[Snyk] Fix for 17 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/diff/package.json
  • node_modules/diff/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1136, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 162, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	170/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 7, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	Yes	Proof of Concept
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01244, Social Trends: No, Days since published: 1379, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 327, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	119/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 147, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.83, Score Version: V5	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 162, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00179, Social Trends: No, Days since published: 735, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	154/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 867, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.56, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	63/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00076, Social Trends: No, Days since published: 1020, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.64, Score Version: V5	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	99/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1017, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.75, Score Version: V5	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	144/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 28, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.54, Likelihood: 3.15, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	Yes	Proof of Concept
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 982, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	207/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00059, Social Trends: No, Days since published: 55, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.64, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	Yes	Proof of Concept
	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 214, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	Yes	Proof of Concept
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2583, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (#18274)
• d54a412 feat: Add --inspect-config CLI flag (#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (#18269)
• 44a81c6 chore: upgrade knip (#18272)
• 94178ad docs: mention about `name` field in flat config (#18252)
• 1765c24 docs: add Troubleshooting page (#18181)
• e80b60c chore: remove code for testing version selectors (#18266)
• 96607d0 docs: version selectors synchronization (#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (#18235)
• a129acb fix: flat config name on ignores object (#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (#18232)
• 12f5746 docs: add info about dot files and dir in flat config (#18239)
• b93f408 docs: update shared settings example (#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (#18241)
• 7747097 docs: Update PR review process (#18233)

See the full diff

Package name: grunt-eslint

The new version differs by 16 commits.

• 82c984f 25.0.0
• 5d282f8 Meta tweaks
• 81834b4 Update to ESLint 9, support flat config, and require Node.js 18 ([Snyk] Security upgrade mocha from 4.1.0 to 10.1.0 #175)
• 0704be0 v24.3.0
• 495118b Update dependencies
• fac0aff 24.2.0
• 826ca5f Update dependencies
• 88cbcac 24.1.0
• 89eb056 Support async formatters ([Snyk] Fix for 7 vulnerabilities #174)
• 63a9fe7 24.0.1
• 1322e30 Fix the plugin not finishing in some cases
• 259ce5c Meta tweaks
• 5e086f7 24.0.0
• 7bb705b Cleanup
• dbaf9d5 Upgrade to ESLint 8 and require Node.js 12 ([Snyk] Fix for 6 vulnerabilities #171)
• 3de5e21 Move to GitHub Actions ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #170)

See the full diff

Package name: karma-webpack

The new version differs by 33 commits.

• 46a5505 Merge branch 'master' into next
• 71fc63a fix(config): ignore entry options ([Snyk] Fix for 7 vulnerabilities #479)
• 05cfa79 fix(docs): fixed warning inaccuracy ([Snyk] Fix for 20 vulnerabilities #478)
• 1598fa6 fix(config): force default output.filename ([Snyk] Fix for 12 vulnerabilities #477)
• d603679 change(readme): made minor adjustments ([Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #476)
• 5300200 refactor(*): break up into individual modules ([Snyk] Fix for 35 vulnerabilities #474)
• 8ad09d1 fix(test): handle scenario test rejection ([Snyk] Security upgrade tap from 0.4.13 to 18.0.0 #473)
• da86766 chore(release): 5.0.0-alpha.6
• 98b3ec9 chore(deps): bump hotfix dependencies ([Snyk] Fix for 24 vulnerabilities #472)
• ea5dc8e fix(preprocess): auto fix missing webpack framework ([Snyk] Fix for 24 vulnerabilities #471)
• b044404 chore(test): refactored hash method into util ([Snyk] Fix for 13 vulnerabilities #470)
• ea3dabe fix(controller): add entropy to default dir ([Snyk] Fix for 5 vulnerabilities #469)
• 57b131e chore(test): fix testing on linux ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #468)
• 52ac365 chore(lint): fix linter settings ([Snyk] Fix for 5 vulnerabilities #467)
• 6369729 feat(ci): added github workflow for testing ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #464)
• e8ad372 chore(test): set up integration testing ([Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #461)
• f7af31f chore(readme): add next tag to install command
• 2cc5495 chore(readme): add info about webpack v5
• a300178 chore(release): 5.0.0-alpha.5
• 2e0ca74 chore(package): update peer dependency to webpack v5
• 2e2ca3f chore(release): 5.0.0-alpha.4
• 4fe1f60 chore(controller): change the webpack watch logic
• 8d7366f chore: fix support for webpack v5
• 3cc35b3 test(plugin): add tests to prevent some regressions ([Snyk] Fix for 10 vulnerabilities #419)

See the full diff

Package name: mocha

The new version differs by 250 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (Alias --tag to --channel npm/cli#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons ([BUG] Inconsistent values for npm_package_* env variable when executing command in workspace since npm v8.8.0 npm/cli#4912)
• 41567df Support prefers-color-scheme: dark ([BUG] GitHub references to dependencies slow/hang npm/cli#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (chore: add fallback audit to tests npm/cli#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill ([BUG] Depends on deprecated packages path-is-absolute and read-package-tree npm/cli#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (Renovate npm/cli#4899)
• 023f548 build(v10.0.0): release
• 62b1566 build(v10.0.0): update CHANGELOG
• fbe7a24 chore: update dependencies (chore: update action secrets + bot info npm/cli#4878)
• 2b98521 docs: replace 'git.io' short links ([BUG] Inconsistent --silent for npm install npm/cli#4877) [ci skip]
• 007fa65 chore(ci): add Node v18 to test matrix ([BUG] Failed to install any package with ERROR Code"npm ERR! Cannot read property 'insert' of undefined" npm/cli#4876)
• f6695f0 chore(esm): remove code for Node v12 (feat: add flag --omit-lockfile-registry-resolved npm/cli#4874)
• 59f6192 chore(ci): conditionally skip 'push' event (deps: make-fetch-happen@10.1.3 npm/cli#4872)
• b863359 docs: fix 'fgrep' url ([BUG] npx@8 regression: command injection / impossible to pass a bactick as argument npm/cli#4873)
• baaa41a chore(ci): ignore changes to docs files ([BUG] npx command not install latest package npm/cli#4871)
• ac81cc5 refactor!: drop support of 'growl' notification ([DOCS] Explain behavior of "npm install" w/r/t package versions in package-lock.json. npm/cli#4866)
• 3946453 chore(deps)!: upgrade 'minimatch' (package-json.md npm/cli#4865)
• 592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' ([BUG] Critical issue with npm link --install-links --save ../package/ deleting the package directory! npm/cli#4863)
• b7b849b refactor!: remove deprecated Runner signature ([BUG] the output of the publish and postpublished are mixed up npm/cli#4861)
• 0608fa3 chore(site): fix supporters' download ([BUG] npm can install an invalid tree with transitive optional peer deps npm/cli#4859)
• 785aeb1 chore(test): drop AMD/'requirejs' (fix: consolidate bugs, docs, repo command logic npm/cli#4857)
• ed640c4 chore(devDeps): upgrade 'coffee-script' (deps: npm-packlist@5.0.3 npm/cli#4856)

See the full diff

Package name: rollup

The new version differs by 250 commits.

• dfd233d 3.29.5
• 2ef77c0 Fix DOM Clobbering CVE
• a6448b9 3.29.4
• 4e92d60 Deoptimize all parameters when losing track of a function (deps: npm-profile@6.2.0 npm/cli#5158)
• 801ffd1 3.29.3
• 353e462 Fully deoptimize first level path when deoptimizing nested parameter paths ([BUG] NPM not recognized the env alias  npm/cli#5153)
• a1a89e7 chore(deps): update dependency @ vue/eslint-config-typescript to v12 (chore: add dependencies script npm/cli#5148)
• cc14f70 chore(deps): lock file maintenance minor/patch updates (Warn adduser changes, undeprecate --auth-type, but warn for some values npm/cli#5149)
• 1e8355b docs: improve the docs repl appearance in the light mode ([BUG] when i install a package with -g i get a code EACCES error npm/cli#5145)
• 5950fc8 Adapt branches in REPL workflow
• e1a78ff 3.29.2
• be3b25c chore(deps): lock file maintenance minor/patch updates (fix typo npm/cli#5137)
• 846e1bd fix: exports `TreeshakingPreset` ([BUG] npm config set ignores values starting with "-" npm/cli#5131)
• a7d0ac1 docs: steps to enable symlinks on windows ([BUG] npx no longer works with github: registry npm/cli#5134)
• a5c88b7 3.29.1
• 40da6f8 Ignore wasm files when linting
• bec9e07 fix: access document.currentScript at the top level (docs: typo in npm command npm/cli#5118)
• 1d0c6be fix(perf): avoid superfluous timer wrappings in watch mode ([BUG] npm incorrectly assumes existence of root-owned files on Termux npm/cli#5114)
• e9fef3f re-enbale repl-artefacts workflow for rollup-swc branch ([BUG] Cannot read properties of null (reading 'isWorkspace') npm/cli#5129)
• 6cb637d chore(deps): lock file maintenance minor/patch updates ([BUG] npm install modifies yarn.lock in incorrect ways npm/cli#5126)
• e871ad8 chore(deps): update actions/checkout action to v4 ([BUG] npm ci validates package-lock.json that is generated with an older version of npm and fails to resolve npm/cli#5125)
• 642e566 3.29.0
• 884e678 Deoptimize custom event detail ([BUG] npx npm_config_yes=true or --yes not working as expected and npx still requires confirmation for installation npm/cli#5123)
• c6aa575 Added option to name sourcemap files, i.e. a output.sourcemapFileName… (Release/v8.13.2 npm/cli#5105)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• 8bf907b fix: handle ASI for export declaration
• 420cb39 fix: handle ASI for export declaration
• 844fe4b fix: ts types
• e8384b2 chore(deps-dev): bump @ types/node from 22.2.0 to 22.3.0 in the dependencies group
• 78f7842 chore(deps-dev): bump @ types/node in the dependencies group
• a2b0f9b fix: ts types
• 46cee28 feat: support `webpackIgnore` for `new URL()` construction
• 71ce863 fix: mangle destruction incorrect with export named default
• ddbea27 test: name in multi compiler mode
• 04d70cd test: name in multi compiler mode
• ebd3050 test: more
• 5cdd031 feat: support `webpackIgnore` for `new URL()` construction
• 0d856a3 fix: mangle destruction incorrect with export named default
• cb6ffaf fix: handle ASI for export named declarations

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• 11bfcde chore(release): 4.15.2
• 4116209 fix(security): bump webpack-dev-middleware
• 540c438 chore(release): 4.15.1
• 34bcec2 fix(types): compatibility with `@ types/ws` (Renovate npm/cli#4899)
• 3d61107 chore(deps-dev): bump eslint from 8.40.0 to 8.41.0 ([BUG] npm repo <pkg> assumes a master branch npm/cli#4867)
• ddc87c8 chore(deps-dev): bump @ types/node from 18.16.9 to 18.16.14 (fix: cleanup star/unstar npm/cli#4868)
• 168cf65 chore(deps-dev): bump @ types/node from 18.16.7 to 18.16.9 (fix: remove test coverage map npm/cli#4862)
• 874c44b fix: replace `::` with `localhost` before openBrowser() (deps: npm-packlist@5.0.3 npm/cli#4856)
• c54e427 chore(deps-dev): bump @ types/node from 18.16.3 to 18.16.7 (fix: consolidate bugs, docs, repo command logic npm/cli#4857)
• b2c8017 chore(deps-dev): bump webpack from 5.82.0 to 5.82.1 (npm install (Ubuntu) npm/cli#4858)
• 4e35921 chore(deps-dev): bump eslint from 8.39.0 to 8.40.0 ([BUG] Unable to update peer dependencies in workspaces npm/cli#4851)
• 99f66cb chore(release): 4.15.0
• d1dd430 feat: overlay displays unhandled promise rejection (Some typos npm/cli#4849)
• 51f8a1b chore(release): 4.14.0
• aab01b3 feat: allow filter overlay errors/warnings with function ([BUG] dist files were not packed npm/cli#4813)
• ee748a7 chore(deps-dev): bump webpack from 5.81.0 to 5.82.0 (docs: remove incorrect v6 auto prune info npm/cli#4845)
• 217e156 chore(deps-dev): bump @ babel/runtime from 7.21.0 to 7.21.5 (chore(benchmarks): add missing space to if condition npm/cli#4841)
• 1aef67c chore(deps-dev): bump @ babel/eslint-parser from 7.21.3 to 7.21.8 (fix(exec): ignore packageLockOnly flag npm/cli#4843)
• 37cad89 chore(deps-dev): bump @ babel/core from 7.21.5 to 7.21.8 ([BUG] NPM doesn't complain about malformed JSON in package-lock file npm/cli#4844)
• 90bd7ca chore(deps-dev): bump @ babel/core from 7.21.4 to 7.21.5 ([BUG] init.author.name deprecation warning does not stop npm/cli#4840)
• 71d4e4b chore(deps-dev): bump @ babel/preset-env from 7.21.4 to 7.21.5 (chore: gitignore __pycache__ directories in node_modules npm/cli#4842)
• 35b57c0 chore(deps): bump @ types/connect-history-api-fallback (#4836)
• 99ce405 chore(deps-dev): bump @ babel/cli from 7.21.0 to 7.21.5 ([BUG] svelte-prepocess install fails : npm ERR! Exit handler never called! npm/cli#4839)
• 3477ef3 chore(deps-dev): bump @ types/node from 18.16.2 to 18.16.3 ([BUG] npm exits silently with the code 254 and read only filesystem npm/cli#4838)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00123, Social Trends: No, Days since published: 3046, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!