[Snyk] Fix for 1 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bin-links

The new version differs by 12 commits.

• ca8aad2 2.0.0
• 5ce48a1 docs: update for v2
• 3af8c54 ignore most things
• 3344f8d changelog for v2
• a1272ee v2 implementation
• d35c9b2 tests for v2
• 675263d deps for new version
• 2f8c1fa license: Artistic 2.0 -> ISC
• 49c3151 chore: only support live nodes
• 2c6fb91 fix: do not require a log option
• 3fa88fa chore: update CLI dev environment
• ee939c0 chore: Use native Promises instead of Bluebird

See the full diff

Package name: glob

The new version differs by 121 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: init-package-json

The new version differs by 82 commits.

• 6b7dbaf chore: release 4.0.0 (doc: add npm add as alias to npm install npm/cli#160)
• ea53243 chore: bump @ npmcli/config from 4.2.2 to 6.0.0 (Release: npm@6.9.0 npm/cli#167)
• 99e3307 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0 (Log failed optional platform dependencies as info npm/cli#169)
• b869b31 deps: bump read-package-json from 5.0.2 to 6.0.0 (fix optional dependencies when using devDeps npm/cli#170)
• d342821 deps: bump validate-npm-package-name from 4.0.0 to 5.0.0 (interactive pick-updates command npm/cli#168)
• a9b2e54 chore: postinstall for dependabot template-oss PR
• 9eacc7e chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• ada46c8 chore: postinstall for dependabot template-oss PR
• bb17043 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• e8ea83a feat!: postinstall for dependabot template-oss PR
• 2eeb977 chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 18e3c78 chore: postinstall for dependabot template-oss PR
• 197e9c3 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 8abb642 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (token: use figgy-config to make sure extra opts are there npm/cli#149)
• 64ad963 chore: postinstall for dependabot template-oss PR
• 6f0fbd3 chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 9023742 chore: bump @ npmcli/template-oss from 3.2.1 to 3.4.1 (install/dedupe: fix hoisting of packages with peerDeps npm/cli#147)
• e063094 chore(main): release 3.0.2 (fix(packageRelativePath): fix 'where' for file deps npm/cli#142)
• e4ba49a chore: bump @ npmcli/template-oss from 3.2.0 to 3.2.1 (doc: add preferDev and update preferGlobal npm/cli#143)
• fa7574a deps: bump validate-npm-package-name from 3.0.0 to 4.0.0 (test: maketest: Fix common.npm callback arguments npm/cli#144)
• b1ec548 deps: update npm-package-arg requirement from ^9.0.0 to ^9.0.1 (feat: new npm-cli feature to install missing dependencies npm/cli#136)
• 3b443aa chore: bump tap from 15.2.3 to 16.0.1 (Release: npm@6.7.0 npm/cli#141)
• d8bdf52 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (doc: update package.json docs to include repository.directory details npm/cli#140)
• a1348c6 chore: release 3.0.1 (docs: described exit codes in npm-audit docs npm/cli#135)

See the full diff

Package name: licensee

The new version differs by 70 commits.

• 42aae52 9.0.0
• d84d74d Add caniuse-lite to .licensee.json
• 9e45b0f tap@16.3.0
• ed793f5 semver@7.3.7
• 12b20b5 9.0.0-pre.1
• 608f5c1 @ blueoak/list@9.0.0
• acc80c3 git rm package-lock.json
• e79776f Merge pull request [Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0 #77 from jslicense/arborist
• b9e0ce6 Use tree.package.name instead of tree.name
• 53bd8b2 Fix incorrect Arborist API call
• 3117239 Refactor
• 30b2cab Fix logic error
• 64bde16 Use rimraf in unit test
• 9ea181c Call arborist.loadActual with forceActual: true
• 44a9993 @ npmcli/arborist@5.6.0
• c7cead1 Test on more newer Node.js versions
• 30e2fd4 Add unit test to Tape invocation list
• 2ae6b8b Remove npm install errors test
• 6e763fe Clobber .package-lock.json files
• cf535d2 Replace old fs.rmdir call
• ba52ba4 Remove console.log call
• fddc8c6 WIP
• 2dd7044 Configure GitHub to test on Node 12 and above
• 3e3288d WIP

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published ([BUG] Dev dependency should not throw “unsupported platform” error when using --production flag on npm install npm/cli#2921)
• 4e493d4 chore: misc testing fixes (fix(uninstall): use correct local prefix npm/cli#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (fix(install): ignore auditLevel npm/cli#2929)
• e388255 deps: which@4.0.0 ([BUG] EACCES error with npm remove on npm@7.7.0 npm/cli#2928)
• 059bb6f deps: make-fetch-happen@13.0.0 ([BUG] npm uninstall doesn't work in 7.7.0 npm/cli#2927)
• 4bef1ec deps: glob@10.3.10 ([BUG] npm 7.7.0 lost progress bar on npm install npm/cli#2926)
• 21a7249 chore: add check engines script to CI (Release/v7.7.0 npm/cli#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (fix(audit-level): add info audit level npm/cli#2923)
• d644ce4 docs: update applicable GitHub links from master to main ([BUG] "ERR! must provide string spec" when running "npm install" npm/cli#2843)
• 4a50fe3 chore: empty commit to add changelog entries from package-lock changes depending upon name of project folder npm/cli#2770
• 26683e9 chore: GitHub Workflows security hardening ([BUG] NPM 7.x broke the "--json" CLI parameter npm/cli#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 ([BUG] workspace packages using different major versions of the same package causes issues npm/cli#2783)
• 5746691 test: update expired certs (fix(usage): tie usage to config npm/cli#2908)
• d3615c6 Fix incorrect Xcode casing in README ([BUG] Fix ERESOLVE error output npm/cli#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python ([BUG] npm on windows can't run scripts with ".", relative paths "../" npm/cli#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after ([BUG] cannot read property 'length' of undefined with npm npm/cli#2721)
• 445c28f test: increase mocha timeout ([BUG] sudo prompt is not shown in scripts, causing install and tests to hang npm/cli#2887)
• 1bfb083 Fix Python lint error by using an f-string (feat: add exec workspaces npm/cli#2886)
• c9caa2e docs: Update windows installation instructions in README.md ([DOC] Wiki has broken link npm/cli#2882)

See the full diff

Package name: npm-registry-fetch

The new version differs by 157 commits.

• 8f61d95 chore: release 14.0.0 (Check run script existence with undefined npm/cli#139)
• c1a2c5a chore: bump cacache from 16.1.3 to 17.0.0 (install/dedupe: fix hoisting of packages with peerDeps npm/cli#147)
• b5aeed0 deps: bump make-fetch-happen from 10.2.1 to 11.0.0 (Always save package_lock.json when using --package-lock-only npm/cli#146)
• c1c203e chore: postinstall for dependabot template-oss PR
• dcff56f chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• 8762c37 chore: postinstall for dependabot template-oss PR
• 428d241 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• 104a51f feat!: postinstall for dependabot template-oss PR
• 36f576a chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• ed6304c chore: postinstall for dependabot template-oss PR
• 4a08dd4 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• de64201 chore(main): release 13.3.1 (audit: report any errors above 400 as potentially not supporting audit npm/cli#128)
• c9a8727 fix: linting
• a72fb7c chore: rimraf@3.0.2
• 79bddb9 chore: mkdirp@1.0.4
• 8d40cbb chore(main): release 13.3.0 (misc: replace ronn with marked-man npm/cli#126)
• 42d605c feat: respect registry-scoped certfile and keyfile options (audit: env selection for report npm/cli#125)
• 43c91f5 chore(main): release 13.2.0 (cli,outdated: default homepage to an empty string npm/cli#124)
• 893ea1c chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (deps: spdx-license-ids@3.0.3 npm/cli#121)
• ff4ed65 feat: set 'npm-auth-type' header depending on config option (Handle git branch references correctly npm/cli#123)
• 0db6cf8 chore: postinstall for dependabot template-oss PR
• 0c1795e chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 5f9f823 chore: bump @ npmcli/template-oss from 3.3.2 to 3.4.1 (chore: replace var with const/let in repo npm/cli#119)
• b9848ba chore(main): release 13.1.1 (Replace hardcoded URL to advisory with a URL from audit response npm/cli#110)

See the full diff

Package name: pacote

The new version differs by 250 commits.

• abd1ecb chore: release 15.0.1 (chore: remove unused config/fetch-opts file npm/cli#219)
• 74821c2 deps: bump @ npmcli/run-script from 4.2.1 to 5.0.0 (doc: fixed typo for Number.MAX_SAFE_INTEGER npm/cli#229)
• a9844d0 deps: bump @ npmcli/promise-spawn from 3.0.0 to 4.0.0 (Isaacs/fix crash if registry config unset npm/cli#226)
• f3f9970 chore: bump @ npmcli/template-oss from 4.5.1 to 4.6.0 (Isaacs/fix crash if registry config unset npm/cli#225)
• 1058177 deps: bump read-package-json from 5.0.2 to 6.0.0
• 0f5ef8a deps: bump @ npmcli/installed-package-contents from 1.0.7 to 2.0.0
• 7e3b4b5 deps: bump ssri from 9.0.1 to 10.0.0
• 4e7536d deps: bump @ npmcli/git from 3.0.2 to 4.0.0
• 3bc7550 deps: bump npm-pick-manifest from 7.0.2 to 8.0.0
• 41fab27 deps: bump proc-log from 2.0.1 to 3.0.0
• 1e1c58c chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0
• 4abf24a deps: bump npm-registry-fetch from 13.3.1 to 14.0.0 (**WIP** install: correctly exclude dev dependencies when using global and shrinkwrap npm/cli#218)
• e562ba3 chore: release 15.0.0 (Correct command line usage messages npm/cli#214)
• 43ae022 feat: do not alter file ownership (Fix npm ci with file: dependencies npm/cli#216)
• 2ac3980 deps: bump read-package-json-fast from 2.0.3 to 3.0.0
• 48282d2 chore: postinstall for dependabot template-oss PR
• d63b004 chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• e660b7a chore: release 14.0.0
• ee16f1f feat: set as release
• 828f402 chore: postinstall for dependabot template-oss PR
• 538ab4c chore: bump @ npmcli/template-oss from 4.4.2 to 4.4.4
• 5aa45e5 chore: release 14.0.0-pre.3
• d6ef5dc feat: require arborist constructor to be passed in for preparing git dirs (doc: update changelog for npm@6.9.2 npm/cli#204)
• 7e7a1e2 chore: release 14.0.0-pre.2

See the full diff

Package name: rimraf

The new version differs by 52 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Package name: standard

The new version differs by 250 commits.

• fa0c1e4 update authors
• 81de719 16.0.0
• 9f94f98 prep changelog for 16.0.0
• f5b298a standard-engine@14
• 9f73bf2 eslint-config-standard-jsx@10
• 0ce671d eslint-config-standard@16
• dfea036 changelog
• c167c0a disable failing repos for 'no-var' rule
• 24ddf3f changelog
• 258ee48 disable no-var rule for cmd since it needs to run on all node versions
• 59dc70e remove eslint-plugin-standard
• 7c7dbec changelog
• 6fbe538 test: fix logs
• e5e0b37 test: disable failing repos
• a98eba7 test: re-enable disabled repos which now pass!
• 0bfd793 test: disable non-existent repo
• 6f9f2f1 test: add script to detect non-existent repos
• 0d429d0 test: remove non-existant repo
• 0b64eb3 test: add --write option to save changes to "disable" prop
• 8b97b72 test: add test packages into same repo
• e1b0466 changelog
• 692c0fe changelog
• c30a584 remove mkdirp dependency
• d1f9de1 remove broken eslint-index package

See the full diff

Package name: tap

The new version differs by 250 commits.

• 793c1c0 update versions
• 47a2289 add missing @ tapjs/mock service key polyfill
• 6622dca snapshot: update snapshot
• 556e520 mock: actually be resilient against multiple instances
• 2c135b0 Add `t.mockAll` method
• d7e7e4f clean process.cwd() out of snapshots by default
• 4c0dc72 use the released version of tshy
• c858f37 need to check in .tshy configs for typedoc to work
• 82f48cd update versions
• 0f27f73 TypeScript 5.2, use tshy for hybrid builds
• de09096 remove my home directory from parser snapshots
• 46e2bbb repl: mkdirp the .tap dir if missing
• acfae01 link typedocs to main website
• 2ece1da core spawn test even less flaky
• a7a12d2 update typedoc to latest, ts-node to temporary fork
• a5c0e0c some changelog updates
• caf8d81 document repl
• a5dc854 Store t.testdir() fixtures in .tap/fixtures
• 6914d23 remove docs from source control
• 1dcc6a7 exclude test files themselves from coverage
• aff25fc update versions
• c5972e7 core: make spawn timeout test less flaky
• 1c11b37 stack: properly parse ErrnoException errors
• 1280a55 parser: remove node v12 skip check

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.