[Snyk] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/leven/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-NATURAL-1915418	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 164 commits.

• b4cfc8d 3.0.0
• 776788f Ship v3 🎉
• 0d11ff7 More issue template tweaks
• 9983976 Update various contributing documents and GitHub configuration
• 5a33572 Fix fail-fast interrupt test
• 61e0d05 Fix VSCode debugging instructions
• 630aac3 Fix remaining AVA link
• 5c8bcec Fix AVA link in snapshot reports
• 7b20f6c Allow Node arguments to be configured
• ad27246 3.0.0-beta.2
• ae948d8 Lowercase CLI argument description asides
• ac8c852 Update dependencies
• 2bd890f Disable timeouts in debug mode
• 15d73ca Make console & process globals available to ava.config.js files
• efa8635 Fix patterns and unpin picomatch
• 580705e Fix --update-snapshots
• cf26b6d Ensure t.assert() counts as a passed assertion
• 82cef5c Add Selenium WebDriverJS recipe
• 090884b Use question mark to indicate optional argument in docs
• 7c352db 3.0.0-beta.1
• 66dd09f Rebuild package-lock
• f02ac7a Install latest @ ava/babel
• 8bdcf8b Anticipate asynchronous loads
• e919b40 Pass extensions to load as modules to Babel provider

See the full diff

Package name: natural

The new version differs by 142 commits.

• bc85e32 5.1.11
• 90e85af Follow up of pull request [Snyk] Security upgrade babel-loader from 8.3.0 to 9.1.3 #626 ([Snyk] Security upgrade semantic-release from 17.4.7 to 21.0.2 #627)
• 7689c9a Update README.md
• 93925ec Update CONTRIBUTING.md
• a82ab35 Update SECURITY.md
• d59e757 Create SECURITY.md
• bb5f854 Create codeql-analysis.yml ([Snyk] Security upgrade @babel/helper-fixtures from 7.14.5 to 7.22.6 #624)
• c079b23 5.1.10
• 6e49236 Security patch set value ([Snyk] Security upgrade jest from 24.9.0 to 26.0.0 #623)
• 6320546 5.1.9
• eb43511 Bump path-parse from 1.0.6 to 1.0.7 ([Snyk] Security upgrade jest from 24.9.0 to 26.0.0 #622)
• 106ab78 Bumped glob-parent dependency to 5.1.2 ([Snyk] Security upgrade tough-cookie from 2.5.0 to 4.1.3 #621)
• d5aa79e 5.1.8
• cdf1644 Bump hosted-git-info from 2.8.8 to 2.8.9 ([Snyk] Security upgrade cpy-cli from 2.0.0 to 5.0.0 #620)
• 02cbe62 5.1.7
• f17611e Bump lodash from 4.17.11 to 4.17.21 ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #619)
• 9cb2761 5.1.6
• 2a4a193 Bump underscore from 1.9.1 to 1.12.1 ([Snyk] Fix for 1 vulnerabilities #618)
• 9f57acc 5.1.5
• 93d8e04 Bump ssri from 6.0.1 to 6.0.2 ([Snyk] Fix for 1 vulnerabilities #617)
• d844455 5.1.4
• 51ffa5a Bump y18n from 3.2.1 to 3.2.2 ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #616)
• 336594d 5.1.3
• a55aa0a Bump elliptic from 6.4.1 to 6.5.4 ([Snyk] Fix for 1 vulnerabilities #615)

See the full diff

Package name: tsd

The new version differs by 23 commits.

• a01388b 0.12.0
• 1b40723 Drop support for Node.js 6
• 56b90ab Add support for globbing patterns in files property - fixes [Snyk] Fix for 1 vulnerabilities #69 ([Snyk] Security upgrade ansi-regex from 2.1.1 to 3.0.1 #70)
• 9666433 Update all deps, some devDeps ([Snyk] Security upgrade strip-ansi from 3.0.1 to 4.0.0 #72)
• 861db08 Add expectNotType assertion - fixes [Snyk] Security upgrade ansi-regex from 2.1.1 to 4.1.1 #56
• 67ae75b 0.11.0
• 06594fa Move execa to devDependencies
• 97261b2 Add deprecation expectations - fixes [Snyk] Security upgrade strip-ansi from 3.0.1 to 5.0.0 #51 ([Snyk] Security upgrade @npmcli/run-script from 1.8.6 to 2.0.0 #53)
• 3a375fa Add assignability expectations - fixes [Snyk] Security upgrade clang-format from 1.2.3 to 1.7.0 #39
• 206573b Upgrade to TypeScript 3.7 - fixes [Snyk] Security upgrade gauge from 2.7.4 to 3.0.2 #52
• b802fee 0.10.0
• b68c37c Check if types are identical in strict assertions - fixes [Snyk] Security upgrade pacote from 11.3.5 to 12.0.0 #43
• 30860fe Add makeDiagnostic util
• 3bb25ef Refactor to use assertion handlers for easier extension
• d6d32e7 Expose programming API - fixes [Snyk] Fix for 1 vulnerabilities #37
• 874092b 0.9.0
• e4c78c7 Make expectType assertion strict
• b13533b Bundle TypeScript with tsd
• 3cc33f5 Test Node.js 12
• 4a84ae0 0.8.0
• c445879 Add support for JSX - fixes [Snyk] Security upgrade ansi-regex from 5.0.0 to 6.0.1 #15 ([Snyk] Security upgrade acorn-private-class-elements from 0.1.1 to 0.2.0 #36)
• 03c170b Ignore no overload matches error in expectError assertion ([Snyk] Security upgrade mocha from 8.2.1 to 9.2.0 #33)
• 47c7796 Pin ava@1

See the full diff

Package name: xo

The new version differs by 98 commits.

• 084e7a3 0.32.1
• 7d015ac Update devDependency ava from v1.1.0 to v3.9.0 ([Snyk] Fix for 1 vulnerabilities #490)
• 744090a Update meow from v5.0.0 to v7.0.1 ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #489)
• 522d264 Test on Node.js 14 ([Snyk] Security upgrade @commitlint/cli from 8.2.0 to 8.3.6 #488)
• 245f7d3 0.32.0
• 0dd4a9d Disable some problematic rules
• d3abdb6 Add more extensions to `import/extensions` rule
• aa8508b 0.31.0
• 32d96c3 Upgrade dependencies
• 1240dd2 Enable `import/no-anonymous-default-export` and `import/no-named-default` ([Snyk] Fix for 1 vulnerabilities #472)
• 6a05691 Add support for scoped shareable configs ([Snyk] Fix for 1 vulnerabilities #480)
• ca21492 Add some eslint-plugin-node rules
• bdc13e2 Fix Travis
• c7d64de 0.30.0
• ca31f1c Upgrade dependencies
• 07e2762 Prevent extraneous newline from `--stdin --fix` ([Snyk] Security upgrade tap from 7.1.2 to 15.0.0 #460)
• a592d3d 0.29.1
• 4783f26 Add `tap-snapshots/*.cjs` to default ignore list ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #461)
• 967927d Temporarily disable the `unicorn/string-content` rule ([Snyk] Fix for 1 vulnerabilities #462)
• 87e3615 0.29.0
• f59ec7b Update dependencies
• e05efc3 Upgrade to Prettier 2.0.4 ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #458)
• f20f6d2 Allow `nodeVersion` in XO config to override `engines.node` ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #457)
• ec87ef3 0.28.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution