[Snyk] Fix for 1 vulnerabilities

[leonardoadame]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • tools/node_modules/eslint/node_modules/path-key/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 36 commits.

• e1572d9 2.0.0
• 2daf6a9 Bump dependencies
• b1e54b1 By default, select test and helpers inside 'tests' directories
• 677578f Replace individual lodash packages with the main package
• a53ea15 Define environment variables to be injected in the test file processes
• 626e58c 2.0.0-rc.1
• 51433be Implement helper for our ESLint plugin
• c10e38c Remove underline from Babel configuration validation errors
• 928ed14 Bump dependencies
• 98034fb Make the object printing depth configurable (test: add test for dgram.setTTL nodejs/node#2121)
• f26634b 2.0.0-beta.2
• 80d72ff Bump dependencies
• 5f4c96f Further helper selection improvements
• ba5cd80 Fix TypeScript definition allowing macro-without-title-using-tests to be skipped
• 13a89e1 Reduce size of logo in readme
• 799eb91 Update domain name
• cb4c809 Make watch mode dependency tracking work with custom require hooks
• 08e99e5 Treat .spec.js files as test files
• 91b7641 Use underscore-prefixed helpers in documentation
• c2d8218 Improve the TypeScript definition `ObservableLike` type
• 5bae97c Fix sample test in Flow recipe
• 2762d3c Fix require path in Babel recipe
• 05f925f Fix sample test in TypeScript recipe
• 8a3f6ca Remove mention of the obsolete `devtool` package

See the full diff

Package name: tsd

The new version differs by 23 commits.

• a01388b 0.12.0
• 1b40723 Drop support for Node.js 6
• 56b90ab Add support for globbing patterns in files property - fixes [Snyk] Fix for 13 vulnerabilities #69 ([Snyk] Fix for 8 vulnerabilities #70)
• 9666433 Update all deps, some devDeps ([Snyk] Security upgrade mocha from 7.2.0 to 10.1.0 #72)
• 861db08 Add expectNotType assertion - fixes [Snyk] Fix for 4 vulnerabilities #56
• 67ae75b 0.11.0
• 06594fa Move execa to devDependencies
• 97261b2 Add deprecation expectations - fixes [Snyk] Fix for 8 vulnerabilities #51 ([Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #53)
• 3a375fa Add assignability expectations - fixes [Snyk] Security upgrade tap from 14.11.0 to 15.0.0 #39
• 206573b Upgrade to TypeScript 3.7 - fixes [Snyk] Fix for 5 vulnerabilities #52
• b802fee 0.10.0
• b68c37c Check if types are identical in strict assertions - fixes [Snyk] Security upgrade tap from 12.7.0 to 15.0.0 #43
• 30860fe Add makeDiagnostic util
• 3bb25ef Refactor to use assertion handlers for easier extension
• d6d32e7 Expose programming API - fixes [Snyk] Fix for 2 vulnerabilities #37
• 874092b 0.9.0
• e4c78c7 Make expectType assertion strict
• b13533b Bundle TypeScript with tsd
• 3cc33f5 Test Node.js 12
• 4a84ae0 0.8.0
• c445879 Add support for JSX - fixes [Snyk] Security upgrade semver from 6.3.0 to 7.5.2 #15 ([Snyk] Fix for 3 vulnerabilities #36)
• 03c170b Ignore no overload matches error in expectError assertion ([Snyk] Fix for 16 vulnerabilities #33)
• 47c7796 Pin ava@1

See the full diff

Package name: xo

The new version differs by 179 commits.

• ab16df2 0.42.0
• de55a03 Upgrade dependencies
• 34800b7 Upgrade `globby` ([Snyk] Security upgrade mocha from 6.2.3 to 8.3.0 #574)
• f81e933 Re-enable `import/newline-after-import` rule
• 47af93e 0.41.0
• af93e79 Upgrade dependencies
• 0733cc5 Fix code style ([Snyk] Security upgrade mocha from 7.2.0 to 8.3.0 #570)
• ab17a3c Lint `.cjs` files in codebase ([Snyk] Security upgrade mocha from 7.2.0 to 8.3.0 #569)
• 0a752c7 Update dependencies ([Snyk] Security upgrade airtap from 3.0.0 to 4.0.0 #568)
• 41c8f39 Convert project to module ([Snyk] Security upgrade mocha from 6.2.3 to 8.3.0 #566)
• b3c5e15 Fix typo ([Snyk] Fix for 1 vulnerabilities #567)
• 2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Security upgrade @npmcli/template-oss from 4.19.0 to 4.20.0 #565)
• 41f0484 0.40.3
• 374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Security upgrade airtap from 1.0.2 to 4.0.0 #561)
• 3e7b77c Remove some needless imports ([Snyk] Security upgrade airtap from 3.0.0 to 4.0.0 #560)
• 6adf459 Remove `update-notifier`
• b6389ef 0.40.2
• 7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Security upgrade mocha from 7.2.0 to 8.3.0 #557)
• 7629ce0 0.40.1
• d2c5750 Properly resolve base config ([Snyk] Fix for 1 vulnerabilities #545)
• e9c96a1 Properly handle `parserOptions` ([Snyk] Fix for 1 vulnerabilities #544)
• 8e1801c Avoid destructuring and just build the expected object once ([Snyk] Fix for 1 vulnerabilities #538)
• 4cfdc72 Fix CI
• 56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.