[Snyk] Fix for 21 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • smoke-tests/test/fixtures/large-install/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1135, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	222/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00063, Social Trends: No, Days since published: 362, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 3.15, Score Version: V5	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept
	89/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 312, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 3.78, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	No	Proof of Concept
	167/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 290, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.78, Score Version: V5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
	294/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00084, Social Trends: No, Days since published: 70, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 3.74, Score Version: V5	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	No	Proof of Concept
	111/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00046, Social Trends: No, Days since published: 40, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.84, Score Version: V5	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	No	No Known Exploit
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 161, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	44/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 15, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.84, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	No	No Known Exploit
	98/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 209, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.54, Likelihood: 2.15, Score Version: V5	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	105/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00046, Social Trends: No, Days since published: 40, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.86, Score Version: V5	Cross-site Scripting SNYK-JS-EXPRESS-7926867	No	No Known Exploit
	158/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00051, Social Trends: No, Days since published: 294, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	No	Proof of Concept
	159/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 220, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	No	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 326, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 161, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	67/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 41, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	No	Proof of Concept
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00204, Social Trends: No, Days since published: 1273, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	45/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00086, Social Trends: No, Days since published: 386, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	79/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00046, Social Trends: No, Days since published: 40, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.39, Score Version: V5	Cross-site Scripting SNYK-JS-SEND-7926862	No	No Known Exploit
	109/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 286, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.54, Likelihood: 2.39, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept
	79/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 40, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 5.62, Likelihood: 1.39, Score Version: V5	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	No	No Known Exploit
	155/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00059, Social Trends: No, Days since published: 54, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 1.98, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @typescript-eslint/eslint-plugin

The new version differs by 250 commits.

• ef2eab1 chore(release): publish 8.3.0
• f5ee5eb feat(typescript-estree): reload project service once when file config isn't found (#9853)
• fd55358 chore: enable sonarjs/no-duplicated-branches (#9821)
• 692a3f5 feat(typescript-estree): replace `globby` w/ `fast-glob` (#9518)
• a1bcf5b docs: fix typo in v8 blog post (#9829)
• 30d4eae chore: enable eslint-plugin-perfectionist on rule-schema-to-typescript-types package (#9846)
• e87ab8c chore: enable eslint-plugin-perfectionist on types package (#9850)
• 9f70ed1 fix(ast-spec): use `Expression` in argument of `ThrowStatement` (#9632)
• 90cebbb docs: replace most references to "project: true" with "projectService: true" (#9835)
• 7160687 chore: enable unicorn/no-lonely-if (#9830)
• 45b7d81 chore: disable nx verbose logging
• d4f6943 chore: enable eslint-plugin-perfectionist on typescript-eslint package (#9851)
• 9d97f34 chore: enable eslint-plugin-perfectionist on rule-tester package (#9847)
• 9612d81 chore: enable eslint-plugin-perfectionist on parser package (#9845)
• 6377f18 fix(utils): add `TSDeclareFunction` to `functionTypeTypes` (#9788)
• 8c291df chore: enable eslint-plugin-perfectionist on integration-tests package (#9844)
• 88b44ce chore: enable eslint-plugin-perfectionist on ast-spec package (#9842)
• 6d85a3b chore(deps): update dependency @ types/node to v20.15.0 (#9876)
• 0dd2bdc chore(deps): update dependency cspell to v8.14.1 (#9880)
• 8389e06 docs(eslint-plugin): [restrict-template-expressions] add explanation for allowNumber (#9870)
• ee38b52 chore: enable eslint-plugin-perfectionist on website packages (#9840)
• 10b2ae3 docs: add FAQs > TypeScript entry on comment directives (#9862)
• 9aeba30 chore: correct a few comment placements in utils (#9856)
• 08bdec4 chore: enable eslint-plugin-perfectionist on visitor-keys package (#9841)

See the full diff

Package name: @typescript-eslint/parser

The new version differs by 250 commits.

• ef2eab1 chore(release): publish 8.3.0
• f5ee5eb feat(typescript-estree): reload project service once when file config isn't found (#9853)
• fd55358 chore: enable sonarjs/no-duplicated-branches (#9821)
• 692a3f5 feat(typescript-estree): replace `globby` w/ `fast-glob` (#9518)
• a1bcf5b docs: fix typo in v8 blog post (#9829)
• 30d4eae chore: enable eslint-plugin-perfectionist on rule-schema-to-typescript-types package (#9846)
• e87ab8c chore: enable eslint-plugin-perfectionist on types package (#9850)
• 9f70ed1 fix(ast-spec): use `Expression` in argument of `ThrowStatement` (#9632)
• 90cebbb docs: replace most references to "project: true" with "projectService: true" (#9835)
• 7160687 chore: enable unicorn/no-lonely-if (#9830)
• 45b7d81 chore: disable nx verbose logging
• d4f6943 chore: enable eslint-plugin-perfectionist on typescript-eslint package (#9851)
• 9d97f34 chore: enable eslint-plugin-perfectionist on rule-tester package (#9847)
• 9612d81 chore: enable eslint-plugin-perfectionist on parser package (#9845)
• 6377f18 fix(utils): add `TSDeclareFunction` to `functionTypeTypes` (#9788)
• 8c291df chore: enable eslint-plugin-perfectionist on integration-tests package (#9844)
• 88b44ce chore: enable eslint-plugin-perfectionist on ast-spec package (#9842)
• 6d85a3b chore(deps): update dependency @ types/node to v20.15.0 (#9876)
• 0dd2bdc chore(deps): update dependency cspell to v8.14.1 (#9880)
• 8389e06 docs(eslint-plugin): [restrict-template-expressions] add explanation for allowNumber (#9870)
• ee38b52 chore: enable eslint-plugin-perfectionist on website packages (#9840)
• 10b2ae3 docs: add FAQs > TypeScript entry on comment directives (#9862)
• 9aeba30 chore: correct a few comment placements in utils (#9856)
• 08bdec4 chore: enable eslint-plugin-perfectionist on visitor-keys package (#9841)

See the full diff

Package name: archiver

The new version differs by 25 commits.

• 6ff0d12 bump version for release
• 3299298 Update CHANGELOG.md
• fad089b Lock file maintenance ([Snyk] Fix for 2 vulnerabilities #736)
• c7d3c0f Update dependency yauzl to v3 ([Snyk] Security upgrade mocha from 6.1.4 to 6.2.1 #733)
• 9480f25 Update dependency readable-stream to v4 ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #695)
• b787d86 Update dependency mocha to v10 ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #692)
• 320f3cb Update dependency rimraf to v5 ([Snyk] Fix for 1 vulnerabilities #693)
• c735d9c Update docusaurus monorepo to v2.4.3 ([Snyk] Security upgrade xo from 0.23.0 to 0.26.0 #713)
• cbce84c Update dependency archiver-utils to v5 ([Snyk] Fix for 2 vulnerabilities #730)
• 38187ae Update dependency zip-stream to v6 ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #734)
• e104aac Update dependency buffer-crc32 to v1 ([Snyk] Fix for 1 vulnerabilities #732)
• b9d5ea1 Update dependency tar-stream to v3.1.7 ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #731)
• f1a10e4 Drop support for node v12 ([Snyk] Fix for 2 vulnerabilities #735)
• 4dba2cf bump version for release
• 290e3fc Update CHANGELOG.md
• 66c5c8f Update CHANGELOG.md
• 2632b1b Update dependency zip-stream to v5.0.2 ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #727)
• b4291f6 Update release-drafter/release-drafter action to v6 ([Snyk] Fix for 2 vulnerabilities #729)
• eb573c7 Update actions/setup-node action to v4 ([Snyk] Fix for 2 vulnerabilities #728)
• cf516ea Update actions/checkout action to v4.1.1 ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #725)
• fc89393 Update release-drafter/release-drafter action to v5.25.0 ([Snyk] Security upgrade tap from 10.7.3 to 18.0.0 #726)
• add657d Update actions/setup-node action to v3.8.2 ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #724)
• 8dba715 Update dependency tar to v6.2.0 ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #707)
• 2d8e561 Update dependency chai to v4.4.1 ([Snyk] Fix for 2 vulnerabilities #712)

See the full diff

Package name: axios

The new version differs by 89 commits.

• abd24a7 chore(release): v1.7.4 (Shownuffff npm/cli#6544)
• 6b6b605 fix(sec): CVE-2024-39338 (## Release Manager doc/jsSon DONE npm/cli#6539) (Pejsplay patch 1 npm/cli#6543)
• 07a661a fix(sec): disregard protocol-relative URL to remediate SSRF (## Release Manager doc/jsSon DONE npm/cli#6539)
• c6cce43 chore(release): v1.7.3 ([BUG] dev true is flaky npm/cli#6521)
• e3c76fc fix(adapter): fix progress event emitting; (Update @npmcli/package-json to fix prepare issue found in npm@9.7.0 npm/cli#6518)
• 85d4d0e fix(fetch): fix withCredentials request config ([BUG] Exit handler never called when calling npm adduser npm/cli#6505)
• 92cd8ed chore(github): update ISSUE_TEMPLATE.md ([BUG] NPM passes the --ignore-scripts option to all dependencies. npm/cli#6519)
• 8966ee7 fix(xhr): return original config on errors from XHR adapter (chore: update flat options snapshot npm/cli#6515)
• 0e4f9fa chore(release): v1.7.2 (IPv6 Routing Debugging Request - REF: #4163 npm/cli#6414)
• 4f79aef fix(fetch): enhance fetch API detection; (docs: add a comma npm/cli#6413)
• 67d1373 chore(release): v1.7.1 ([BUG] the different output of run npm run command npm/cli#6411)
• 733f15f fix(fetch): fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410)
• 3041c61 [Release] v1.7.0 ([BUG] npm view package@latest exits with code 0 and no output if latest tag does not exist npm/cli#6408)
• 18b13cb chore(docs): add fetch adapter docs; (Cannot install firebase package npm/cli#6407)
• e62099b fix(fetch): fixed a possible memory leak in the AbortController for the stream response if the ReadableStream is not supported; ([BUG] Using npm_config__auth environtment variable in v8 to authorize private repository npm/cli#6406)
• b49aa8e chore(release): v1.7.0-beta.2 ([BUG] npm isntall is also working as npm install npm/cli#6403)
• d57f03a chore(ci): bump create-pull-request version to fix a bug; ([BUG] npm install includes transitive devDependencies for file: dependencies when install-links=false npm/cli#6405)
• 097b0d1 chore(ci): add tag resolution for npm releases based on package version; ([BUG] npm invalid config warning duplicates lock file version npm/cli#6404)
• 870e0a7 fix(fetch): fix headers getting from a stream response; (chore(deps-dev): bump yaml from 2.2.1 to 2.2.2 npm/cli#6401)
• 95a3e8e fix(fetch): fix & optimize progress capturing for cases when the request data has a nullish value or zero data length ([BUG] no way to npm publish a tarball whose package.json includes publishConfig.registry to a private registry npm/cli#6400)
• ad3174a fix(fetch): capitalize HTTP method names; (chore: release 9.6.6 npm/cli#6395)
• b9f4848 chore(release): v1.7.0-beta.1 (chore: add script to rebuild npm-cli-repos.txt npm/cli#6383)
• bb5f9a5 fix(fetch): treat fetch-related TypeError as an AxiosError.ERR_NETWORK error; ([ERR!] Exit handler never called! npm/cli#6380)
• 81e0455 fix(core/axios): handle un-writable error stack (will ask me to report  npm/cli#6362)

See the full diff

Package name: copy-webpack-plugin

The new version differs by 52 commits.

• f2a5db3 chore(release): 12.0.0
• a5b7d06 chore!: minimum supported Node.js version is `18.12.0` ([Snyk] Security upgrade nyc from 13.3.0 to 15.0.0 #759)
• 74a3666 chore: update dependencies to latest version ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #757)
• 9d2ce6e chore: update github action/setup-node ([Snyk] Security upgrade tap from 13.1.11 to 18.0.0 #754)
• 40a5203 chore: update dependencies to the latest version ([Snyk] Security upgrade tap from 1.4.1 to 18.0.0 #753)
• fb1e05c chore: update github actions/checkout ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #751)
• c51c09c chore: update dependencies to the latest version ([Snyk] Fix for 1 vulnerabilities #746)
• e216223 docs: remove Gitter from issue templates ([Snyk] Fix for 5 vulnerabilities #747)
• 41a3c45 docs: add GitHub discussion badge ([Snyk] Security upgrade tap from 12.7.0 to 18.0.0 #745)
• 30f3855 chore: add scripts to fix lint ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #744)
• c99c6e8 chore(deps): update ([Snyk] Fix for 2 vulnerabilities #742)
• d1d2460 docs: fix ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #741)
• 9f98a35 chore(deps): bump yaml and lint-staged ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #739)
• b505d1f ci: add node v20 ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #738)
• 82f3bc7 docs: clarify what `context` does ([Snyk] Fix for 2 vulnerabilities #736)
• 8e93128 docs: improve wording
• 59bdbb2 chore: update dependencies to the latest version ([Snyk] Fix for 2 vulnerabilities #735)
• 1f8fc01 chore(deps-dev): bump webpack from 5.75.0 to 5.76.0 ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #734)
• 9c06993 chore: update dependencies to the latest version ([Snyk] Fix for 1 vulnerabilities #732)
• e745e4c ci: use LTS node version in lint job ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #731)
• ce1b21b chore: update dependencies to the latest version ([Snyk] Fix for 2 vulnerabilities #730)
• fa9e514 ci: use concurrency in github workflows ([Snyk] Fix for 2 vulnerabilities #729)
• 38d6b60 chore: update ignorePaths in .cspell.json ([Snyk] Fix for 2 vulnerabilities #728)
• 6f8a085 chore: update typescript ([Snyk] Security upgrade tap from 2.3.4 to 18.0.0 #727)

See the full diff

Package name: css-loader

The new version differs by 20 commits.

• 2d17551 chore(release): 6.9.0
• e38116f chore: update dependencies to latest version ([QUESTION] npm install - Random error 'tarball data for @... seems to be corrupted' ? npm/cli#1561)
• d09ff73 test: getLocalIdent and node type ([QUESTION] Possible to fix vulnerability issue related to dot-prop? npm/cli#1560)
• f2cfe30 fix: css experiment detection ([FEATURE] publish should have option to silence errors about already published versions npm/cli#1559)
• 1ad3f9f chore: deps update ([Question / Help]: How can we make sure if version in package-lock satisfies the version mentioned in package.json ? npm/cli#1558)
• 8d32b7f docs: rename esModules -> esModule to match the code ([BUG] npm dedupe breaks dependencies with individual installs npm/cli#1548)
• 05002f3 feat: updated generateExportEntry to expose node details ([BUG] Stack overflow for recursive directory structures npm/cli#1556)
• 797042c chore: update package dependencies (deps: meant@1.0.2 npm/cli#1544)
• 12b7d98 chore(deps-dev): bump @ adobe/css-tools from 4.3.1 to 4.3.2 (Create SessECURITY.md npm/cli#1554)
• ec9c669 chore: update github action/setup-node (i'm trying to install expo cli but this error _npm ERR! cb() never called! , Killed me npm/cli#1552)
• 37de6dc chore: update dependencies to the latest version (Isaacs/unit test run script commands npm/cli#1551)
• e27ab5e chore: upgrade dependencies to the latest version (unit tests for lib/explore.js npm/cli#1541)
• c6f36cf chore: update github actions/checkout ([BUG] Weird npm ci behavior and unclear documentation npm/cli#1539)
• 2226f4c chore: update dependencies to the latest version ([BUG] Package dependencies won't be installed if the package is installed via git URL npm/cli#1538)
• ee26eb9 chore(deps): bump tough-cookie from 4.1.2 to 4.1.3 ([BUG] loglevel is ignored by by fund and audit on npm install npm/cli#1533)
• df8e27e chore(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 (Add full integrity to pack's debug output npm/cli#1534)
• f26f9a9 docs: wrap <style></style> in backticks (add upgrade-interactive --latest command npm/cli#1530)
• e2b6dd1 chore: update dependencies to the latest version (BUG: npm uses a package from the top level directory, not from its own. npm/cli#1537)
• 579fc13 chore: upgrade dependencies to the latest version (cb() never called! - This is an error with npm itself npm/cli#1531)
• 1d7407f docs: remove Gitter from issue templates ([BUG] Git tag handling regression in 6.14.5 npm/cli#1528)

See the full diff

Package name: css-minimizer-webpack-plugin

The new version differs by 11 commits.

• ec4103e chore(release): 6.0.0
• f7f74c0 chore!: minimum supported Node.js version is `18.12.0` ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #252)
• 96a5625 chore: update dependencies to latest version ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #251)
• 4ea9d35 chore: update github action/setup-node ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #250)
• 9da53f1 chore: update dependencies to the latest version ([Snyk] Security upgrade tap from 7.1.2 to 18.0.0 #249)
• f27fba2 chore: upgrade dependencies to the latest version ([Snyk] Fix for 8 vulnerabilities #245)
• 088c516 chore: update github actions/checkout ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #243)
• 34783aa chore: update dependencies to the latest version ([Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #242)
• a239a49 chore: update dependencies to the latest version ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #241)
• b7f7b5b chore(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 ([Snyk] Security upgrade tap from 19.2.5 to 20.0.0 #238)
• 03c6274 refactor: code ([Snyk] Fix for 11 vulnerabilities #236)

See the full diff

Package name: esbuild-sass-plugin

The new version differs by 12 commits.

• b18b7f9 Merge branch 'main' of github.com:glromeo/esbuild-sass-plugin
• 0e723bf fixed compiler hanging at the end of tests
• a86f458 Update README.md
• 11fe88f v3
• bd779d8 Merge pull request [Snyk] Security upgrade tap from 13.1.11 to 18.0.0 #163 from NathanBeddoeWebDev/main
• 91baa8d commit yarn.lock
• de447d1 add sass-embedded
• 97e8de1 Update package.json
• 2915147 Merge pull request [Snyk] Security upgrade tap from 14.11.0 to 18.0.0 #156 from hsiaosiyuan0/feat/includesrc
• f3f9d53 add src in final package
• ffb21de reverted test to original value
• 16ea942 fixed benchmark and updated dependencies

See the full diff

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (#18274)
• d54a412 feat: Add --inspect-config CLI flag (#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (#18269)
• 44a81c6 chore: upgrade knip (#18272)
• 94178ad docs: mention about `name` field in flat config (#18252)
• 1765c24 docs: add Troubleshooting page (#18181)
• e80b60c chore: remove code for testing version selectors (#18266)
• 96607d0 docs: version selectors synchronization (#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (#18235)
• a129acb fix: flat config name on ignores object (#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (#18232)
• 12f5746 docs: add info about dot files and dir in flat config (#18239)
• b93f408 docs: update shared settings example (#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (#18241)
• 7747097 docs: Update PR review process (#18233)

See the full diff

Package name: express

The new version differs by 112 commits.

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (fix: replace rimraf with fs.rm npm/cli#5946)
• 7d36477 fix(deps): serve-static@1.16.2 ([BUG] fallback behaviour when hard links aren't supported npm/cli#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate `"back"` magic string in redirects (deps: minimatch@5.1.1 npm/cli#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (chore: release 9.2.0 npm/cli#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (Contradictory logs. wrong logs of node version. npm/cli#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (chore: add option for strict mock registry npm/cli#5902)
• 2a980ad merge-descriptors@1.0.3 (why window is not defined npm/cli#5781)
• a3e7e05 docs: specify new instructions for `question` and `discuss`
• c5addb9 deps: path-to-regexp@0.1.8 (deps: npm-package-arg@9.1.2 npm/cli#5603)
• e35380a docs: add @ IamLizu to the triage team (chore: fix async realpath in smoke publish npm/cli#5836)
• f5b6e67 docs: update scorecard link (npm publish can't upload [BUG] <title> npm/cli#5814)
• 2177f67 docs: add OSSF Scorecard badge (tkmens.com npm/cli#5436)
• f4bd86e Replace Appveyor windows testing with GHA (fix(arborist): tag spec should install the exact version npm/cli#5599)
• 2ec589c Fix Contributor Covenant link definition reference in attribution section (chore: remove mdx from docs build npm/cli#5762)
• 4cf7eed remove minor version pinning from ci ([BUG] workspaces infinite loop when running child scripts npm/cli#5722)
• 6d08471 📝 update people, add ctcpip to TC (deps: bump read-package-json-fast from 2.0.3 to 3.0.0 in /workspaces/arborist npm/cli#5683)
• 61421a8 skip QUERY tests for Node 21 only, still not supported (chore: call local npm during prepack npm/cli#5695)

See the full diff

Package name: postcss

The new version differs by 19 commits.

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request Stop linking to an archived forum as the way to submit issues npm/cli#1881 from romainmenke/improve-sourcemap-performance--philosophical-spiny-dogfish-3eb029c1c8
• 6a291d6 apply suggestions from code review
• efa442c Update lib/map-generator.js
• de33cf6 improve sourcemap performance
• 1c6ad25 Highlight banner with lines
• e10d5c0 More more detailed text below
• 3ff5f5f Rephrase into
• 272aae4 Remove old banner
• 632e876 Update CI actions
• cfa6cf4 Change EM banner

See the full diff

Package name: sass

The new version differs by 238 commits.

• d740d02 Emit deprecation warnings for the legacy JS API ([BUG] shrinkwrap and bundledDependencies not respected for aliased packages npm/cli#2343)
• a957eea Bump chokidar to v4 (tests and minor fix for help-search command npm/cli#2347)
• aa35aa2 Bump bufbuild/buf-setup-action in /.github/util/initialize ([BUG] <title>npm error cb() never called! npm/cli#2346)
• f826ed2 Stop emitting `mixed-decls` in a bunch of unnecessary cases (allow for rebuilding by path npm/cli#2342)
• 2f0d0da Merge pull request Error message when running create-react-app npm/cli#2341 from sass/feature.color-4
• de181d9 Poke CI
• 34f98c7 Update color API tests
• 422f037 Fix a typo
• 4db68a1 Merge pull request npm v7 does not install linked packages dependencies npm/cli#2339 from sass/merge-main
• 8f8467a Merge branch 'main' of github.com:sass/dart-sass into merge-main
• 4fa5a02 Use a `file:` dependency for sass-parser -> sass (package.json scripts with nodemon do not find ts-node. npm/cli#2340)
• 519ce69 Merge branch 'main' of github.com:sass/dart-sass into feature.color-4
• 05e1691 Bump bufbuild/buf-setup-action in /.github/util/initialize ([BUG] npm ERR! cb() never called! npm/cli#2338)
• 6848763 Merge pull request [BUG] npm exec does not pass switches to the inner function npm/cli#2337 from sass/even-more-statements
• d9e854a Add support for silent comments
• cf918bc Add support for `@ media`
• 717867b Add a future global-builtin deprecation ([BUG] <title> npm/cli#2336)
• 5dff2e8 Merge pull request Issues while installing dependances npm/cli#2317 from sass/more-statements
• 7784231 Add support for loud comments

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.