[Snyk] Security upgrade @americanexpress/one-app-bundler from 6.21.5 to 7.0.0

[nellyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @americanexpress/one-app-bundler

The new version differs by 19 commits.

• a8a5937 chore(release): publish packages
• 79c8cf2 chore(release): publish packages
• c9ab840 feat(oneAppBundler): Migrate to Webpack v5
• ccca758 chore(release): publish packages (chore(deps-dev): bump @babel/cli from 7.15.7 to 7.16.0 americanexpress/one-app#607)
• 90eef46 chore(deps): upgrade to babel-preset-amex@4 (chore(release): v5.12.0 release americanexpress/one-app#602)
• 53c6932 chore(release): publish packages
• a1bb975 chore(release): publish packages
• 1c7f4a6 feat(devBundler): expose css loading system for reuse (chore(deps): bump node from 12 to 17 americanexpress/one-app#604)
• a078627 fix(webpack): include typescript files in purgecss loader (One App Prepare Release americanexpress/one-app#601)
• 5b9701b fix(build-stats): esbuild and webpack stats under build-stats dir (chore(deps-dev): bump find-up from 5.0.0 to 6.1.0 americanexpress/one-app#595)
• 8c3f402 chore(release): publish packages
• 0a65c2f fix: runner failed to start with node 12 images (One App Prepare Release americanexpress/one-app#597)
• 1ed8877 chore(changelog): reference package changelogs (chore(deps): bump opossum from 5.1.2 to 6.2.1 americanexpress/one-app#596)
• 13dd381 Merge branch 'main' into chore/update-top-level-changelog
• fcf1567 fix(one-app-bundler): packages don't include package.json in exports (chore(deps-dev): bump @babel/cli from 7.12.10 to 7.15.7 americanexpress/one-app#594)
• de7760d chore(changelog): reference package changelogs
• e769426 fix(one-app-runner): suppress npm update notifications (One App Prepare Release americanexpress/one-app#589)
• 4c1f99e chore(release): publish packages (One App Prepare Release americanexpress/one-app#587)
• 4938125 fix: disable native fetch in node (chore(deps-dev): bump @rollup/plugin-node-resolve from 8.0.1 to 13.0.4 americanexpress/one-app#586)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[github-actions]

This pull request is stale because it has been open 30 days with no activity.