[Snyk] Fix for 21 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/babylon/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	165/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0037, Social Trends: No, Days since published: 1559, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1136, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	218/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 375, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 10.1, Likelihood: 2.16, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 162, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	185/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0063, Social Trends: No, Days since published: 1733, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 95, Impact: 5.99, Likelihood: 3.08, Score Version: V5	Command Injection SNYK-JS-CODECOV-543183	Yes	Proof of Concept
	185/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00761, Social Trends: No, Days since published: 1710, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 95, Impact: 5.99, Likelihood: 3.08, Score Version: V5	Command Injection SNYK-JS-CODECOV-548879	Yes	Proof of Concept
	127/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.016, Social Trends: No, Days since published: 1554, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 95, Impact: 5.99, Likelihood: 2.11, Score Version: V5	Command Injection SNYK-JS-CODECOV-585979	Yes	No Known Exploit
	140/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00183, Social Trends: No, Days since published: 1728, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.48, Score Version: V5	Prototype Pollution SNYK-JS-DOTPROP-543489	Yes	Proof of Concept
	61/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00071, Social Trends: No, Days since published: 856, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 1.45, Score Version: V5	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 327, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	179/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01027, Social Trends: No, Days since published: 667, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.28, Score Version: V5	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 162, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00111, Social Trends: No, Days since published: 585, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.64, Score Version: V5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	144/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 28, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.54, Likelihood: 3.15, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	Yes	Proof of Concept
	173/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00048, Social Trends: No, Days since published: 1014, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.63, Likelihood: 1.99, Score Version: V5	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00213, Social Trends: No, Days since published: 480, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00285, Social Trends: No, Days since published: 1241, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 982, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 2436, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	77/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2405, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 3.26, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00171, Social Trends: No, Days since published: 2717, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 100, Impact: 2.35, Likelihood: 1.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 250 commits.

• cf7a288 6.0.0
• af5684d Don't force-exit after tests have completed
• 88e4333 Update dependencies & other minor tweaks
• cac1d1f Tweak README
• 0492d32 Fix external assertions tests for Node.js 21
• adbfcde Experimentally expose internal events for custom reporters
• 6790d50 Update memoize dependency
• e07179b Remove ability to select AVA 5 watcher
• cf0fa4c Update dependencies, rely on Node.js 18, other small changes
• 03a6723 Drop Node.js 16, upgrade minimal 18 and 20, test 21
• b6fbd58 Make assertions throw
• c792f10 Fix type tests for t.assert()
• 0d7bbd5 Fix typo in common pitfalls doc
• e81f413 Allow throws / throwsAsync to work with any value, not just errors
• 4c5b469 Refactor error processing
• e27183a Make `assert`, `truthy` and `falsy` typeguards
• e58f466 Only treat native errors as errors
• f2726f1 Update TypeScript recipe for mocks, Node.js 20
• f047694 Remove p-event dependency
• 7533020 Remove workaround for worker.terminate() crashes
• 10e2e8a Add t.timeout.clear() to restore default behavior
• 5a9a627 Make test-types work with tsc and XO
• 6ca0f1c Pro-actively write out code coverage
• 018d64f Test AVA using AVA 5

See the full diff

Package name: babel-eslint

The new version differs by 98 commits.

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing (deps:tingkat npm ke6.13.7 #31558 npm/cli#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base ([BUG] npm install <name>@<tag/semver> behaviour unexpected npm/cli#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference ([PR] Update Deps (v7): cacache npm/cli#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert When I run npm install with 13.2.0 version , prompt cb() never called! npm/cli#584 (allow new majors of node to be automatically considered supported npm/cli#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• 020d012 Treat type alias declarationlike function declaration (When I run npm install with 13.2.0 version , prompt cb() never called! npm/cli#584)
• b400cb1 Test eslint5, update peerDep ([BUG] npm error caused by a single quote in username npm/cli#690)
• c333bd6 Drop old monkeypatching behavior (Benchmarks / Contributing Updates npm/cli#689)
• 6aa8b6f 9.0.0
• c7ee9ae Bump to babel@7.0.0 🎉 ([BUG] Split GitHub Actions CI npm/cli#676)
• 3ece549 Docs: Make the default parserOptions more explicit (Release 6.13.6 npm/cli#673)
• 0b36951 Add logical assignment plugin (Fix a few lgtm.com issues. npm/cli#674)
• 5856ff5 Bump some devDeps
• 45938d9 build(deps): upgrade @ babel/* to 7.0.0-rc.2 (npm ERR! 401 Unauthorized- - You must be logged in to publish packages npm/cli#668)
• bc97875 9.0.0-beta.3
• 74c5d62 update lock
• 6a45632 chore - fixing eslint-scope to a safe version; resolves docs: fix header parsing that was breaking misc config manpage npm/cli#656. (NPM advisories data dump npm/cli#657)
• e0119e0 9.0.0-beta.2
• 198964b Merge pull request write EPROTO 14488:error:1408F10B:SSL npm/cli#645 from rubennorte/support-new-flow-syntax-in-scope-analysis

See the full diff

Package name: babel-plugin-istanbul

The new version differs by 32 commits.

• 9f006e9 chore(release): 5.0.0
• a9e1564 feat: upgrade to babel 7 and newest istanbul libraries ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #158)
• 321740f chore(release): 4.1.6
• 77b6eb7 chore: explicit update of istanbul dependencies ([Snyk] Fix for 8 vulnerabilities #149)
• 428a952 fix: include object-spread-syntax plugin ([Snyk] Fix for 13 vulnerabilities #141)
• 18fe954 fix: babel-preset-es2015 => babel-preset-env ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #138)
• 7045a03 chore(package): update coveralls to version 3.0.0 ([Snyk] Security upgrade ava from 3.15.0 to 5.3.0 #133)
• 38176ba chore(package): update mocha to version 4.0.0 ([Snyk] Fix for 6 vulnerabilities #134)
• 34c4c72 chore(release): 4.1.5
• 4aa4928 chore: explicitly upgrade instrumenter ([Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #126)
• 664af67 docs: add link to community slack ([Snyk] Fix for 8 vulnerabilities #122)
• 0fe7d7a chore(package): update nyc to version 11.1.0 ([Snyk] Fix for 10 vulnerabilities #121)
• 18fa787 chore(package): update nyc to version 11.0.2 ([Snyk] Fix for 20 vulnerabilities #112)
• 05aa2a2 chore(package): update chai to version 4.1.0 ([Snyk] Fix for 5 vulnerabilities #117)
• fca6a45 chore(release): 4.1.4
• 914d828 chore: update istanbuljs dependencies ([Snyk] Fix for 4 vulnerabilities #110)
• 2bdc94b chore(release): 4.1.3
• b10c1cd chore: explicit upgrade of istanbul dependencies ([Snyk] Fix for 8 vulnerabilities #104)
• 0d0d46e docs: switch to conventional commits badge
• 476a455 chore(release): 4.1.2
• 6f1bc89 chore: explicit update to dependencies ([Snyk] Fix for 21 vulnerabilities #100)
• eeb3328 chore(release): 4.1.1
• db8ecbe fix: explicit upgrade to patched version of istanbul-lib-instrument
• 4a0261d chore(release): 4.1.0

See the full diff

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal ([Snyk] Security upgrade tap from 13.1.11 to 18.0.0 #163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` ([Snyk] Security upgrade tap from 18.8.0 to 20.0.0 #160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support ([Snyk] Fix for 1 vulnerabilities #140)
• dbae68d Update dependent package count in the readme ([Snyk] Fix for 9 vulnerabilities #154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples ([Snyk] Fix for 6 vulnerabilities #129)
• 835ca3d You've just reached 10,000 dependent modules. ([Snyk] Fix for 8 vulnerabilities #122)
• 74c087d minor doc improvements ([Snyk] Fix for 8 vulnerabilities #120)

See the full diff

Package name: codecov

The new version differs by 179 commits.

• 29dd5b6 3.7.1
• c0711c6 Switch from execSync to execFileSync ([Snyk] Security upgrade ava from 3.15.0 to 5.3.0 #180)
• 5f6cc62 Bump lodash from 4.17.15 to 4.17.19 ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #183)
• 0c4d7f3 Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #182 from codecov/update-readme-badges
• cc5e121 Update depstat image and urls
• b44b44e Update readme with 400 error info ([Snyk] Fix for 1 vulnerabilities #181)
• bb79335 V3.7.0 ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #179)
• 0d7b9b0 Remove `'x-amz-acl': 'public-read'` header ([Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #178)
• eeff4e1 Bump acorn from 5.7.3 to 5.7.4 ([Snyk] Fix for 7 vulnerabilities #174)
• eb8a527 Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #172 from RoboCafaz/bugfix/codebuild-pr-parser
• 55d69cd Merge pull request [Snyk] Security upgrade tap from 7.1.2 to 18.0.0 #159 from SaferNodeJS/master
• ef348ec Verify source version before parsing PR
• ebe132e 3.6.5
• 02cf13d [CE-1330] Escaping args ([Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #167)
• e138efe Merge lastest changes
• bac0787 v3.6.4
• 203ff3a Merge pull request [Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #161 from codecov/drazisil-patch-1
• 696562d Merge pull request [Snyk] Security upgrade tap from 14.10.2-unbundled to 18.0.0 #147 from iansu/patch-1
• 7856231 v3.6.3
• 96e6d96 Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #166 from codecov/chore/updates
• c8ea169 update deps
• 7c4cdc4 Merge pull request [Snyk] Fix for 8 vulnerabilities #149 from aiell0/master
• 62389fa Merge pull request [Snyk] Security upgrade tap from 18.8.0 to 20.0.0 #162 from codecov/dependabot/npm_and_yarn/handlebars-4.5.3
• 73ae008 Add dependabot config

See the full diff

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (#18274)
• d54a412 feat: Add --inspect-config CLI flag (#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (#18269)
• 44a81c6 chore: upgrade knip (#18272)
• 94178ad docs: mention about `name` field in flat config (#18252)
• 1765c24 docs: add Troubleshooting page (#18181)
• e80b60c chore: remove code for testing version selectors (#18266)
• 96607d0 docs: version selectors synchronization (#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (#18235)
• a129acb fix: flat config name on ignores object (#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (#18232)
• 12f5746 docs: add info about dot files and dir in flat config (#18239)
• b93f408 docs: update shared settings example (#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (#18241)
• 7747097 docs: Update PR review process (#18233)

See the full diff

Package name: nyc

The new version differs by 250 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (Isaacs/install finish npm/cli#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn ([BUG] npm config get prefix super slow npm/cli#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports (npm install expo-cli npm/cli#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases (i am getting below error when i do npm install. does anyone know any solution? npm/cli#1240)
• f3c9e6c chore: Temporarily pin test-exclude ([BUG] npm ERR! cb() never called! npm/cli#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. ([BUG] Local package install fails on exFAT partition npm/cli#1232)
• 7307626 chore: Remove cp-file module (Release 6.14.5 npm/cli#1230)
• dfd629d fix: Better error handling for main execution, reporting ([BUG] When installing a git dependency, prepare script can see dev dependencies, prepack script can not npm/cli#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir ([QUESTION] ETIMEDOUT from npm run build npm/cli#1228)
• a1dee03 chore: Update yargs ([BUG] <Failed to build standalone app err: Error: yarn exited with non-zero code: 1> npm/cli#1224)
• 8078a79 chore: Fix 404 in README.md. (cb() never called! npm/cli#1220)
• 7a02cb7 chore: Add enterprise language ([BUG] Replace deprecated "request" by "got" npm/cli#1217)
• ea94c7f chore: Remove unused functions (npm 上传组件 样式丢失 npm/cli#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README ([BUG] <ExFat file system installs fail when updating packages> npm/cli#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files ([FEATURE] Add ability to install only the packages in package.json without any of their dependencies npm/cli#1216)
• f890360 docs: Fix URL to default excludes in README.md ([BUG] npm ci fails with git based dependencies npm/cli#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers (Unexpected end of JSON input while parsing near '... ^5.0.0"},"dist":{"in' npm/cli#1198)
• cc77e13 chore: Add `use strict` to all except fixtures ([FEATURE] Support signed releases npm/cli#1197)
• bcbe1df chore: Update dependencies ([BUG] npm install script override works like postinstall npm/cli#1196)
• 2735ee2 chore: 100% coverage (Expo not installing npm/cli#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup (Expo not installing npm/cli#1194)

See the full diff

Package name: rimraf

The new version differs by 102 commits.

• a1268c9 4.3.1
• cacc067 changelog 4.3.1
• cd6fbc6 Only call directory removal method on actual dirs
• 4937e64 format markdown
• ba35d77 always return Dirents from readdir
• f923bb0 4.3.0
• ed7b2a6 test: chmod ordering is nondeterministic
• 4cb1d47 changelog about bin interactivity
• 95e13f2 try to make the interactive test less flaky
• 38e731f bin: add interactive mode
• ca28abb let the filter option be async for async methods
• 3b57687 add --verbose, --no-verbose to bin
• ed3288e add filter option
• e828fe2 Update v4 glob support in README
• 80aef8b 4.2.0
• 0d19a99 changelog 420
• f768f26 treat paths as glob patterns when glob option set
• 5760716 make rimraf cancelable with AbortSignals
• 417cdc7 4.1.4
• bdfa60c update deps, export types properly for cjs module
• 20e3799 use NodeJS.ErrnoException instead of FsError
• 450e3d2 4.1.3
• 8d77621 add declarationMap to tsconfig
• 49a2958 formatting tests

See the full diff

Package name: rollup

The new version differs by 250 commits.

• dfd233d 3.29.5
• 2ef77c0 Fix DOM Clobbering CVE
• a6448b9 3.29.4
• 4e92d60 Deoptimize all parameters when losing track of a function (deps: npm-profile@6.2.0 npm/cli#5158)
• 801ffd1 3.29.3
• 353e462 Fully deoptimize first level path when deoptimizing nested parameter paths ([BUG] NPM not recognized the env alias  npm/cli#5153)
• a1a89e7 chore(deps): update dependency @ vue/eslint-config-typescript to v12 (chore: add dependencies script npm/cli#5148)
• cc14f70 chore(deps): lock file maintenance minor/patch updates (Warn adduser changes, undeprecate --auth-type, but warn for some values npm/cli#5149)
• 1e8355b docs: improve the docs repl appearance in the light mode ([BUG] when i install a package with -g i get a code EACCES error npm/cli#5145)
• 5950fc8 Adapt branches in REPL workflow
• e1a78ff 3.29.2
• be3b25c chore(deps): lock file maintenance minor/patch updates (fix typo npm/cli#5137)
• 846e1bd fix: exports `TreeshakingPreset` ([BUG] npm config set ignores values starting with "-" npm/cli#5131)
• a7d0ac1 docs: steps to enable symlinks on windows ([BUG] npx no longer works with github: registry npm/cli#5134)
• a5c88b7 3.29.1
• 40da6f8 Ignore wasm files when linting
• bec9e07 fix: access document.currentScript at the top level (docs: typo in npm command npm/cli#5118)
• 1d0c6be fix(perf): avoid superfluous timer wrappings in watch mode ([BUG] npm incorrectly assumes existence of root-owned files on Termux npm/cli#5114)
• e9fef3f re-enbale repl-artefacts workflow for rollup-swc branch ([BUG] Cannot read properties of null (reading 'isWorkspace') npm/cli#5129)
• 6cb637d chore(deps): lock file maintenance minor/patch updates ([BUG] npm install modifies yarn.lock in incorrect ways npm/cli#5126)
• e871ad8 chore(deps): update actions/checkout action to v4 ([BUG] npm ci validates package-lock.json that is generated with an older version of npm and fails to resolve npm/cli#5125)
• 642e566 3.29.0
• 884e678 Deoptimize custom event detail ([BUG] npx npm_config_yes=true or --yes not working as expected and npx still requires confirmation for installation npm/cli#5123)
• c6aa575 Added option to name sourcemap files, i.e. a output.sourcemapFileName… (Release/v8.13.2 npm/cli#5105)

See the full diff

Package name: rollup-plugin-babel

The new version differs by 130 commits.

• 05fb203 4.4.0
• c2821d0 Allow Rollup 2 in peer dependency range
• 4d8c0c5 4.3.3
• e386e1f Update rollup-pluginutils@2.8.1 ([Snyk] Security upgrade tap from 0.4.13 to 18.0.0 #311)
• 54a166a chore: npm audit fix
• 18e4232 chore: audit fixes
• 8357816 Update CHANGELOG with note about 4.3.2
• 79941b5 4.3.2
• a7e7676 Fix usage with externalHelpers flag
• 66f2f41 Add note to CHANGELOG about v4.3.1
• a7aaac7 4.3.1
• 214882b Add js extention to helper file ([Snyk] Fix for 4 vulnerabilities #296)
• e746832 Update CHANGELOG
• 551ef31 Fix reference to the plugin in the README
• bf9f1a2 4.3.0
• 97ac95b Merge branch 'custom-builder'
• f250dea Add docs about .custom builder
• 542c143 Merge branch 'master' into custom-builder
• ba2559a Fail build when trying plugin tries to add non-existent helper ([Snyk] Fix for 10 vulnerabilities #290)
• 0a764c0 Remove unnecessary guard against missing plugins in preflight check
• 31a6f88 Tweak .custom API, validate options hook - it cant be async
• 54d3cee Merge branch 'master' into custom-builder
• 0752385 Update devDep to rollup@1
• c8983e5 4.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.