[Snyk] Security upgrade metalsmith from 2.3.0 to 2.6.0

[b1tchecker]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: metalsmith

The new version differs by 196 commits.

• ba18d85 Release 2.6.0
• d5ce2c8 Prepare changelog for 2.6.0
• baee1de Removes stray cross-spawn dependency & use --no-package-lock for CI
• 17e421b test: migrate from nyc to c8 for coverage reports
• 2ef473b types: fix source code link line numbers
• e12537f feat/add v0.12.8 announcement post nodejs/nodejs.org#379 - use lodash.clonedeepwith instead, document watch type, fix issues in CLI
• 9d40674 Resolves add v0.12.8 announcement post nodejs/nodejs.org#379: add metalsmith.watch option setter and watcher
• 48a0167 fix: package.json node version, type docs, readme formatting
• 3a93270 test: fix FS race condition in #build should return a promise only when callback omitted
• dbfe32a docs: Updates readme examples to ESM & Gitter link to Matrix Element
• 4469020 CLI: Fix ESM dynamic import issue with absolute paths on Windows
• 58217a5 Adds CLI support & tests for loading ESM configs or Metalsmith instances
• c272b8b ci: remove Node 12, add Node 20
• 0810728 Updates commander from 8.3.0 -> 10.0.1
• ae05945 Removes rimraf dependency, refactors helpers using fs/promises and upgrades @ types/node
• 80d8508 Drops support for Node < 14
• 3754a6a chore: Remove stray console.error log in bin
• acb363e Trims whitespace from parsed front-matter excerpt and adds test for dynamic front-matter lang
• 2bfe800 Fix: don't keep gray-matter excerpt at the start of file contents
• 7ec31d0 Adds a matter member object to metalsmith instance with stringify & parse methods
• 424e6ec Support 'module.exports = Metalsmith()'-style configs in CLI
• 82969ef dev: update devDependencies & fix security warnings
• 58db90c ci: remove obsolete Gitter notification flow
• 58d22a3 Resolves Be consistent with quotes in examples. nodejs/nodejs.org#356: adds Typescript support to Metalsmith package

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.