[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept

Commit messages

Package name: eslint

The new version differs by 21 commits.

• 145aec1 7.16.0
• 83518a5 Build: changelog update for 7.16.0
• a62ad6f Update: fix false negative of no-extra-parens with NewExpression (#13930)
• f85b4c7 Fix: require-atomic-updates false positive across await (fixes #11954) (#13915)
• 301d0c0 Fix: no-constant-condition false positives with unary expressions (#13927)
• 555c128 Fix: false positive with await and ** in no-extra-parens (fixes #12739) (#13923)
• d93c935 Docs: update JSON Schema links (#13936)
• 8d0c93a Upgrade: table@6.0.4 (#13920)
• 9247683 Docs: Remove for deleted npm run profile script (#13931)
• ab240d4 Fix: prefer-exponentiation-operator invalid autofix with await (#13924)
• dc76911 Chore: Add .pre-commit-hooks.yaml file (#13628)
• 2124e1b Docs: Fix wrong rule name (#13913)
• 06b5809 Sponsors: Sync README with website
• 26fc12f Docs: Update README team and sponsors
• 902a032 7.15.0
• 6356778 Build: changelog update for 7.15.0
• 5c11aab Upgrade: @ eslint/esintrc and espree for bug fixes (refs #13878) (#13908)
• 0eb7957 Upgrade: file-entry-cache@6.0.0 (#13877)
• 683ad00 New: no-unsafe-optional-chaining rule (fixes #13431) (#13859)
• cbc57fb Fix: one-var autofixing for export (fixes #13834) (#13891)
• 110cf96 Docs: Fix a broken link in working-with-rules.md (#13875)

See the full diff

Package name: gulp-mocha

The new version differs by 4 commits.

• 2f0b810 8.0.0
• 4fa531f Require Node.js 10 and upgrade Mocha
• 93e1cbc Move to GitHub Actions (#201)
• 94af2ed Remove message from readme (#198)

See the full diff

Package name: mocha

The new version differs by 118 commits.

• cc51b8f build(v9.2.0): release
• dea3115 build(v9.2.0): update CHANGELOG [ci skip]
• 1825645 chore: update dependencies (#4818)
• bc0fda2 chore: update some devDependencies (#4816)
• 8b089a2 feat(parallel): assign each worker a worker-id (#4813)
• 9fbf3ae chore: run Netlify deploy on Node v16 (#4778) [ci skip]
• f297790 chore: switch 'linkify-changelog.js' to ESM (#4812) [ci skip]
• 0a1b7f8 build(v9.1.4): release
• a04d050 build(v9.1.4): update CHANGELOG [ci skip]
• baa12fd fix: wrong error thrown if loader is used (#4807)
• 60fafa4 Update copyright year in LICENSE (#4804)
• 3b4cc05 chore(devDeps): remove 'cross-spawn' (#4779)
• a99d40c chore(ci): add Node v17 to test matrix (#4777)
• ac43029 chore(devDeps): update 'prettier' (#4776)
• 9c9fcb5 chore: update some devDependencies (#4775)
• 28b4824 build(v9.1.3): release
• 3dcc2d9 build(v9.1.3): update CHANGELOG [ci skip]
• 012d79d fix(browser): enable 'bdd' import for bundlers (#4769)
• 111467f fix(integration): revert deprecation of 'EVENT_SUITE_ADD_*' events (#4764)
• 0ea732c fix(website): improve backers sprite image (#4756)
• 18a1055 build(v9.1.2): release
• 011a5a4 fix: regex in 'update-authors.js'
• 06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
• a87461c chore(deps): remove 'wide-align' (#4754)

See the full diff

Package name: mocha-junit-reporter

The new version differs by 12 commits.

• 8e0b9e4 Merge branch 'master' of https://github.com/michaelleeallen/mocha-junit-reporter
• 4a7cca4 Bump glob-parent from 5.1.1 to 5.1.2
• 2a321e3 Merge pull request [Snyk] Upgrade serverless from 2.4.0 to 2.5.0 #152 from michaelleeallen/dependabot/npm_and_yarn/glob-parent-5.1.2
• 5403f63 Merge pull request [Snyk] Upgrade: @babel/cli, @babel/core, @babel/preset-env, @babel/register #155 from pkuczynski/upgrade-strip-ansi
• 2222692 Upgrade strip-ansi@6.0.1
• 1c3eb62 Bump glob-parent from 5.1.1 to 5.1.2
• 88388ee Merge pull request An in-range update of semantic-release is breaking the build 🚨 #104 from michaelleeallen/add-actions
• 2cd514a Merge pull request [Snyk] Upgrade @babel/core from 7.11.0 to 7.11.1 #133 from michaelleeallen/dependabot/npm_and_yarn/lodash-4.17.19
• 18ff0f4 Merge pull request [Snyk] Upgrade coveralls from 3.0.13 to 3.1.0 #115 from gabegorelick/setup-teardown-time
• a3ec7b5 Bump lodash from 4.17.15 to 4.17.19
• d2770c2 Testsuite time should include setup and teardown
• 298d1a6 Create npmpublish.yml

See the full diff

Package name: semantic-release

The new version differs by 91 commits.

• 95af1e4 Merge pull request #2332 from semantic-release/beta
• f634b8c fix(npm-plugin): upgraded to the beta, which upgrades npm to v8
• d9e5bc0 fix: upgrade `marked` to resolve ReDos vulnerability (#2330)
• dd7d664 docs: fix a broken link (#2318)
• cd6136d docs: wrong prerelease example (#2307)
• e62c83d docs: remove repeated 'with' word (#2289)
• 5d78fa4 docs(breaking-change): highlighted the need for `BREAKING CHANGE: ` to be in the commit footer (#2283)
• b64855f docs(badge): mentioned referencing the commit convention (#2269)
• 09bcf7a docs: update badges to include preset names (#2266)
• 8e96b23 docs(issue-templates): fixed links to templates for opening issues (#2264)
• 5535268 docs: fix typo (#2262)
• 7f971f3 fix: bump @ semantic-release/commit-analyzer to 9.0.2 (#2258)
• e636621 docs(troubleshooting): typo (#2254)
• f2a2def docs(recipes): fix path to recipes (#2253)
• 628e29e chore(deps): update dependency got to v11.8.3 (#2251)
• 8fda7fd docs(recipes): moved recipes to sub-directories to align with gitbook expectations (#2246)
• 52d76a2 docs(plugin-list): updates semantic-release-plus/docker with updated lifecycle hook. (#2243)
• f092dd1 chore(deps): update dependency nock to v13.2.1 (#2242)
• 03aa7d0 docs(badge): switched to proper semantic-release logo (#2235)
• bc146e4 docs(gitbook): updated the summary document so that missing pages are rendered by gitbook (#2234)
• 5f9d1d1 chore(deps): update dependency nock to v13.2.0 (#2233)
• 7ff71ad chore(deps): update dependency sinon to v12.0.1 (#2231)
• d3958b8 Revert "chore(deps): update dependency p-retry to v5" (#2230)
• 4ae9209 chore(deps): update dependency p-retry to v5 (#2229)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.