[Snyk] Fix for 1 vulnerabilities

[MiroDojkic]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: del-cli

The new version differs by 5 commits.

• bbab826 4.0.0
• 4c65d87 Require Node.js 12 and upgrade dependencies
• 66d9ed2 Move to GitHub Actions (Pass unrecognized attributes to child component #20)
• 5ceb4e9 Minor tweaks
• 7c72385 Readme tweaks (1.2.0 #17)

See the full diff

Package name: eslint

The new version differs by 210 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: [email protected] (#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (#13242)
• 401a687 Chore: fix rules list for prereleases (#13230)
• 4ef6158 Breaking: [email protected] (#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (#13267)
• 356fdb4 Docs: add migration guide (#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs #12334) (#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes #12883) (#13052)
• 2ce6bed Chore: added tests for nested arrays (#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs #12334) (#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes #13190) (#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (#12939)
• 3eeae56 Upgrade: some (dev) deps (#13155)
• 6b7030b Chore: Run tests on Node.js v14 (#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs #12334) (#13164)
• 56d2bee Docs: fix typos (#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (#13161)

See the full diff

Package name: eslint-plugin-import

The new version differs by 250 commits.

• b0131d2 Bump to v2.25.0
• 7463de2 utils: v2.7.0
• 900ac9a [resolvers/webpack] [deps] update `is-core-module`
• c117be5 [Dev Deps] update `array.prototype.flatmap`, `glob`; remove `babel-preset-es2015-argon`
• 0e857b6 [Deps] update `array-includes`, `array.prototype.flat`, `is-core-module`, `is-glob`, `object.values`
• 62e2d88 [New] Support `eslint` v8
• 9a744f7 [Fix] `default`, `ExportMap`: Resolve extended TypeScript configuration files
• dd81424 [Refactor] `no-unresolved`, `no-extraneous-dependencies`: moduleVisitor usage
• 4f0f560 [Docs] `no-namespace`: fix a typo
• 430d16c [Tests] [email protected] doesn't resolve .js
• 47e9c89 [Tests] type-only imports were added in TypeScript ESTree 2.23.0
• 28669b9 [Tests] `no-extraneous-dependencies` ignores unresolved imports
• 471790f [Tests] fix skip usage
• fd85369 [Tests] skip failing test on eslint < 6 + node < 8
• 64423e9 [Tests] add passing test for export-star
• 58fe766 [Tests] ignore resolver tests, scripts, and unused memo-parser
• 47ea669 [Fix] `order`: Fix import ordering in TypeScript module declarations
• 4ed7867 [Fix] `no-unresolved`: ignore type-only imports
• 4d15e26 [patch] TypeScript config: remove `.d.ts` from `import/parsers` setting and `import/extensions` setting
• 9ccdcb7 [Refactor] switch to an internal replacement for `pkg-up` and `read-pkg-up`
• 1571913 [utils] [new] create internal replacement for `pkg-up` and `read-pkg-up`
• 7c382f0 [New] `no-unused-modules`: support dynamic imports
• 7579748 [utils] [new] add `visit`, to support dynamic imports
• 35bd977 [New] `no-unresolved`: add `caseSensitiveStrict` option

See the full diff

Package name: eslint-plugin-vue

The new version differs by 196 commits.

• 52ba4fe 7.0.0
• f478d65 Update documents (#1301)
• 990e13e 7.0.0-beta.4
• bcca364 Add `vue/experimental-script-setup-vars` rule (#1303)
• 47ade60 Add `vue/no-deprecated-props-default-this` rule (#1302)
• 1acb37d Fix doc of vue/no-potential-component-option-typo rule (#1308)
• 1cbe903 Update bug_report.md
• 6b4fb5c 7.0.0-beta.3
• c3221b8 Add `vue/no-v-for-template-key-on-child` rule (#1289)
• e1366fd Change `vue/valid-v-for` and `vue/require-v-for-key` rules to not report when placing a key on `<template>` (#1287)
• 1c52bb9 Separate rule that report <template v-for key> from no-template-key rule. (#1281)
• dab51e8 Upgrade prettier (#1286)
• 4331491 Add test for no-side-effects-in-computed-properties rule to check #1282 (#1283)
• 48d82c0 Update issue templates (#1275)
• 20f2ef2 7.0.0-beta.2
• 37ec77a Reorder Nuxt.js's `fetch` method in `vue/order-in-components` (#1268)
• d339b61 Update README.md
• c8e2514 Docs: Add "Trouble with Visual Studio Code" section to FAQ (#1270)
• 9239393 7.0.0-beta.1
• 61c62e9 Add `v-for-delimiter-style` rule (#1267)
• 3a4aa1a Fix reporting "Use the latest vue-eslint-parser" message in non-vue files. (#1262)
• 872c0b8 Add `allowProps` option to `vue/require-explicit-emits` rule. (#1259)
• 0a6f0f2 Fix false negatives of "slot-scope" when "^3.0.0" is set in "no-unsupported-features" rule. (#1258)
• 95cccec Chores: Remove "chai" (#1263)

See the full diff

Package name: node-sass

The new version differs by 57 commits.

• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
• 06f3ab4 Update TROUBLESHOOTING.md
• c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
• 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
• a2a3a78 chore: Bump dependabot limit
• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API

See the full diff

Package name: np

The new version differs by 62 commits.

• c113539 8.0.0
• b2857a4 Update dependencies
• 9cb4bfd Add 2FA support for npm version 9+ (#693)
• eba203f Improve startup: ensure `package.json` is only parsed once (#688)
• 42a5095 Use `renameFile` from `move-file` for `new-files` fixtures (#687)
• a5d4c3d Fix remote history check - check if `git fetch` needs to be run (#685)
• a6ce792 Get files to be packed via `npm pack --dry-run --json` (#682)
• 72879e0 Move to ESM, update dependencies (#683)
• 6867fb9 Add check for new dependencies (#681)
• 8fcca96 7.7.0
• a0a17fd Show new version in non-interactive mode (#679)
• f992ec1 Fix typo (#680)
• aa23a92 7.6.4
• e71f691 Fix UI prompt for new publicly scoped packages (#677)
• 3770647 Meta tweaks
• 62db480 Add "what np isn't" section to the readme (#672)
• 9fb0128 7.6.3
• 0f5dd33 Fix npm 9 compatibility (#666)
• 95622c0 7.6.2
• 6c871f9 Work around npm bug with error reporting (#645)
• 387dddc Fix tests
• 9b7df30 7.6.1
• 845db26 Meta tweaks
• 9cff6da Fix error "glob pattern string required" (#616)

See the full diff

Package name: sass-loader

The new version differs by 10 commits.

• 3b51d47 chore(release): 8.0.1
• 6c59e37 fix: support webpack@5 (#794)
• 5611f73 docs: improved documentation after breaking changes in release version 8.0.0 (#780)
• 4834287 refactor: use startsWith (#792)
• 22c597b refactor: use Array.includes (#777)
• ed345fa chore(deps): switch to memfs (#791)
• 2e14b68 chore: removed the duplicated prettier config (#781)
• 9274387 chore(deps): update (#772)
• 6d11b7b docs: overhaul readme (#771)
• 185ba80 test: sass modules "@ use" (#770)

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 1b75f38 13.8.0
• c84362f Prepare 13.8.0
• 00c7d73 Update deps (#5041)
• a1c8225 Bump jest from 26.6.1 to 26.6.3 (#5036)
• da381ee Fix `disableRanges.test.js` that uses callbacks (#4991)
• 2db70e9 Fix `isStandardSyntaxTypeSelector.test.js` that use callbacks (#4990)
• bb19b6c Update CHANGELOG.md
• c36b8d0 Add selector-attribute-name-disallowed-list (#4992)
• d42f8da Update CHANGELOG.md
• 1e6f944 Fix false negatives for dollar variables in *-notation (#5031)
• d347a29 Bump jest-circus from 26.6.1 to 26.6.3 (#5034)
• 4695069 Bump file-entry-cache from 5.0.1 to 6.0.0 (#5038)
• bd207fa Bump np from 6.5.0 to 7.0.0 (#5037)
• 467c4f9 Bump meow from 7.1.1 to 8.0.0 (#5015)
• 4f0225a Bump v8-compile-cache from 2.1.1 to 2.2.0 (#5028)
• 42f6c73 Bump eslint from 7.12.1 to 7.13.0 (#5029)
• f0b5aa8 refactor documentation config (#5025)
• 5a84657 Update CHANGELOG.md
• 785b59d Add ignoreAtRules to property-no-unknown (#4965)
• 60eb7b6 Bump eslint from 7.11.0 to 7.12.1 (#5017)
• e2ea569 Bump typescript from 4.0.3 to 4.0.5 (#5016)
• 078e9a6 Bump lint-staged from 10.4.0 to 10.5.1 (#5014)
• d7db502 Bump remark-cli from 8.0.1 to 9.0.0 (#4996)
• 2cddb6e Bump jest-circus from 26.5.3 to 26.6.1 (#5009)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)