navigation): removed the hash from the ci usage page
• e47ea08 docs(ci-configurations): removed hash from the links
• 4e5b181 docs(node-version): linked to proper recipe page for ci-configurations
• 5acdaab docs(ci-configuration): further fixed the format of links to recipes
• 724dc82 docs(ci-configuration): fixed the format of links to recipes
• 31d9bfe fix(deps): update dependency execa to v7 (Support for sub- & superscript, without using html tags markedjs/marked#2709)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

[secure-code-warrior-for-github]

Micro-Learning Topic: Inefficient regular expression (Detected by phrase)

Matched on "Inefficient Regular Expression"

What is this? (2min video)

A regular expression that requires exponential time to match certain inputs can be a performance bottleneck, and may be vulnerable to denial-of-service attacks.

Try a challenge in Secure Code Warrior

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.