[Snyk] Upgrade standard from 17.0.0 to 17.1.0

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade standard from 17.0.0 to 17.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 4 months ago, on 2023-05-30.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 102, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V4	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 102, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V4	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 102, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V4	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 102, Transitive dependency: Yes, Is Malicious: No, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V4	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: standard

• 17.1.0 - 2023-05-30
  
  • Update dependencies and prepare release 17.1.0 (#1908) a4049f8
  • Add version-guard to silent failure on old node (#1829) 7dc2ab0 85316d1 26efe34 f635e4e 6dd2162

  v17.0.0...v17.1.0

• 17.0.0 - 2022-04-20
  

  We're super excited to announce standard 17!

  This major release fully focuses on getting in sync with the wider ESLint ecosystem
  and doesn't in itself introduce any new rules or features.

  When you upgrade, consider running standard --fix to automatically format your
  code to match the current set of rules.

  This is the first release by two of our standard co-maintainers @ theoludwig and @ voxpelli.
  Buy them a cake if you run into them, thanks for getting this release out!

  Major changes

  • eslint-config-node has been replaced with the up to date fork eslint-config-n. If you have used comments like // eslint-disable-line node/no-deprecated-api you now have to reference the n/ rules instead.
  • object-shorthand rule (as warning)
  • Use of ESLint 8, which allows for support for all of the latest syntax that ESLint 8 includes, such as top level await #1548 #1775
  • --verbose by default

  Changed features

  • Update eslint from ~7.18.0 to ^8.13.0
  • Update eslint-config-standard from 16.0.3 to 17.0.0 to adapt to ESLint 8
  • Update eslint-config-standard-jsx from 10.0.0 to ^11.0.0 to adapt to ESLint 8
  • Update standard-engine from ^14 to ^15.0.0 to adapt to ESLint 8, see its CHANGELOG
  • Move from eslint-plugin-node@~11.1.0 to eslint-plugin-n@^15.1.0 to adapt to ESLint 8
  • Update eslint-plugin-import from ~2.24.2 to ^2.26.0
  • Update eslint-plugin-promise from ~5.1.0 to ^6.0.0
  • Update eslint-plugin-react from ~7.25.1 to ^7.28.0

  v16.0.4...v17.0.0

from standard GitHub release notes

Commit messages

Package name: standard

• 8f448be 17.1.0
• a4049f8 Prepare release 17.1.0 (build(deps): bump sentry-sdk from 1.16.0 to 1.23.0 in /tools mozilla/code-coverage#1908)
• 0e531b3 docs: update broken ESLint link (build(deps): bump google-cloud-storage from 2.7.0 to 2.9.0 in /bot mozilla/code-coverage#1888)
• e4deb80 Merge pull request build(deps-dev): bump webpack-cli from 5.0.1 to 5.0.2 in /frontend mozilla/code-coverage#1865 from standard/dependabot/npm_and_yarn/eslint-plugin-n-tw-15.5.1
• fac23c8 build(deps): update eslint-plugin-n requirement from ^15.1.0 to ^15.5.1
• 0934b1a remove npm org packages from external
• 6516bf8 Test on Node 18 (build(deps): bump taskcluster from 47.1.2 to 49.1.0 in /tools mozilla/code-coverage#1854)
• caa3573 update broken link (build(deps-dev): bump @babel/core from 7.21.0 to 7.21.4 in /frontend mozilla/code-coverage#1833)
• 6dd2162 fix: silent exit on unsupported node.js versions (build(deps-dev): bump webpack-dev-server from 4.11.1 to 4.13.2 in /frontend mozilla/code-coverage#1829)
• f635e4e Skip dev dependencies for `old-test.yml`
• 26efe34 Stop using the cache for `old-test.yml`
• 85316d1 Add `4` to the matrix of old versions
• d1cc665 Gather non-`index.js` top level js-files in `lib/`
• 7dc2ab0 Add `version-guard` to silent failure on old node
• 8d83230 Remove the reference to Typescript being fixed by the pre-commit hook (build(deps-dev): bump css-minimizer-webpack-plugin from 4.2.2 to 5.0.0 in /frontend mozilla/code-coverage#1827)
• 3bfa852 sponsor
• 94c80e1 Merge pull request build(deps-dev): bump pre-commit from 3.1.1 to 3.2.1 in /backend mozilla/code-coverage#1815 from ddiu8081/bugfix/docs-update
• 6c22321 docs(rules): fix markdown formatting issue
• d4d8c08 docs: add dotenv logo to README (build(deps): bump redis from 4.5.1 to 4.5.3 in /backend mozilla/code-coverage#1811)
• e89112b chore: Set permissions for GitHub actions
• 3c1c6e0 build(deps-dev): update minimist requirement to ^1.2.6 (build(deps-dev): bump @babel/core from 7.21.0 to 7.21.3 in /frontend mozilla/code-coverage#1804)
• cb919e0 build(deps-dev): bump hallmark from 3.1.0 to 4.1.0 (build(deps): bump libmozevent from 1.1.21 to 1.1.24 in /events mozilla/code-coverage#1769)
• b680453 build(deps-dev): update simple-get requirement to ^4.0.1 (build(deps): bump tqdm from 4.64.1 to 4.65.0 in /bot mozilla/code-coverage#1771)
• ea810f9 build(deps-dev): update tape requirement from ^5.3.2 to ^5.5.3

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: de79d50

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR