[Snyk] Fix for 5 vulnerabilities

[leonardoadame]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/clean-stack/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 250 commits.

• 9bc615e 4.0.0
• f09742f Clean up documentation in preparation for AVA 4
• 0187779 Dependency updates
• 29024af Test compatibility with TypeScript 4.5
• 8df118b Use AVA 4 for the self-hosted tests
• bedd1d0 Remove dependency on `equal-length`
• d4ec097 Improve wording in TypeScript recipe
• b3a1b72 Mention experimental specifier resolution in TypeScript recipe
• 77623a5 Handle path sources
• 5cdeb9d 4.0.0-rc.1
• 88e7680 Final ESM tweaks
• 60b7cf8 Align shared worker protocol identifier with provider protocols
• ad521af Graduate shared workers to be non-experimental
• 0edfd00 Skip flaky tests in CI
• c4f6723 Use thread IDs
• af30e73 Remove dead code and obsolete TODOs
• 6ed3ad1 Reduce XO exceptions
• 5a48893 Update XO and fix problems
• a7737cd Update dependencies
• dc405ef Fix Mongoose recipe
• c214512 Find ava.config.* files outside of project directory
• 44aebd9 Exclude more files from code coverage
• def2885 Improve handling of temporary file changes in watch mode
• 1a62f15 Switch to .xo-config.cjs

See the full diff

Package name: tsd

The new version differs by 65 commits.

• 09f4b4f 0.17.0
• 3c3c755 Remove `update-notifier`
• f94f918 Require Node.js 12
• 6ba71f2 Semi-pin TypeScript version
• 6480ca9 Implement `printType` helper to print the type of the passed expression as a warning ([Snyk] Fix for 5 vulnerabilities #115)
• b749113 Fix processing of config files containing the `rootDir` option ([Snyk] Security upgrade tap from 7.1.2 to 15.0.0 #117)
• 6d0ce6c Process gitignore-style patterns in `files` property of `package.json` ([Snyk] Security upgrade mocha from 9.2.2 to 10.1.0 #116)
• 009a185 Add tests for identicality checks of `any`/`never` type parameters to `expectType`/`expectNotType` ([Snyk] Fix for 5 vulnerabilities #113)
• 7fbb7a0 Use ava's diff comparison view to report assertion mismatches during tests ([Snyk] Fix for 25 vulnerabilities #114)
• f1a2057 Allow omitting `types` property for non-barrel main ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #112)
• 3b61da7 Ignore errors from libs in `node_modules` folders ([Snyk] Security upgrade mocha from 8.4.0 to 10.1.0 #110)
• fc871a1 Fix config file parsing to consider the `extends` option ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #109)
• f2cfca7 Upgrade to ts@4.3, allow `expectError` to detect `override` related errors ([Snyk] Security upgrade airtap from 3.0.0 to 4.0.2 #108)
• 0245f59 0.16.0
• 331101b Upgrade dependencies
• 8fe3924 Allow `expectError` directives to detect parameter count mismatches ([Snyk] Fix for 7 vulnerabilities #102)
• 27ccc49 Allow `expectError` assertions to detect non-callable/non-constructable values/expressions ([Snyk] Fix for 2 vulnerabilities #104)
• 87f7109 Handle multiple diagnostic errors in a single `expectError` assertion ([Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #103)
• abf7082 Allow `expectError` assertions to detect `this` type mismatches on class methods ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #105)
• 27c93af Detect "Type X has no properties in common with type Y" in `expectError` (TS2559) ([Snyk] Fix for 4 vulnerabilities #97)
• b39bd98 Fix missing ES types regression in 0.15 ([Snyk] Security upgrade semver from 6.3.0 to 7.5.2 #100)
• 05f9f3b Upgrade to TypeScript@4.2.4
• 5376484 Switch to @ tsd/typescript
• 2cc8e9c 0.15.1

See the full diff

Package name: xo

The new version differs by 248 commits.

• 100dc9b 0.53.0
• 91d10d1 Require Node.js 14
• e678209 Update link to `n` ESLint plugin ([Snyk] Fix for 1 vulnerabilities #696)
• db6e207 0.52.4
• e69a192 Fix a bug with relative `extends` ([Snyk] Fix for 1 vulnerabilities #686)
• f9c7db9 Update XO badge ([Snyk] Security upgrade karma from 5.2.3 to 6.3.4 #692)
• 92b3a3d Replace link to `node` ESLint plugin with `n` in readme ([Snyk] Security upgrade karma from 5.2.3 to 6.3.4 #690)
• 35645f6 0.52.3
• a608bf1 Fix compatibility problem with Windows ([Snyk] Security upgrade certifi from 2022.12.7 to 2023.7.22 #687)
• bbf323b 0.52.2
• 4cf8b05 Fix tsconfig resolution quirks ([Snyk] Security upgrade mocha from 2.2.5 to 4.0.0 #683)
• c8ec522 0.52.1
• de5f878 Ensure tsconfig lookups work as expected ([Snyk] Security upgrade @npmcli/template-oss from 4.18.0 to 4.20.0 #680)
• a152e1b 0.52.0
• b6fea12 Update dependencies
• b661eb8 Implement full tsconfig resolution ([Snyk] Security upgrade @npmcli/template-oss from 4.11.0 to 4.20.0 #677)
• 7fe3b48 0.51.0
• cd86133 Include `rulesMeta` in linting results ([Snyk] Security upgrade @npmcli/template-oss from 4.14.1 to 4.20.0 #674)
• 9ac43fd 0.50.0
• 00d51de Update dependencies
• 3a4c9c9 Switch to eslint-plugin-node's maintained fork ([Snyk] Security upgrade @npmcli/template-oss from 4.19.0 to 4.20.0 #660)
• ce76e49 Fix link
• eb65ea4 0.49.0
• 5f0e53d Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: ad12fde

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR