[Snyk] Fix for 1 vulnerabilities

[EMWickd]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/nyc/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cp-file

The new version differs by 28 commits.

• 642f50d 10.0.0
• 176d12f Require Node.js 14 and move to ESM
• cf322af Add `onProgress` option ([Snyk] Security upgrade glob from 7.2.3 to 9.0.0 #52)
• 3fe6ab4 Add `cwd` option ([Snyk] Security upgrade glob from 4.5.3 to 9.0.0 #46)
• 5dbf6dc Fix tests on Node.js 14 and later ([Snyk] Security upgrade rimraf from 2.7.1 to 4.0.0 #48)
• 778ecdb Fix CI error on Windows ([Snyk] Fix for 1 vulnerabilities #50)
• 589c637 9.1.0
• bedd8ce Meta tweaks
• 4eb8f47 Add `directoryMode` option ([Snyk] Security upgrade glob from 4.5.3 to 9.0.0 #44)
• 694ddb2 Move to GitHub Actions ([Snyk] Security upgrade @npmcli/run-script from 6.0.2 to 7.0.2 #43)
• 8c7ac33 9.0.0
• 5f5151d Meta tweaks
• 4e536d5 Stop preserving ownership, stop performing chmod after `copyFileSync` ([Snyk] Fix for 10 vulnerabilities #39)
• 1cda1f2 8.0.1
• d7fab4c Fix problems when on latest Node.js 12
• 11b236d 8.0.0
• 1b5e072 Rename some ProgressData properties
• 6d92d5c Wait for `open` event on the writable stream
• df050ac Require Node.js 10
• 4668c5a Always throw if unable to overwrite ([Snyk] Fix for 19 vulnerabilities #38)
• 4e1367f Test on Windows too
• edcc055 Meta tweaks
• d3ed7b9 Create funding.yml
• 82a5286 Add Node.js 12 to testing ([Snyk] Fix for 3 vulnerabilities #35)

See the full diff

Package name: find-cache-dir

The new version differs by 24 commits.

• e49c127 4.0.0
• c5e8e5c Require Node.js 14 and move to ESM
• 21ae944 3.3.2
• 6a378f5 Respect `name` option when `CACHE_DIR` environment variable is set ([Snyk] Security upgrade tough-cookie from 2.4.3 to 4.1.3 #34)
• 05a0b08 Move to GitHub Actions ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #32)
• 4d774c6 Readme tweaks
• c35ae06 3.3.1
• e7dd4a6 Ignore true/false/1/0 values for `CACHE_DIR` environment variable ([Snyk] Security upgrade tap from 14.10.5 to 15.0.0 #27)
• e30f2cf 3.3.0
• 0bc30bd Minor tweaks
• 71faea2 Allow the `CACHE_DIR` environment variable to override the cache location ([Snyk] Security upgrade semver from 6.3.0 to 7.5.2 #18)
• 8ec64dc Test on all supported OSes ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #22)
• f8c51f3 Minor cleanup ([Snyk] Security upgrade make-dir from 2.1.0 to 4.0.0 #25)
• 237f636 Minor refactoring ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #23)
• c432cb4 3.2.0
• a0c487f Meta tweaks
• a2679d9 Tolerate lack of `node_modules` when checking if directory is writable ([Snyk] Security upgrade os-locale from 3.1.0 to 5.0.0 #20)
• d3c64a7 Add Storybook to list of adopters ([Snyk] Security upgrade semver from 7.3.2 to 7.5.2 #21)
• 60f1e83 3.1.0
• 3cea1e7 Return `undefined` if the found `node_modules` directory is not writable ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #19)
• da06f09 Tidelift tasks
• f6ecb85 3.0.0
• a0ed7cc Update dependencies, require Node.js 8 ([Snyk] Security upgrade normalize-package-data from 2.5.0 to 3.0.0 #15)
• 1f96b98 Add Tidelift mention in the readme

See the full diff

Package name: istanbul-lib-source-maps

The new version differs by 92 commits.

• 5319df6 Publish
• 5033e2e chore: Tell greenkeeper to ignore semver updates.
• 54636fc feat(text): Coalesce ranges of missing lines (npmjs site npm/cli#511)
• 9546946 Publish
• 03e7a11 chore: Bump dependencies ([BUG] UNABLE_TO_GET_ISSUER_CERT_LOCALLY npm/cli#510)
• 5afe203 fix: Add favicon to html report (docs: add netlify docs website config npm/cli#493)
• a01a2b8 fix: Do not export index.json (fix: check npm.config before accessing its members npm/cli#508)
• bf0141b Publish
• 177fd45 feat: Add support for projectRoot option ([BUG] NPM Install includes transitive devDependencies for file: dependencies. npm/cli#492)
• c69ce0c Publish
• aa8ae7f fix: Remove handlebars ([FEATURE] funding field as array npm/cli#503)
• 6d04040 Publish
• 094f1b8 fix: sourceFinder cannot be async. (fix(fund): open url for string shorthand npm/cli#501)
• 886e19c Publish
• d77cc14 fix: mappedCoverage.addStatement is not a function ([BUG] Sometimes package can't be downloaded from the public NPM registry npm/cli#500)
• 597234b chore: Pin prettier ([BUG] npm fund <package> errors when "funding" is a string npm/cli#498)
• 7c1367b Publish
• 8f8c88e fix: Produce properly merged source-maps when inputSourceMap is provided ([FEATURE] GitHub avatar instead of Gravatar on npmjs.org npm/cli#487)
• 70f48b7 Publish
• 95a2b2f fix: Add missing dependency on istanbul-lib-report ([QUESTION] how to re-publish readme after npm unpublish version-readme npm/cli#490)
• a8b3557 Publish
• f8ebbc9 feat: Convert to async API (npm function npm/cli#489)
• 4d5e777 Publish
• 68d95d2 chore: Update dependencies ([FEATURE] Please show gitlab.com repo stats on npmjs.com package pages npm/cli#488)

See the full diff

Package name: make-dir

The new version differs by 28 commits.

• 54612e8 4.0.0
• c419a8a Update dependencies
• 55af5b8 Rename `master` branch to `main`
• 1dd6443 Fix code coverage
• 397e48e Move to GitHub Actions
• cf02568 Fix tests
• 064e92d Require Node.js 10 ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #32)
• 4616c03 Fix Travis
• 5e95e00 Meta tweaks
• 978bee9 Cleanup from [Snyk] Security upgrade make-dir from 2.1.0 to 4.0.0 #28 ([Snyk] Fix for 1 vulnerabilities #30)
• 6d029fe 3.1.0
• b5a98ef Stop using deprecated `process.umask()` ([Snyk] Security upgrade make-dir from 2.1.0 to 4.0.0 #28)
• 960ecf1 Fix readme typo ([Snyk] Security upgrade make-dir from 2.1.0 to 4.0.0 #26)
• 66ba0d9 3.0.2
• 25231fe Throw original error if stat fails; to match sync implementation ([Snyk] Security upgrade semver from 7.3.2 to 7.5.2 #24)
• cde3270 3.0.1
• dea15ae Fetch fresh `process.umask()` on every method call ([Snyk] Security upgrade nyc from 11.9.0 to 15.0.0 #19)
• 8632e52 Upgrade `nyc`
• 7201491 Fix linting
• 3354122 Fix tests on Windows and Node.js 12 ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #22)
• 9de6474 Test ENOTDIR|EEXIST error when parent is a file ([Snyk] Security upgrade normalize-package-data from 2.5.0 to 3.0.0 #15)
• 49b26bd Tidelift tasks
• f03a4db Create funding.yml
• 0efa10f Add Node.js 12 to testing ([Snyk] Security upgrade semver from 5.7.1 to 7.5.2 #16)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)