[Snyk] Fix for 36 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/handlebars/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	165/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0037, Social Trends: No, Days since published: 1560, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1137, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 163, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	278/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00768, Social Trends: No, Days since published: 1275, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 98, Impact: 7.84, Likelihood: 3.55, Score Version: V5	Prototype Pollution SNYK-JS-DUSTJSLINKEDIN-1089257	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 328, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	179/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01027, Social Trends: No, Days since published: 668, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.28, Score Version: V5	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00306, Social Trends: No, Days since published: 695, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.9, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0097, Social Trends: No, Days since published: 719, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.91, Score Version: V5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00694, Social Trends: No, Days since published: 715, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.91, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1346, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00858, Social Trends: No, Days since published: 1346, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.44, Score Version: V5	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	152/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02082, Social Trends: No, Days since published: 1940, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.69, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1524, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.67, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 191, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00128, Social Trends: No, Days since published: 2090, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	133/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.004, Social Trends: No, Days since published: 2028, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.21, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 163, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 3046, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00179, Social Trends: No, Days since published: 736, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	59/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.03488, Social Trends: No, Days since published: 947, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.51, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1687, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	154/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 868, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.56, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	154/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1668, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.56, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	188/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2033, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.92, Score Version: V5	Arbitrary Code Injection SNYK-JS-OPEN-174041	Yes	No Known Exploit
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00111, Social Trends: No, Days since published: 586, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.64, Score Version: V5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	111/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00213, Social Trends: No, Days since published: 481, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00285, Social Trends: No, Days since published: 1242, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	46/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1078, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.92, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 982, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	207/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00059, Social Trends: No, Days since published: 56, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.64, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	Yes	Proof of Concept
	158/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 215, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.36, Score Version: V5	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	Yes	Proof of Concept
	212/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00196, Social Trends: No, Days since published: 2218, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 3.53, Score Version: V5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	Proof of Concept
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 2437, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	140/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00122, Social Trends: No, Days since published: 2443, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.48, Score Version: V5	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00123, Social Trends: No, Days since published: 3046, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	214/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 2355, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.19, Score Version: V5	Arbitrary Command Injection npm:open:20180512	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-loader

The new version differs by 250 commits.

• 9ff288f 9.0.0
• 006a3dc Update README.md
• daed88a Update README.md
• 0ed5fd6 Bump ini from 1.3.5 to 1.3.8 (Isaacs/update libnpmetc stuff npm/cli#968)
• b1749e3 Bump y18n from 4.0.0 to 4.0.3 ([BUG] <ng2-search-filter not providing correct search values> npm/cli#967)
• 3a55a4a Bump lodash from 4.17.20 to 4.17.21 (running npm publish from package.json scripts gives 401 Unauthorized npm/cli#966)
• 9a4ffe0 Bump normalize-url from 4.5.0 to 4.5.1 ([FEATURE] depadded script hook npm/cli#962)
• 28f2482 Bump hosted-git-info from 2.8.8 to 2.8.9 ([BUG] ENOENT: no such file or directory npm/cli#964)
• d850108 Bump glob-parent from 5.1.1 to 5.1.2 (cb() never called! npm/cli#965)
• 29de619 Build for node 14.15.0 (npm root -g and npm bin -g should be sped up npm/cli#963)
• 9a2451f Remove dependency on loader-utils and drop webpack 4 support ([QUESTION] <title> npm/cli#942)
• 12876a5 Bump tar from 6.0.5 to 6.1.11 ([BUG] sha512 error..? npm/cli#960)
• 98a708e Bump trim-off-newlines from 1.0.1 to 1.0.3 ([BUG] npm unpublish should warn about mandatory 24-hour waiting period npm/cli#958)
• 4ae5696 Bump minimist from 1.2.5 to 1.2.7 ( cb() never called! npm/cli#957)
• 4f00e41 Bump terser from 5.6.1 to 5.15.1 (Invalid package name "buffer 2" npm/cli#959)
• 87bfae7 Bump babel and node minimum versions (Error <Failed at the @abandonware/noble@1.9.2-6 install script>? npm/cli#956)
• df28fe3 Fix broken main test ([BUG] Fails to install npm packages from private github repos in docker since v6.11.0 npm/cli#950)
• 0b338e4 update hash method so it doesn't fail on a fips enabled machine (Update npm-publish.md npm/cli#939)
• 1f98d3c 8.2.5
• c622868 fix: respect `inputSourceMap` loader option (> ## 6.13.6 (2020-01-09) npm/cli#896)
• f7982c1 8.2.4
• 4bb9e21 Use md5 hashing for OpenSSL 3 (#784 npm/cli#924)
• 247c94b Bump loader-utils to 2.x ([FEATURE] Could support for other repositories or external private repos (via packages.json) be added to package dependencies? npm/cli#931)
• 052c07a doc(README.md): fix a broken markdown link (#221 npm/cli#919)

See the full diff

Package name: dtslint

The new version differs by 165 commits.

• 7506ca9 4.2.1 - update @ definitelytyped and dts-critic dependencies
• 6a0d0a8 Fix typo in tsconfig.json example ([Snyk] Fix for 8 vulnerabilities #347)
• 8b008ef 4.2.0
• a01c209 Merge pull request [Snyk] Fix for 5 vulnerabilities #346 from microsoft/weswigham-patch-1
• 95cb8bb Allow package.json files to specify imports/exports/type
• 274f0d0 Add concurrency explanation -> FAQ ([Snyk] Security upgrade tap from 18.8.0 to 20.0.0 #343)
• e28f894 Sync README tsconfig.json with dts-gen template ([Snyk] Fix for 8 vulnerabilities #345)
• 33eb773 4.1.6 - update @ definitelytyped + dts-critic depenendencies
• a499141 4.1.5 - update @ definitelytyped + dts-critic depenendencies
• 88b6f89 4.1.3 - Improve no-single-module rule
• cd084e8 Remove 'external module' wording from rules ([Snyk] Fix for 10 vulnerabilities #340)
• fc56160 fix(no-single-declare-module): allow single wildcard module declaration ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #339)
• b0ddfa0 4.1.3 - allow pre-1.0 /v* subdirectories
• 07fcc26 Allow pre-1.0 /v* subdirectories. ([Snyk] Security upgrade tap from 7.1.2 to 18.0.0 #338)
• 26d1ca2 4.1.2 - turn on redundant-undefined
• 76886d9 no-redundant-undefined: enforce `undefined` for optional parameters ([Snyk] Fix for 21 vulnerabilities #335)
• 9d74c37 4.1.1 - disable no-redundant-undefined
• c25769b Disable no-redundant-undefined rule ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #336)
• df3654a Version bump to 4.1.0 to workaround npm-should-deploy-action bug
• dc1c122 Update @ definitelytyped+dts-critic
• f74c1d2 update to latest @ definitelytyped+dts-critic
• 69c00c7 Merge pull request [Snyk] Fix for 12 vulnerabilities #327 from microsoft/update_node_Types
• 22256e2 Merge pull request [Snyk] Security upgrade standard from 12.0.1 to 16.0.0 #317 from jablko/patch-7
• 0c0eeac Update node types

See the full diff

Package name: dustjs-linkedin

The new version differs by 36 commits.

• 5cd5529 Release v3.0.1
• 0d72e0b Merge pull request [FEATURE] Cache build artifacts for npm ci npm/cli#808 from sumeetkakkar/topic/update-deps
• b2aaa47 Merge branch 'master' into topic/update-deps
• bd397ea Update tests.yaml: add --legacy-peer-deps to support npm 8 restrictions
• 115f78c dependency update: chokidar
• d951a90 Update tests.yml
• ea9ae70 Create tests.yml
• 2e8795c Release v3.0.0
• 6f98371 merge from 2.7
• db6d8b9 Merge pull request [QUESTION] <403 forbidden> npm/cli#805 from sumeetkakkar/fix/proto-pollution
• ddb6523 fix for prototype pollution vulnerability
• e0e25f7 Merge pull request [BUG] typeerror Error: Missing required argument #1 npm/cli#756 from danactive/master
• eeb1c17 Decrease security vulnerabilities by upgrading cli dependency (I can't able to start the npm npm/cli#754 @babel/helper-compilation-targets 7.8.4 having issue with Create-React-app npm/cli#748)
• d485a72 {?exists} and {^exists} resolve Promises and check if the result exists (First Create-React-App - NPM Start - Blank Screen npm/cli#753)
• 43c0831 place location provided by peg 0.9 onto the AST
• 07b73b3 Merge pull request EIntegrity error is thrown while doing npm install npm/cli#744 from sethkinast/is-context
• ae69314 Don't use instanceof to determine if a Context is a Context
• dc1e1dc Merge pull request feat: added script to update dist-tags npm/cli#736 from brianmhunt/master
• 6f6c49f Prioritize .then on thenable functios (Npm audit fixes npm/cli#735)
• 487da8d Merge pull request [errr] <npm install -g expo-cli> npm/cli#734 from sethkinast/master
• a671ebd Bump deps
• 7bc3b77 Update streaming-incremental example to work with newer q
• 3fc12ef Merge pull request [BUG] "Cannot read property 'match' of undefined" when doing npm audit fix npm/cli#703 from sethkinast/peg-0.9
• c1d9e21 Merge pull request docs: mention --no-optional in package-json npm/cli#705 from sethkinast/context-templatename

See the full diff

Package name: grunt-babel

The new version differs by 16 commits.

• 3fee421 7.0.0
• 4c89e7e add missing peerDep
• 79450ee Merge pull request [Snyk] Fix for 12 vulnerabilities #79 from babel/b7-alpha
• 59ffa73 remove node 0.10/0.12 from travis
• 75bc67f fix readme [skip ci]
• 5e7fdd5 make peerDep on babel-core v7
• cf4f0c7 lock down XO
• 97120ca ES6 → ES2015
• 44e9762 meta tweaks
• a7874fd bump dev deps
• ce3bbc3 bump dev deps
• 766123a fix docs
• ff01c19 6.0.0
• 54c583e tweaks
• 9772e55 Merge pull request [Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #53 from underbyte/update-babel-core
• 9f3149c upgrade babel-core to 6.0.2

See the full diff

Package name: grunt-contrib-concat

The new version differs by 8 commits.

• 9e0f72f 2.0.0
• de2b0e9 Merge pull request [Snyk] Fix for 8 vulnerabilities #192 from gruntjs/release-2
• 2f2aeff Release docs
• 63a42a8 Merge pull request [Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #191 from gruntjs/update-deps-oct
• 4c4fab8 Update CI
• 71d6edd Update dependencies
• 9054b14 Merge pull request [Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #176 from alexjking/fix-browserify-sourcemap-regex
• b1cf785 fix(sourcemap-regex): fix regex to match browserify sorucemap charset

See the full diff

Package name: grunt-contrib-uglify

The new version differs by 63 commits.

• a3f3f34 5.2.1
• 3c8d904 Update Readme
• 0850dcd update dependencies ([BUG] npm ci fails with EPERM/unlink error on windows npm/cli#568)
• c27ad5f Bump minimist from 1.2.5 to 1.2.6 ([BUG] npm incorrectly deduplicates aliased modules when shrinkwrap present npm/cli#567)
• 98b4c5f Fix documentation in relation to issue Fixed "publish --force" not correctly publishing for already published packages npm/cli#565 ([BUG] cb() never called! when run npm ci command npm/cli#566)
• 7228446 Bump minimist from 1.2.5 to 1.2.6 (npm does not support Node.js v13.3.0 npm/cli#563)
• e410511 Update deps, v5.1.0 ([FEATURE] Do not remove node_modules on npm ci npm/cli#564)
• 2cb31be Update uglify-js to v3.15.2 (error code Unknown system error -122 npm/cli#562)
• 12ca0f2 Fix wording in README.md ([BUG] Failed parsing JSON config key userconfig npm/cli#560)
• 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 ([BUG] npm ci installs an optional dependency which targets a different os than the host os npm/cli#558)
• 0e4b1a0 Update uglify-js ([BUG] Webpage is showing incorrect package information npm/cli#557)
• 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (trying to install aws-amplify/cli and error was thrown as cb() was never called  npm/cli#556)
• 4e83e45 Update UglifyJS to 3.13.3 ([BUG] "npm explore <pkg>" fails on Windows (node.js LTS) npm/cli#554)
• 8674feb Bump ini from 1.3.5 to 1.3.8 (npm [QUESTION] <title> npm/cli#552)
• 14b71da v5.0.0
• 9259448 Bump lodash from 4.17.11 to 4.17.19 (Fix cache location for npm ci npm/cli#550)
• 4645446 Bump js-yaml from 3.5.5 to 3.14.0 ([Step is not defined] <Mocha-Steps "step is not defined"> npm/cli#551)
• b7bcde4 Delete .travis.yml
• cba2631 Delete appveyor.yml
• 3dc53f0 ini github workflow
• f65dbb9 v4.0.1. ([BUG] npm link ../doesnt-exist gives EINVALIDTYPE npm/cli#535)
• b33a071 upgrade devDependencies (Improve shrinkwrap security by default by using always SHA512 hashes npm/cli#536)
• 1e40037 upgrade to uglify-js 3.5.0 ([QUESTION] Can I define myself dependency-types? npm/cli#534)
• 33724cd update links to uglifyJS documentation ([BUG] npm@6.13.1: TypeError: mkdirp is not a function npm/cli#530)

See the full diff

Package name: grunt-eslint

The new version differs by 28 commits.

• 82c984f 25.0.0
• 5d282f8 Meta tweaks
• 81834b4 Update to ESLint 9, support flat config, and require Node.js 18 ([Snyk] Security upgrade mocha from 4.1.0 to 10.1.0 #175)
• 0704be0 v24.3.0
• 495118b Update dependencies
• fac0aff 24.2.0
• 826ca5f Update dependencies
• 88cbcac 24.1.0
• 89eb056 Support async formatters ([Snyk] Fix for 7 vulnerabilities #174)
• 63a9fe7 24.0.1
• 1322e30 Fix the plugin not finishing in some cases
• 259ce5c Meta tweaks
• 5e086f7 24.0.0
• 7bb705b Cleanup
• dbaf9d5 Upgrade to ESLint 8 and require Node.js 12 ([Snyk] Fix for 6 vulnerabilities #171)
• 3de5e21 Move to GitHub Actions ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #170)
• 61e98a9 23.0.0
• 2ba9e26 Meta tweaks
• a8f45f6 Upgrade to ESLint 7 and require Node.js 10 ([Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #167)
• 274625a Update link to built-in formatter ([Snyk] Fix for 8 vulnerabilities #164)
• 2922b4c 22.0.0
• 7707f60 Upgrade to ESLint v6 and require Node.js 8
• a18f9ee 21.1.0
• 7950891 Bumped the eslint version to 5.16.0 ([Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #161)

See the full diff

Package name: istanbul

The new version differs by 72 commits.

• 89e338f 0.4.5
• 7efe4dc update changelog, contributors
• da79378 Merge pull request Release 6.13.6 npm/cli#673 from popomore/swap-fileset-for-glob
• 58f4c90 swap fileset for glob
• fef889b Merge pull request NPM advisories data dump npm/cli#657 from djorg83/master
• 91bb666 log filename when file fails to parse using esprima
• 5dbd62c 0.4.4
• 5642fb4 Update changelog, contributors
• f4195bb Merge pull request [Snyk] Fix for 22 vulnerabilities #507 from Victorystick/es-modules-support
• c521035 Merge pull request [QUESTION] Some wrong log when I run npm install npm/cli#628 from inversion/use-tmp-dir
• 66fffdc Merge pull request [BUG] I've npm publish'd a library but it ain't showing on npmjs.com npm/cli#597 from JamesMGreene/patch-1
• dfcab10 Merge pull request docs: update gatsby dependencies npm/cli#627 from a0viedo/patch-1
• abec3ae Merge pull request [BUG] <title> npm/cli#625 from ChALkeR/tmpdir
• a9aaf53 tmp dir setting was being ignored in TmpStore
• 522f465 link build badge to master branch
• 0b5e80d use os.tmpdir() instead of os.tmpDir()
• 5069661 Set "medium" coverage CSS color scheme to yellow
• 0e8c350 Merge pull request [BUG] Phantom lock file npm/cli#587 from clickthisnick/chore-remove-trailing-spaces
• fc3ba35 0.4.3
• b3de106 Update changelog, contributors
• bb5b6e1 Merge pull request feat: add mergeable.yml to prevent merges without review approvals npm/cli#579 from jtangelder/fix-colors
• 0411600 return plain string when an invalid clazz is given
• a556a5e Merge pull request npm [QUESTION] <title> npm/cli#552 from abejfehr/patch-1
• 369ed49 Merge pull request [BUG] Couldn't find any versions for "core-js" that matches "3.4.7" npm/cli#545 from pra85/patch-1

See the full diff

Package name: mocha

The new version differs by 250 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (Alias --tag to --channel npm/cli#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons ([BUG] Inconsistent values for npm_package_* env variable when executing command in workspace since npm v8.8.0 npm/cli#4912)
• 41567df Support prefers-color-scheme: dark ([BUG] GitHub references to dependencies slow/hang npm/cli#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (chore: add fallback audit to tests npm/cli#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill ([BUG] Depends on deprecated packages path-is-absolute and read-package-tree npm/cli#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (Renovate npm/cli#4899)
• 023f548 build(v10.0.0): release
• 62b1566 build(v10.0.0): update CHANGELOG
• fbe7a24 chore: update dependencies (chore: update action secrets + bot info npm/cli#4878)
• 2b98521 docs: replace 'git.io' short links ([BUG] Inconsistent --silent for npm install npm/cli#4877) [ci skip]
• 007fa65 chore(ci): add Node v18 to test matrix ([BUG] Failed to install any package with ERROR Code"npm ERR! Cannot read property 'insert' of undefined" npm/cli#4876)
• f6695f0 chore(esm): remove code for Node v12 (feat: add flag --omit-lockfile-registry-resolved npm/cli#4874)
• 59f6192 chore(ci): conditionally skip 'push' event (deps: make-fetch-happen@10.1.3 npm/cli#4872)
• b863359 docs: fix 'fgrep' url ([BUG] npx@8 regression: command injection / impossible to pass a bactick as argument npm/cli#4873)
• baaa41a chore(ci): ignore changes to docs files ([BUG] npx command not install latest package npm/cli#4871)
• ac81cc5 refactor!: drop support of 'growl' notification ([DOCS] Explain behavior of "npm install" w/r/t package versions in package-lock.json. npm/cli#4866)
• 3946453 chore(deps)!: upgrade 'minimatch' (package-json.md npm/cli#4865)
• 592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' ([BUG] Critical issue with npm link --install-links --save ../package/ deleting the package directory! npm/cli#4863)
• b7b849b refactor!: remove deprecated Runner signature ([BUG] the output of the publish and postpublished are mixed up npm/cli#4861)
• 0608fa3 chore(site): fix supporters' download ([BUG] npm can install an invalid tree with transitive optional peer deps npm/cli#4859)
• 785aeb1 chore(test): drop AMD/'requirejs' (fix: consolidate bugs, docs, repo command logic npm/cli#4857)
• ed640c4 chore(devDeps): upgrade 'coffee-script' (deps: npm-packlist@5.0.3 npm/cli#4856)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• eabf85d chore(release): 5.94.0
• 955e057 security: fix DOM clobbering in auto public path
• 9822387 test: fix
• cbb86ed test: fix
• 5ac3d7f fix: unexpected asi generation with sequence expression
• 2411661 security: fix DOM clobbering in auto public path
• b8c03d4 fix: unexpected asi generation with sequence expression
• f46a03c revert: do not use heuristic fallback for "module-import"
• 60f1898 fix: do not use heuristic fallback for "module-import"
• 66306aa Revert "fix: module-import get fallback from externalsPresets"
• 8bf907b fix: handle ASI for export declaration
• 420cb39 fix: handle ASI for export declaration
• 844fe4b fix: ts types
• e8384b2 chore(deps-dev): bump @ types/node from 22.2.0 to 22.3.0 in the dependencies group
• 78f7842 ...

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.