[Snyk] Fix for 3 vulnerabilities

[Qdigital]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/@vuepress/test-utils/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• 343532a v26.0.0
• 075854a chore: update changelog for release
• 68b65af v26.0.0-alpha.2
• d30a586 fix: disallow hook definitions in tests (#9957)
• 3375ac3 chore: remove unused prettier uninstall step from CI
• 0a63d40 fix: absolute path moduleNameMapper + jest.mock issue (#8727)
• 03dbb2f chore: fix watch mode test with utimes (#9967)
• 68d12d5 chore: skip broken test on windows (#9966)
• e8e8146 align circus with jasmine's top-to-bottom execution order (#9965)
• 968a301 Fix invalid re-run of tests in watch mode (#7347)
• 5d1be03 chore: fix windows CI (#9964)
• 2bac04f v26.0.0-alpha.1
• c665f22 feat: add `createMockFromModule` to replace `genMockFromModule` (#9962)
• 8147af1 chore: improve error on module not found (#9963)
• 71631f6 feat: add new 'modern' implementation of Fake Timers (#7776)
• d7f3427 chore: rename LolexFakeTimers to ModernFakeTimers (#9960)
• 2c7682c Update index.js (#9095)
• 5a16415 docs: Updated Testing Frameworks guide with React; make it generic (#9106)
• 4216b86 updated docs regarding testSequencer (#9174)
• 2e8f8d5 fix: handle `null` being passed to `createTransformer` (#9955)
• 7a3c997 jest-circus: throw if a test / hook is defined asynchronously (#8096)
• 42f920c chore: update ts-eslint (#9953)
• 3078172 Updated config docs with default transform value (#8583)
• b6052e0 Update jest-phabricator documentation (#8662)

See the full diff

Package name: ts-jest

The new version differs by 165 commits.

• ad58c9b chore(release): 25.3.0
• 949e3e1 chore: update package-lock.json
• b8ebf36 docs: add Troubleshoting section (Not compatible with iView vuejs/vuepress#1463)
• 8b5325e chore(transformer): only do type checking for js/jsx/ts/tsx file (remove plugin-clean-urls vuejs/vuepress#1464)
• 58b05b1 chore: replace travis-ci.org with travis-ci.com (NavBar missing with Custom Layout vuejs/vuepress#1469)
• 79e8fdf build(deps-dev): bump jest from 25.2.3 to 25.2.4 (vue component data binding is working when dev locally but not when using npm serve vuejs/vuepress#1468)
• dddce1c build(deps-dev): bump @ jest/transform from 25.2.3 to 25.2.4 (Default theme sidebar not disabled in mobile view vuejs/vuepress#1467)
• d811bae build(deps-dev): bump lint-staged from 10.0.9 to 10.0.10 (fix($plugin-pagination): get posts calculation error vuejs/vuepress#1466)
• ecc8312 build(deps-dev): bump @ types/react from 16.9.26 to 16.9.27 (remove plugin-container vuejs/vuepress#1462)
• c10ad4a chore(compiler): improve performance for language service ([[toc]] renders empty with cutomization in config.js vuejs/vuepress#1461)
• 455ee5b build(deps-dev): bump @ jest/transform from 25.2.1 to 25.2.3 (Help me！I have a problem with themeConfig.lastUpdated vuejs/vuepress#1459)
• 1641cfb build(deps-dev): bump jest from 25.2.2 to 25.2.3 (update to 1.x build errors vuejs/vuepress#1460)
• 3010ec8 build(deps-dev): bump @ jest/types from 25.2.1 to 25.2.3 (serverPrefetch not called in dev vuejs/vuepress#1458)
• 26a81f0 build(deps-dev): bump @ types/react from 16.9.25 to 16.9.26 (Update isExternal regex to comply with rfc3986 vuejs/vuepress#1457)
• 99c552d build(deps-dev): bump jest from 25.2.1 to 25.2.2 (feat($core): better layout check vuejs/vuepress#1455)
• 5214f1b build(deps): bump yargs-parser from 18.1.1 to 18.1.2 (Unable to inject CSS using module.exports?  vuejs/vuepress#1456)
• 79478ae build(deps-dev): bump tslint-plugin-prettier from 2.2.0 to 2.3.0 (VuePress dev Does not run server on MacOs vuejs/vuepress#1454)
• 107e062 fix: always do type check for all files provided to ts-jest transformer (markdown.toc generate wrong toc while using [[toc]] vuejs/vuepress#1450)
• 1e34075 build(deps-dev): bump @ jest/types from 25.2.0 to 25.2.1 (Add npm install and npm test to CI vuejs/vuepress#1452)
• ba5a6c4 build(deps-dev): bump @ jest/transform from 25.2.0 to 25.2.1 (chore: lint fix vuejs/vuepress#1451)
• e857f5b build(deps-dev): bump jest from 25.2.0 to 25.2.1 (VuePress dev server not working vuejs/vuepress#1453)
• 4981da8 Merge pull request v1.0 use a theme report an error vuejs/vuepress#1447 from kulshekhar/dependabot/npm_and_yarn/jest/types-25.2.0
• ea8240a Merge pull request Fix broken link vuejs/vuepress#1448 from kulshekhar/dependabot/npm_and_yarn/jest/transform-25.2.0
• e50db11 build(deps-dev): bump @ jest/types from 25.1.0 to 25.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.