[Snyk] Fix for 1 vulnerabilities

[soloinovator]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: markdownlint-cli

The new version differs by 131 commits.

• ce0d77a Bump version 0.34.0
• 3de966d Add Node 20 to CI test matrix.
• e540262 Bump xo from 0.54.1 to 0.54.2
• 02edb23 Bump markdownlint from 0.28.1 to 0.28.2
• 5024217 Bump glob from 10.1.0 to 10.2.2
• 26bbe10 Bump glob from 10.0.0 to 10.1.0
• 3f3c26c Bump xo from 0.54.0 to 0.54.1
• 98660a3 Bump commander from 10.0.0 to 10.0.1
• 5c71ad6 Bump glob from 9.3.4 to 10.0.0
• cd230b0 Update markdownlint.js to group require calls together for new xo policy.
• 1910c83 Bump xo from 0.53.1 to 0.54.0
• fc825b4 Bump markdownlint from 0.28.0 to 0.28.1
• 49da7ee Bump minimatch from 8.0.3 to 9.0.0
• afd8f0c Bump glob from 9.3.2 to 9.3.4
• 5027dd0 Bump minimatch from 7.4.3 to 8.0.3
• 2d95a13 Bump minimatch from 7.4.2 to 7.4.3
• 4e6fb32 Bump glob from 9.3.0 to 9.3.2
• 6da2a65 Bump markdownlint from 0.27.0 to 0.28.0
• 9844fce Bump execa from 7.1.0 to 7.1.1
• c9b0147 Rename local-only "test-rule-package" to avoid incorrect attribution to malware on npm via Dependabot alerts (https://snyk.io/redirect/github/igorshubovych/markdownlint-cli/security/dependabot/4).
• e6a706f Normalize "\" character in output path to get tests passing on Windows after dependency update to glob v9.
• 1636b71 Bump glob from 8.1.0 to 9.3.0
• a1ca192 Bump webpack from 5.64.1 to 5.76.1
• 12c54e6 Bump execa from 7.0.0 to 7.1.0

See the full diff

Package name: npm-packlist

The new version differs by 53 commits.

• 6a805d1 chore: release 6.0.0 (Bump actions/cache from 3.3.2 to 3.3.3 #124)
• c37371b feat: change interactions between `files` array and ignore files to be more consistent ([Snyk] Security upgrade babel-loader from 8.3.0 to 9.0.0 #88)
• a2c96ef feat!: postinstall for dependabot template-oss PR
• 925c5b8 chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 01c4799 chore(main): release 5.1.3 (Bump tj-actions/changed-files from 39.2.0 to 40.2.2 #114)
• de5e96b deps: bump npm-bundled from 1.1.2 to 2.0.0 (Bump actions/stale from 8.0.0 to 9.0.0 #113)
• 50d06c4 chore(main): release 5.1.2 (Bump reactivecircus/android-emulator-runner from 2.28.0 to 2.29.0 #112)
• c97d1a8 deps: bump npm-normalize-package-bin from 1.0.1 to 2.0.0 (Bump tj-actions/changed-files from 39.2.0 to 40.2.1 #110)
• 8356e02 chore: postinstall for dependabot template-oss PR
• 8b5ba6f chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 7e8be74 chore(main): release 5.1.1 ([Snyk] Security upgrade react-native from 0.71.11 to 0.72.0 #109)
• da1ba4a fix: correctly ignore .gitignore when a .npmignore is present ([Snyk] Security upgrade rimraf from 3.0.2 to 4.0.0 #108)
• 9393e2e chore(main): release 5.1.0 (Bump actions/setup-java from 3.13.0 to 4.0.0 #105)
• d74bdd1 feat: correctly handle workspace roots (Bump gradle/gradle-build-action from 2.8.1 to 2.10.0 #104)
• 1461039 chore(main): release 5.0.4 (Bump shivammathur/setup-php from 2.26.0 to 2.28.0 #103)
• 34f416f chore: bump @ npmcli/template-oss from 3.4.3 to 3.5.0 (Bump shivammathur/setup-php from 2.26.0 to 2.27.1 #100)
• 0f31f71 fix: do not pack workspaces by default
• 839e6e8 fix: respect gitignore and npmignore files in workspace roots
• 7e1fc71 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Bump tj-actions/changed-files from 39.2.0 to 40.1.1 #99)
• 084fa24 chore(main): release 5.0.3 (Bump tj-actions/changed-files from 39.2.0 to 40.1.0 #98)
• ceea51d chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Bump actions/setup-node from 3.8.1 to 4.0.0 #96)
• 9f519b7 fix: strip leading ./ from files array entries (Bump tj-actions/changed-files from 39.2.0 to 40.0.2 #97)
• ce176f7 chore: postinstall for dependabot template-oss PR
• 70ba466 chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2

See the full diff

Package name: puppeteer-core

The new version differs by 250 commits.

• 101fcb9 chore: release main (Gutenberg issue with ACF Page Link or Page Object Field WordPress/gutenberg#9789)
• ca797ad chore: fix pre-release
• 0df369a chore: fix husky
• 22e4cc3 chore: fix pre-release workflow (Reusable Blocks: Support importing and exporting reusable blocks WordPress/gutenberg#9788)
• baf51bc chore: use prerelease for browser (Issue/9785 - Remove isButton prop WordPress/gutenberg#9786)
• 364b23f fix: update dependencies (Docs: Correct the markdown_source for outreach/articles WordPress/gutenberg#9781)
• 299d444 chore: remove pre-push and pre-commit (Editor package: fix block settings menu appearance WordPress/gutenberg#9777)
• 813882d chore: update glob (Components package: fix component placeholder styling WordPress/gutenberg#9776)
• 04247a4 feat: browsers: recognize chromium as a valid browser (Add option to skip PublishSidebar on publishing WordPress/gutenberg#9760)
• 6777604 chore: fix analyzer yarn installs (Table Block: alignment options are inconsistent and do not show up on the front end WordPress/gutenberg#9778)
• 2123f80 chore: remove rimraf (Block cannot be previewed error WordPress/gutenberg#9775)
• 8bf9718 chore(deps): Bump yargs from 17.7.0 to 17.7.1 (Gallery Captions are positioned incorrectly.  WordPress/gutenberg#9752)
• f84873c chore: support commas in P selectors (Request: an alternative number control/input WordPress/gutenberg#9769)
• 62d5f39 chore(deps): Bump @ angular-devkit/schematics from 15.2.0 to 15.2.1 (Keyboard Shortcut Cmd-Shift-D results in duplicate toolbar items when used on the same block more than once WordPress/gutenberg#9773)
• 3a4e726 chore: fix Browsers failing tests (CodeMirror with ACF Textarea WordPress/gutenberg#9768)
• 2922611 chore(deps): Bump @ angular-devkit/core from 15.2.0 to 15.2.1 (Pasting from Microsoft Word doesn't strip its internal styling definitions WordPress/gutenberg#9761)
• f68e046 chore(deps): Bump cosmiconfig from 8.0.0 to 8.1.0 (Admin pull down action area is messed up WordPress/gutenberg#9751)
• d3b25df chore: update test expectation data for Firefox for 19.7.2 downstream sync (Tooling: Improve docs build to consider memoized selectors WordPress/gutenberg#9756)
• f887292 chore: add more debugging info on Debug Runs (Classic Editor Toolbar doesn't disappear when out-clicking WordPress/gutenberg#9754)
• 004a99a chore: implement simple BiDi ElementHandle (Packages: Deprecated: Gutenberg-independent deprecations WordPress/gutenberg#9753)
• 232873a chore: fix Mocha test runner suggestion when hooks fail (Framework: Replace element-closest with registered vendor script WordPress/gutenberg#9750)
• 4a365a4 chore: extract BiDi context to allow emitting only to it (Adjust unified block toolbar padding at medium breakpoints. WordPress/gutenberg#9742)
• ed1bb7c chore(deps): Bump @ angular-devkit/schematics from 15.1.6 to 15.2.0 (Clicking the "Keyboard Shortcuts" button in the Classic block does nothing.  WordPress/gutenberg#9748)
• 4ddf63d chore(deps): Bump @ angular-devkit/core from 15.1.6 to 15.2.0 (Small spacing issue WordPress/gutenberg#9749)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.