[Snyk] Security upgrade vsce from 2.7.0 to 2.15.0

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/vscode-pyright/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 873, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 227, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: vsce

The new version differs by 34 commits.

• ab8770c feat: allow publishing universal target alongside platform specific targets (Add formatter (junit) microsoft/pyright#790)
• 8c1b1a0 chore: Spelling (Diagnostics are not cleared when switching diagnostic mode from "workspace" to "open files only" microsoft/pyright#789)
• 9aa361e Merge pull request Pyright cannot resolve the wandb module import, although it can resolve every other import. microsoft/pyright#787 from microsoft/lramos15/removePrChat-auto
• 2419f51 Remove PR Chat
• df59e0f build(deps): bump minimatch from 3.0.4 to 3.0.5 (Instance variable of Callable is reported as having wrong number of arguments microsoft/pyright#784)
• d608ecd feat: prompt for full name to confirm unpublish action (Use of "from .x import y" in pyi file should add implicit symbol export of "x" microsoft/pyright#782) (update typeshed to support redis-py 3.5.x microsoft/pyright#783)
• 1dcedef feat: support # model in the manifest file (eslint/prettier fixes, platform and version detection microsoft/pyright#749)
• 2589114 feat: allow to skip publishing duplicate package (Tuple unpacking in return statement with parentheses causes error in Python <3.8 microsoft/pyright#776)
• 8e193c9 feat: expose all options to packaging and publishing APIs (Pyright doesn't recognize the __members__ attribute of enumeration class microsoft/pyright#759)
• 5110bcf fix: correct program path in `launch.json` (Improve type inference of context manager that swallow exceptions microsoft/pyright#771)
• 742720a chore: set up #codereview automation (Not equal operator <> syntax (Python 2) microsoft/pyright#768)
• 3024d0f fix: clarify simultaneous use of packagePath and target in `vsce publish` (added more logging and fixed hover bug microsoft/pyright#765)
• 0940626 fix: list all valid targets in documentation for --target (Add severity level enum to package.json microsoft/pyright#766)
• 27fad23 chore: add branch protection (Support exhausted matching on enums microsoft/pyright#767)
• 9c50aa6 feat: github actions logging (Modules in symlinked directories cannot be resolved microsoft/pyright#752)
• 7e16ed7 fix: support fragments in image URLs (Pyright cannot resolve numpy functions microsoft/pyright#753)
• 955c760 build(deps): bump shell-quote from 1.7.2 to 1.7.3 (Cycle detected in import chain microsoft/pyright#746)
• 57112fd Merge pull request Incorrect "default value" error on certain subclassed dataclasses microsoft/pyright#745 from microsoft/fix-744
• d68e2f7 Remove check for yarn.lock
• b2288cd fix: ensure that we can define dependency argument in config (Upgrade dependencies, fix first line code actions, progress bar tweak, logging, package scanning microsoft/pyright#743)
• 76b06f2 build(deps-dev): bump semantic-release from 19.0.2 to 19.0.3 (Reorganizing "conflicts" with isort if enabled on save in vscode microsoft/pyright#741)
• 293f3d5 build(deps): bump semver-regex from 3.1.3 to 3.1.4 (Unsupported signature checking for overloads of str() microsoft/pyright#738)
• 9ef1cf0 build(deps): bump npm from 8.3.2 to 8.12.0 (Pyright can't infer the type of a repeated list microsoft/pyright#736)
• 95823b6 Merge pull request pandas droplevel microsoft/pyright#735 from microsoft/sandy081/horrible-rat

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.