[Snyk] Fix for 1 vulnerabilities

[HelloKittyHacker]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • script/package.json
  • script/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-packager

The new version differs by 201 commits.

• 41acebf docs(news): fix 15.0.0 link
• 0fb2f1f 15.0.0
• 65ae3fe chore(deps): bump electron-notarize from 0.3.0 to 1.0.0 (#1157)
• 198ffb2 refactor: replace sanitize-filename with filenamify (#1156)
• 34d6fb1 build: test Node 14 in CI (#1155)
• 4d22659 fix(infer): add missing fields to the infer error message (#1153)
• e41de9f build(deps-dev): upgrade eslint to ^7.1.0 & @ typescript-eslint/* to ^3.0.0 (#1152)
• 1ba3294 build: merge ESLint config files into package.json when possible
• 0505742 docs: clarify disabling pruning via the API in the README
• a0ef38f refactor: rename ignore source files/functions to copy-filter (#1151)
• e3913f6 feat: Add support for macOS app API key notarization (#1127)
• 366df35 build(deps): upgrade electron-notarize to ^0.3.0
• 37a0f2c Merge pull request #1139 - refactor: replace cross-zip with extract-zip
• bc61ca5 refactor: replace cross-zip with extract-zip
• 9c9b8de test(unzip): refactor for efficiency and readability
• b4247f9 test(unzip): unzip should preserve symbolic links
• 39851a1 chore(deps): bump fs-extra from 8.1.0 to 9.0.0 (#1137)
• fc1dbbc chore(deps-dev): bump typedoc from 0.16.11 to 0.17.1 (#1136)
• c9c5170 fix(mac): check for osxNotarize.hardened-runtime in addition to hardenedRuntime
• 4081666 build: upgrade asar to ^3.0.0
• 30169e3 build: ignore typedoc output for eslint
• eaf597b build: upgrade to malept/github-action-gh-pages@1.0.2
• c937f41 docs: note in usage that sub-properties listed aren't exhaustive
• 68c63f7 docs: add electron-notarize to DEBUG list

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: espree@7.0.0 (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: eslint-plugin-import

The new version differs by 250 commits.

• b0131d2 Bump to v2.25.0
• 7463de2 utils: v2.7.0
• 900ac9a [resolvers/webpack] [deps] update `is-core-module`
• c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
• 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
• 62e2d88 [New] Support `eslint` v8
• 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
• dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
• 4f0f560 [Docs] `no-namespace`: fix a typo
• 430d16c [Tests] eslint-import-resolver-typescript@1.0.2 doesn't resolve .js
• 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
• 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
• 471790f [Tests] fix skip usage
• fd85369 [Tests] skip failing test on eslint < 6 + node < 8
• 64423e9 [Tests] add passing test for export-star
• 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
• 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
• 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
• 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
• 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
• 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
• 7c382f0 [New] `no-unused-modules`: support dynamic imports
• 7579748 [utils] [new] add `visit`, to support dynamic imports
• 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: normalize-package-data

The new version differs by 33 commits.

• e584704 3.0.0
• 6899b0c fix: broken tests w/ latest hosted-git-info
• 40d07df hosted-git-info@3.0.6
• e938119 chore: update engines
• 7e70f63 resolve@1.17.0
• 0ba7f91 semver@7.3.2
• 30afb71 chore: remove async dev dep
• db9c672 tap@14.10.8
• cc89759 chore: remove underscore dev dep
• b224ba1 chore: update to package-lock v2
• dedb606 2.5.0
• f97372c deps: use `resolve.isCore` instead of `is-builtin-module` for better data and better node compat ([Snyk] Security upgrade mocha from 2.5.1 to 6.2.3 #99)
• de56d3e 2.4.2
• 96c93df deps: downgrade is-builtin-module to ^1.0.0
• 39b60ac 2.4.1
• 9d1ce80 fix: update broken url to `validate-npm-package-license` in README
• 156ad83 deps: bump devDeps
• 432f89c deps: bump deps
• f828e53 chore: update CI for current Node LTS
• df8ea05 fix(license): don't fail when license is whitespace-only field ([Snyk] Security upgrade marked from 0.3.19 to 4.0.10 #93)
• 9948ecf 2.4.0
• f85b3f6 don't warn on missing protocol in `homepage` field
• 468c113 Add extension when requiring `typos.json`
• 6ba4949 2.3.8

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: semver

The new version differs by 232 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (#566)
• 5c8efbc fix: preserve build in raw after inc (#565)
• 717534e fix: better handling of whitespace (#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (#552)
• 503a4e5 feat: allow identifierBase to be false (#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (#538)
• aa516b5 fix: faster parse options (#535)
• 61e6ea1 fix: faster cache key factory for range (#536)
• f8b8b61 fix: optimistic parse (#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (#533)
• 3f222b1 fix: reuse comparators on subset (#537)
• 113f513 feat: identifierBase parameter for .inc (#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 1b75f38 13.8.0
• c84362f Prepare 13.8.0
• 00c7d73 Update deps (#5041)
• a1c8225 Bump jest from 26.6.1 to 26.6.3 (#5036)
• da381ee Fix `disableRanges.test.js` that uses callbacks (#4991)
• 2db70e9 Fix `isStandardSyntaxTypeSelector.test.js` that use callbacks (#4990)
• bb19b6c Update CHANGELOG.md
• c36b8d0 Add selector-attribute-name-disallowed-list (#4992)
• d42f8da Update CHANGELOG.md
• 1e6f944 Fix false negatives for dollar variables in *-notation (#5031)
• d347a29 Bump jest-circus from 26.6.1 to 26.6.3 (#5034)
• 4695069 Bump file-entry-cache from 5.0.1 to 6.0.0 (#5038)
• bd207fa Bump np from 6.5.0 to 7.0.0 (#5037)
• 467c4f9 Bump meow from 7.1.1 to 8.0.0 (#5015)
• 4f0225a Bump v8-compile-cache from 2.1.1 to 2.2.0 (#5028)
• 42f6c73 Bump eslint from 7.12.1 to 7.13.0 (#5029)
• f0b5aa8 refactor documentation config (#5025)
• 5a84657 Update CHANGELOG.md
• 785b59d Add ignoreAtRules to property-no-unknown (#4965)
• 60eb7b6 Bump eslint from 7.11.0 to 7.12.1 (#5017)
• e2ea569 Bump typescript from 4.0.3 to 4.0.5 (#5016)
• 078e9a6 Bump lint-staged from 10.4.0 to 10.5.1 (#5014)
• d7db502 Bump remark-cli from 8.0.1 to 9.0.0 (#4996)
• 2cddb6e Bump jest-circus from 26.5.3 to 26.6.1 (#5009)

See the full diff

Package name: yargs

The new version differs by 198 commits.

• 8515e4f docs: nit in CHANGELOG
• 4b8cfa9 docs: slight tweaks to CHANGELOG
• c809cbe chore(release): 10.0.0
• fc13dcd chore: new translations for command API overhaul (#976)
• 7269531 feat: .usage() can now be used to configure a default command (#975)
• 3757194 chore: add id translation to #976 (#986)
• 47b3078 chore: update Dutch Translation (#981)
• 20bb99b feat: replace /bin/bash with file basename (#983)
• 5a9c986 feat(translation): Update pl-PL translations (#985)
• 02cc11d docs: whoops, forgot to call out a breaking change introduced into parse()
• 7e58453 fix: the positional argument parse was clobbering global flag arguments (#984)
• a06b67d chore: update tr.json (#982)
• b2d11b3 chore: add ja translations (#979)
• 1598a7f docs: switch to using .positional() in example (#973)
• 280d0d6 feat: hidden options are now explicitly indicated using "hidden" flag (#962)
• 8c1d7bf fix: less eager help command execution (#972)
• db77c53 chore: switch to find-up from read-pkg-up (#970)
• cb16460 feat: introduce .positional() for configuring positional arguments (#967)
• 3bb8771 fix: config and normalise can be disabled with false (#952)
• c649415 chore(release): 9.1.0
• 7b22203 fix(command): Run default cmd even if the only cmd (#950)
• 74a38b2 feat: multiple usage calls are now collected, not replaced (#958)
• d1b23f3 chore(release): 9.0.1
• ac8088b fix: implications fails only displayed once (#954)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)