[Snyk] Fix for 5 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/fastest-levenshtein/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 163, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 328, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 163, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	55/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1076, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 96, Impact: 2.35, Likelihood: 2.31, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NATURAL-1915418	Yes	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 983, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (node-8.9.3 two immediate execution function error nodejs/node#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (Delete file after createWriteStream raises no error when stream.write('whatever') nodejs/node#18274)
• d54a412 feat: Add --inspect-config CLI flag (src: don't abort when package.json is a directory nodejs/node#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (test: added input validation test for fchmod nodejs/node#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (investigate flaky parallel/test-tls-server-verify on Windows nodejs/node#18269)
• 44a81c6 chore: upgrade knip (build: make linters independent of local node nodejs/node#18272)
• 94178ad docs: mention about `name` field in flat config (Flaky dgram-udp6-send-default-host nodejs/node#18252)
• 1765c24 docs: add Troubleshooting page (In writable stream, should we always set state.errorEmitted to true when executing stream.emit('error')? nodejs/node#18181)
• e80b60c chore: remove code for testing version selectors (stream: fix not calling cleanup() when unpiping all streams. nodejs/node#18266)
• 96607d0 docs: version selectors synchronization (deps: upgrade libuv to 1.19.1 nodejs/node#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (Maccabi Tel Aviv vs Crvena Zvezda 2018 Live Stream Basketball Watch Euroleague Basketball Online Web TV Thursday, 18 January 2018 nodejs/node#18235)
• a129acb fix: flat config name on ignores object (doc: improve callback documentation of http2Stream.pushstream() nodejs/node#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (net: remove ADDRCONFIG DNS hint on Windows nodejs/node#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (Fragile/buggy implementation of ES module loading nodejs/node#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (async_wrap,inspect: heap snapshot CHECKs in WrapperInfo nodejs/node#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (strange befavior about console.err,console.log on win10 nodejs/node#18232)
• 12f5746 docs: add info about dot files and dir in flat config ( stream: remove unreachable code  nodejs/node#18239)
• b93f408 docs: update shared settings example (Flaky http2-settings-flood nodejs/node#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (async_wrap: schedule destroy hook as unref nodejs/node#18241)
• 7747097 docs: Update PR review process (RFC: Per Package Loader Hooks nodejs/node#18233)

See the full diff

Package name: jest

The new version differs by 250 commits.

• 75006e4 v29.0.0
• 7c82a9f chore: update jest-watch-typeahead again
• 352ff29 chore: update changelog for release
• 33ad8c3 docs: Jest 29 blog post (v6.x backport for common.crashOnUnhandledRejection nodejs/node#13103)
• dda77e5 docs: collapse 28.0 and 28.1 docs (v7.x backport for common.crashOnUnhandledRejection nodejs/node#13104)
• c0dc84c chore: update jest-watch-typeahead
• 05f6217 fix: support deep CJS re-exports when using ESM (HTTPS Server crashing randomly (With solution) nodejs/node#13170)
• 490fd88 chore: update yarn (npm -v throw err nodejs/node#13169)
• 98936a2 docs: Update Enzyme links to use new URL (test: add override to ServerDone function nodejs/node#13166)
• 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (tests: remove common.PORT from cluster worker disconnect, exit and kill nodejs/node#12443)
• ae2bed7 chore: tweak regex used in e2e tests (Design issue for nodejs.org/download nodejs/node#13129)
• 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (question: best practice for handling unexpected err in tests nodejs/node#13115)
• fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (stream: fix destroy(err, cb) regression nodejs/node#13156)
• 075b489 fix: ignore `EISDIR` when resolving symlinks (gdljuigu nodejs/node#13157)
• 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (events: improve performance for emit(), on(), and listeners() nodejs/node#13155)
• 4def94b v29.0.0-alpha.6
• 0f00d4e fix: replace non-CLI `rimraf` usage (serialport error nodejs/node#13151)
• 6a90a2c fix: Allow updating inline snapshots when test includes JSX (buffer: remove pointless C++ utility methods nodejs/node#12760)
• 983274a feat: Let `babel` find config when updating inline snapshots (make and amd64 nodejs/node#13150)
• d2ff18a chore: make prettierPath optional in `SnapshotState` (net: multiple listen() events fail silently nodejs/node#13149)
• 7d8d01c feat(circus): added each to failing tests (async_hooks: implement C++ embedder API nodejs/node#13142)
• a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (test: add hasCrypto check to async-wrap-GH13045 nodejs/node#13141)
• 79b5e41 chore: get rid of peer dep warning in website
• 812763d chore: enable 'no-duplicate-imports' (doc: update code example for Windows in stream.md nodejs/node#13138)

See the full diff

Package name: natural

The new version differs by 68 commits.

• bc85e32 5.1.11
• 90e85af Follow up of pull request crypto: allow password protected private keys with publicEncrypt nodejs/node#626 (http: regression in Upgrade header handling nodejs/node#627)
• 7689c9a Update README.md
• 93925ec Update CONTRIBUTING.md
• a82ab35 Update SECURITY.md
• d59e757 Create SECURITY.md
• bb5f854 Create codeql-analysis.yml (Optional way to disable IPv6 vs IPv4 dns reordering nodejs/node#624)
• c079b23 5.1.10
• 6e49236 Security patch set value (build: restore configure formatting, add final message for warnings nodejs/node#623)
• 6320546 5.1.9
• eb43511 Bump path-parse from 1.0.6 to 1.0.7 (watchdog: fix timeout not running if polling returned early nodejs/node#622)
• 106ab78 Bumped glob-parent dependency to 5.1.2 (assert: check object prototype in deepEqual nodejs/node#621)
• d5aa79e 5.1.8
• cdf1644 Bump hosted-git-info from 2.8.8 to 2.8.9 (How to compare Object.create()? nodejs/node#620)
• 02cbe62 5.1.7
• f17611e Bump lodash from 4.17.11 to 4.17.21 (Merge pull request #1 from iojs/v1.x nodejs/node#619)
• 9cb2761 5.1.6
• 2a4a193 Bump underscore from 1.9.1 to 1.12.1 (failed test: parallel/test-tls-no-sslv3.js with shared openssl nodejs/node#618)
• 9f57acc 5.1.5
• 93d8e04 Bump ssri from 6.0.1 to 6.0.2 (failed test: parallel/test-tls-0-dns-altname when using shared openssl nodejs/node#617)
• d844455 5.1.4
• 51ffa5a Bump y18n from 3.2.1 to 3.2.2 (url.relative (to complement path.relative) nodejs/node#616)
• 336594d 5.1.3
• a55aa0a Bump elliptic from 6.4.1 to 6.5.4 (src: rework early debug signal handling nodejs/node#615)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption
🦉 Prototype Pollution

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.