[Snyk] Fix for 23 vulnerabilities

[snyk-levine]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JSONPOINTER-1577288	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PARSELINKHEADER-1582783	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @cypress/browserify-preprocessor

The new version differs by 59 commits.

• 2b1c1f4 chore: Upgrade node to 16.13.0, use https for npm registry ([Snyk] Fix for 12 vulnerabilities #94)
• 927b76a fix: release
• 67ea9f6 chore: Fix semantic release ([Snyk] Security upgrade debug from 2.0.0 to 2.6.9 #93)
• a8ff57f fix: release
• a8adb24 chore: Bump circle node orb and non-major deps ([Snyk] Fix for 66 vulnerabilities #92)
• c66ae40 chore(docs): remove note about being default ([Snyk] Fix for 66 vulnerabilities #91)
• 76edfbe chore(deps): update dependency semantic-release to version 17.2.3 🌟 ([Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #76)
• 61dae70 fix(deps): update dependency glob-parent to version 5.1.2 🌟 ([Snyk] Fix for 66 vulnerabilities #84)
• fc9f2ee Merge pull request [Snyk] Security upgrade mout from 1.1.0 to 1.2.4 #77 from cypress-io/renovate/npm-set-value-vulnerability
• 60e408b Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #67 from cypress-io/renovate/npm-elliptic-vulnerability
• d0a76d7 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #68 from cypress-io/renovate/npm-handlebars-vulnerability
• f1273c8 Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #65 from cypress-io/renovate/npm-acorn-vulnerability
• d9467f2 Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #66 from cypress-io/renovate/npm-dot-prop-vulnerability
• b882246 chore(deps): update set-value to 2.0.1 🌟
• 91dbb34 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #69 from cypress-io/renovate/npm-https-proxy-agent-vulnerability
• 8f20054 Merge pull request [Snyk] Security upgrade node-fetch from 1.7.3 to 3.2.10 #70 from cypress-io/renovate/npm-ini-vulnerability
• 9044660 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 10.3.3 #71 from cypress-io/renovate/npm-lodash-vulnerability
• 1309f48 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #72 from cypress-io/renovate/npm-marked-vulnerability
• e9c9043 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #73 from cypress-io/renovate/npm-mixin-deep-vulnerability
• cff2acb Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #74 from cypress-io/renovate/npm-node-fetch-vulnerability
• 170a37c chore(deps): update node-fetch to 2.6.1 🌟
• 0526cb6 chore(deps): update mixin-deep to 1.3.2 🌟
• e000efc chore(deps): update marked to 0.7.0 🌟
• 494c6bd chore(deps): update lodash to 4.17.19 🌟

See the full diff

Package name: add-asset-html-webpack-plugin

The new version differs by 53 commits.

• da0dea5 docs: remove `david` from readme
• 7265aba fix: update globby to v11 ([Snyk] Fix for 6 vulnerabilities #248)
• b9bacc2 docs: update readme withcorrect version ranges
• 4073291 fix: update micromatch to v4 ([Snyk] Security upgrade express from 4.12.4 to 4.19.2 #199)
• 8387886 fix: remove the hash calculation if hash exists ([Snyk] Fix for 60 vulnerabilities #159)
• e84e7d5 fix: fix "compilation.emitAsset" with more than 1 HtmlWebpackPlugins ([Snyk] Security upgrade elliptic from 6.5.3 to 6.5.7 #236)
• 87590ef chore(ci): cancel in progress builds
• d37deb4 chore(deps): lock file maintenance ([Snyk] Fix for 1 vulnerabilities #224)
• 0a123f9 chore: lock down stack-utils
• c949ee0 chore: lock down anymatch dependency
• 49eaf2e chore(deps): bump hosted-git-info from 2.8.8 to 2.8.9 ([Snyk] Fix for 1 vulnerabilities #225)
• 75bf092 chore(deps): bump path-parse from 1.0.6 to 1.0.7 ([Snyk] Security upgrade tap from 5.8.0 to 12.0.2 #234)
• 316c03a chore(deps): update codecov/codecov-action action to v2 ([Snyk] Security upgrade bootstrap from 3.4.1 to 5.0.0 #232)
• ed9e132 chore(deps): bump tmpl from 1.0.4 to 1.0.5 ([Snyk] Fix for 1 vulnerabilities #237)
• c5cf273 chore(deps): bump ws from 5.2.2 to 5.2.3 ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #244)
• 6a994ea chore: run tests on node 16 and 17 ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #243)
• 42a345a chore(deps): bump browserslist from 4.16.3 to 4.16.6 ([Snyk] Security upgrade tap from 5.8.0 to 6.3.0 #227)
• 041b842 chore(deps): bump lodash from 4.17.20 to 4.17.21 ([Snyk] Fix for 1 vulnerabilities #223)
• 77fc7fb chore: lock down merge2
• af3572e chore: automerge lockfile PRs
• 718473c chore(deps): update actions/setup-node action to v2.1.5 ([Snyk] Security upgrade tap from 5.8.0 to 12.0.2 #205)
• 0ed36d8 chore: add renovate
• a467638 chore(deps): bump ssri from 6.0.1 to 6.0.2 ([Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #203)
• ca2fb77 chore: increase timeout for puppeteer test

See the full diff

Package name: anymatch

The new version differs by 18 commits.

• d474c82 Release 3.0.0.
• dd660f8 Update deps.
• 64ce747 Update types.
• bd27242 Fixes.
• e18de05 Update to picomatch-stable.
• 30fa2c3 Merge pull request [Snyk] Security upgrade moment from 2.15.1 to 2.29.2 #28 from leonardodino/fix-package-name
• 6b01ef6 Fix package name typo in README.md
• b500318 Remove line.
• 57e0193 Bring back arg passing.
• 13343b0 Cache patterns. Performance boost.
• 5ece3fd Switch to picomatch. Update deps.
• cece732 Fix declarations.
• 0065fca Update readme.
• 4518091 Readme.
• 1e69e91 Update.
• 9ef72e8 Changelog.
• cb143fe Improve type matching.
• 02257b9 New version. More strict. Drop returnIndex and startIndex params for now.

See the full diff

Package name: braces

The new version differs by 16 commits.

• abcf341 3.0.0
• 68a3fdf refactor
• bb5b5ba Remove appveyor from readme.
• 086008a travis: Drop sudo: false.
• 4ed704b add unit tests
• 60eb988 ranges
• 7b1abf0 Use proper nodejs versions for appveyor.
• 7b106b6 braces api
• 80eae1f Drop duplicate node v11 for travis.
• 58d868e windows support
• 27f7344 Appveyor: Drop support for nodejs <8 for now.
• 25424ec Drop support for nodejs <8 for now.
• ceef790 cover sets
• f5bf204 clean up examples
• 92ec96d start refactoring
• cd50063 2.3.2

See the full diff

Package name: chokidar

The new version differs by 201 commits.

• 7b8e02a Release 3.0.0.
• e7bfe2f Move stuff.
• df7f22e Remove changelog from npm, move to hidden dir.
• 3df7692 Improve naming.
• 6e94ca2 Clean-up.
• 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#833)
• 9e0965a Fix Windows tests in Travis CI ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#832)
• c95a98f Update stuff.
• 187ff2b test: Trying to fix blinked tests for Travis CI. ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#825)
• db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#824)
• 41f8782 fix(FsEvents): Remove situation with NaN depth. ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#823)
• 7cf3f7e Update readdirp to stable.
• 0927a62 Bump packages.
• 11cd857 Update nyc.
• 99c14d7 Uncomment fsevents.
• cf330a5 Update fsevents.
• 0e4fca5 Fix deps.
• 9c575d4 Fix Windows version ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#821)
• 3323d59 fix(Linux): Make event loop hack for keep testing valid. ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#820)
• 06214c5 Update to latest readdirp.
• 793639f Rename osxfswatch.
• 078bc2d Refactor and fix freaking tests.
• 2b9bb41 Try node 11.
• 3fe3d4e Test travis.

See the full diff

Package name: extract-zip

The new version differs by 3 commits.

• c2b1c17 1.7.0
• 990fc64 Add error handler to zipfile object ([Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #67)
• 8285111 feat: don't pin dependency requirements ([Snyk] Fix for 18 vulnerabilities #88)

See the full diff

Package name: fast-glob

The new version differs by 200 commits.

• 03201ed fix(settings): set the `concurrency` option to count of CPUs
• d777111 build(package): drop unused dependencies
• e62d2d1 build(package): bump version to 3.0.0
• caeeda9 Merge pull request [Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #203 from mrmlnc/ISSUE-155_update_documentation
• 27ae4b2 docs(settings): update description of options
• 1f853bc docs(readme): update documentation
• 0ba6dc0 refactor(benchmark): update suites
• c1d686c refactor(index): export some userful types
• d64c24f build(benchmark): add suite for stream API
• 40a1096 Merge pull request [Snyk] Fix for 1 vulnerabilities #202 from mrmlnc/ISSUE-181_async_method_as_default_method
• ccde25e refactor: set async method as default method
• 87ed886 Merge pull request [Snyk] Fix for 1 vulnerabilities #201 from mrmlnc/issue-199_match_base_fix
• 68133f8 fix: the `baseNameMatch` option now work
• f4c443a refactor: `matchBase` → `baseNameMatch`
• c58ba78 test(smoke): add some smoke tests
• f3642dc Merge pull request [Snyk] Security upgrade lodash from 4.17.10 to 4.17.17 #200 from mrmlnc/fix_some_issues
• b32842d fix: support AsyncIterator for stream API
• 9b04800 refactor(settings): simplify the `deep` option
• 2b5bc54 fix(settings): correct default value for `throwErrorOnBrokenSymbolicLink`
• 9ab065b refactor: change some types
• 09f0107 feat: infer type of the output values
• a505273 feat: introduce `objectMode` option
• 111dbf1 refactor: drop `transform` option
• 2af2623 fix(providers): enable "posix" micromatch option

See the full diff

Package name: globby

The new version differs by 33 commits.

• 878ef6e 10.0.0
• 3706920 Upgrade `fast-glob` package to v3 ([Snyk] Security upgrade snyk from 1.389.0 to 1.685.0 #126)
• 8aadde8 Add `globby.stream` ([Snyk] Fix for 1 vulnerabilities #113)
• 2dd76d2 Remove `**/bower_components/**` as a default ignore pattern
• 9f781ce Require Node.js 8
• 04d51bf Upgrade `ignore` package ([Snyk] Fix for 1 vulnerabilities #120)
• 2b61484 Readme tweaks
• ff3e1f9 Tidelift tasks
• 31f18ae Create funding.yml
• 33ca01c Fix using the `gitignore` and `stats` options together ([Snyk] Fix for 1 vulnerabilities #121)
• c737820 Minor TypeScript definition improvements
• 82db101 Add Node.js 12 to testing ([Snyk] Fix for 1 vulnerabilities #117)
• 766b728 9.2.0
• dc0a49c Refactor TypeScript definition to CommonJS compatible export ([Snyk] Fix for 1 vulnerabilities #115)
• 89cee24 9.1.0
• 59f4b48 Add check to ensure `cwd` is a directory ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #110)
• 9a9cf1e Add TypeScript definition ([Snyk] Fix for 1 vulnerabilities #111)
• eb26c7e Meta tweaks
• d77a623 Add failing test for [Snyk] Security upgrade decode-uri-component from 0.2.0 to 0.2.2 #105 ([Snyk] Security upgrade body-parser from 1.9.0 to 1.19.2 #108)
• 2294618 Deduplicate identical file patterns ([Snyk] Fix for 1 vulnerabilities #102)
• ba9c267 Add failing test for [Snyk] Fix for 3 vulnerabilities #97 ([Snyk] Security upgrade karma from 2.0.3 to 5.0.8 #100)
• 71b9c58 9.0.0
• 39ad0d9 Update dependencies
• d804228 Fix compatibility with latest `dir-glob` release ([Snyk] Fix for 1 vulnerabilities #99)

See the full diff

Package name: jscodeshift

The new version differs by 135 commits.

• dbb56de 0.14.0
• 8d0bf44 Removing evcodeshift references
• cc9e3d3 Allow the j shortcut in testUtils
• 514f8c3 add childNodesOFType to JSX traversalMethods ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#415)
• adef04b Removing dependency on args being in alphabetical order. ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#507)
• af38d01 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#386 from anshckr/update_example_codemods
• a045800 Merge branch 'main' into update_example_codemods
• 2a97ca5 Update README.md
• 561efa7 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#504 from facebook/bablyon-renames
• 5f78598 Add renameTo filters for Babel 6+ node types
• bc2db1a Merge pull request [Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#503 from facebook/ElonVolo-VSCode-Debugging-README
• 04c35d4 Adding VSCode debugging setup
• 9bc2dcd Updating generated docs and README instructions for running doc server
• 3734917 Merge pull request [Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#499 from facebook/dependabot/npm_and_yarn/ansi-regex-3.0.1
• a602c5b Merge pull request [Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#498 from facebook/dependabot/npm_and_yarn/acorn-6.4.2
• 38bddb7 Merge pull request [Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#496 from facebook/dependabot/npm_and_yarn/browserslist-4.20.2
• 8a0eb94 Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#495 from facebook/dependabot/npm_and_yarn/minimist-1.2.6
• 005de15 Merge pull request [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#483 from facebook/dependabot/npm_and_yarn/ajv-6.12.6
• ee2abb2 Bump ajv from 6.6.1 to 6.12.6
• affe237 Bump browserslist from 4.16.4 to 4.20.2
• 65f60b6 Bump ansi-regex from 3.0.0 to 3.0.1
• 46569ba Bump acorn from 6.3.0 to 6.4.2
• be4a67a Merge pull request [Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#497 from trivikr/bump-jest-26
• d8150c8 fix: do worker import in each test

See the full diff

Package name: karma

The new version differs by 246 commits.

• 16010eb chore(release): 5.0.8 [skip ci]
• a409696 chore: remove unused `grunt lint` command ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#3515)
• 47f1cb2 fix(dependencies): update to latest log4js major ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3514)
• b60391f fix(dependencies): update and unlock socket.io dependency ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3513)
• 4d49948 chore(release): 5.0.7 [skip ci]
• f399063 fix: detect type for URLs with query parameter or fragment identifier ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3509)
• 17b50bc chore(release): 5.0.6 [skip ci]
• 0cd696f fix(dependencies): update production dependencies ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#3512)
• 7c24a03 chore: fix broken HTML markup in the changelog file ([Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 snyk-fixtures/npm-lockfiles#3507)
• fdc4f9d refactor(test): remove no debug matching option ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3504)
• 35d57e9 chore(release): 5.0.5 [skip ci]
• e99da31 fix(cli): restore command line help contents ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3502)
• 4f2fe56 chore: add Node 14 to the build matrix ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3501)
• 100b227 refactor(test): move execKarma into the World ([Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-fixtures/npm-lockfiles#3500)
• f375884 refactor(test): reduce execKarma to a reasonable size ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3496)
• a3d1f11 refactor(test): add common method to start server in background ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#3495)
• e4a5126 refactor(test): write config file in its own steps ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3494)
• 0bd5c2b refactor(test): adjust sandbox folder location and simplify config logic ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3493)
• b788f94 refactor(test): extract proxy into a separate Given claim ([Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-fixtures/npm-lockfiles#3492)
• 633f833 chore(release): 5.0.4 [skip ci]
• 810489d refactor(test): migrate Proxy to ES2015 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#3490)
• fa95fa3 fix(browser): make sure that empty results array is still recognized ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3486)
• 255bf67 refactor(test): migrate World to ES2015 ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/npm-lockfiles#3489)
• be5db67 chore(test): remove usage of deprecated defineSupportCode ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3488)

See the full diff

Package name: lint-staged

The new version differs by 90 commits.

• e24aaf2 fix: parse titles for function linters
• e862e7e docs: correct config file name
• 309ff1c docs: restore filtering section to README
• 4bef26e feat: add deprecation error for advanced configuration
• e829646 refactor: remove dependency on path-is-inside
• 767edbd refactor: remove dependency on lodash
• c59cd9a chore: upgrade dependencies
• 19536e3 refactor: pass unparsed commands to execa with --shell
• 275d996 refactor: rename --silent to --quiet
• 18acd59 docs: update README
• 2ba6d61 test: ignore testSetup from coverage report
• ecf9227 feat: add --shell and --quiet flags
• 04190c8 refactor: remove advanced configuration options
• bed9127 refactor: use execa's shell option to run commands
• d3f6475 docs: update contributors
• b71b9c8 refactor: warn about long arguments string only once
• bcd52ac docs: update README
• efe8f06 docs: print a warning when arguments length is too long based on platform
• 2753640 docs: update README
• 28f3c40 refactor: remove unused configuration options
• 4db2353 test: add test for linter command exiting with code 1
• 6d4beec test: update tests for function linters
• 36e54a2 feat: support function linter returning array of commands
• 9e4346f refactor: support function linters in getConfig

See the full diff

Package name: mem-fs-editor

The new version differs by 38 commits.

• 19d0f5f 7.0.0
• cb32e91 Misc improvements and fixes. ([Snyk] Fix for 1 vulnerabilities #147)
• a37c36c Update ejs to the latest version 🚀 ([Snyk] Security upgrade mongoose from 4.2.4 to 5.13.20 #140)
• 6fabce9 Update rimraf to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #138)
• 40c1ce8 Update mkdirp to the latest version 🚀 ([Snyk] Security upgrade mongoose from 4.2.4 to 4.2.5 #142)
• e26d7da Update sinon to the latest version 🚀 ([Snyk] Security upgrade mongoose from 4.2.4 to 5.13.20 #141)
• f81b9cb Update eslint to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #135)
• 10a27ad Update globby to the latest version 🚀 ([Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #136)
• 9e35f77 6.0.0
• 201bca6 Bump dependencies
• c35e6a2 Update dev dependencies
• 07b6233 Fix fs.copy twice with glob path fails second time because it tries to do copySingle with the glob path as the glob path is currently in store. ([Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #132) ([Snyk] Fix for 1 vulnerabilities #133)
• 107d400 Update globby to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #129)
• ce60ee5 Update sinon to the latest version 🚀 ([Snyk] Security upgrade app-migrations from 0.2.0 to 3.1.6 #128)
• 59ea696 Update multimatch to the latest version 🚀 ([Snyk] Security upgrade snyk from 1.389.0 to 1.685.0 #126)
• b3e3758 Update through2 to the latest version 🚀 ([Snyk] Fix for 2 vulnerabilities #124)
• 22b1414 5.1.0
• cc0cafc Update documentation to fast-glob
• 4d87efc Update README.md
• 33be839 add options ignoreNoMatch to ignore zero check ([Snyk] Fix for 1 vulnerabilities #121)
• ecae0c4 5.0.0
• 4c6d268 Bump all dependencies to latest; fix npm audit issues
• 1bab273 4.0.3
• 5aab432 Revert back to globby 7 to fix backward compatibility; Fix [Snyk] Fix for 1 vulnerabilities #111

See the full diff

Package name: micromatch

The new version differs by 29 commits.

• 89efcff 4.0.0
• f3238cb Merge pull request [Snyk] Security upgrade snyk from 1.389.0 to 1.518.0 #151 from micromatch/dev
• 7c78f9a ensure args are strings
• 2e42796 bump picomatch
• 09f8260 windows, it's time we had a talk...
• a49f94c fix slashes in tests
• a6ab670 use braces patch, build readme
• 976d956 upgrade braces and picomatch
• a6596da add benchmarks
• 11168b1 rename unixify to windows
• 5bf40fe package.json: Use github versions of deps to test the env.
• 5d78d48 Drop node v6 since picomatch doesnt support it.
• 96ac3ba Remove duplicate node. Remove unsupported node v7.
• bf44408 Merge branch 'master' into dev
• b8abcf9 Merge remote-tracking branch 'origin/dev'
• e07df11 rebuild docs
• 47340ad Merge remote-tracking branch 'origin/master' into dev
• 52df06d refactor
• 09bd55c Merge pull request [Snyk] Security upgrade @babel/traverse from 7.0.0 to 7.23.2 #149 from Glazy/hotfix/issue-template-update
• c32543d Add myself to package.json contributors list
• 86858bf Update issue template w/ typo and question change
• f2ce9d2 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #130 from wtgtybhertgeghgtwtg/unescape
• 677f127 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #134 from Tvrqvoise/v3-changelog
• 4a70a66 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 5.13.20 #141 from simlu/patch-1

See the full diff

Package name: mkdirp

The new version differs by 6 commits.

• 049cf18 0.5.5
• bea6382 Remove unnecessary umask calls
• 42a012c 0.5.4
• 2867920 fix infinite loop on windows machines
• d784e70 0.5.3
• d612c5d add files list so this package isn't a monster

See the full diff

Package name: mocha

The new version differs by 84 commits.

• 27aeb80 Release v7.1.2
• e3df026 update CHANGELOG for v7.1.2 [ci skip]
• 7f75489 add test case: type check before calling retriedTest()
• e659027 type check before calling retriedTest()
• eba6ec7 Remove Runnable#inspect() and utils.ngettext() ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#4230)
• a4a4d50 add wallaby logo to bottom of site
• c600547 update mkdirp to v0.5.5 ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#4222)
• 7c09e63 Release v7.1.1
• 7599535 update CHANGELOG for v7.1.1 [ci skip]
• 3bf650c security: update mkdirp, yargs, yargs-parser ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#4204)
• e1389ef Fix: runner listening to 'start' and 'end' events ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3660)
• 9cbb6f6 upgrade assetgraph-builder
• 4dc3cd1 docs: show netlify badge on footer ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#4190)
• 09b948b Release v7.1.0
• d43092e update CHANGELOG for v7.1.0 [ci skip]
• 57be455 Add support for Node.JS native ES modules ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#4038)
• a995e33 Fix: programmatic API cannot access retried test objects ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#4181)
• ac12f2c Browser: fix 'allowUncaught' handling ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#4174)
• 2ff1cb2 uncaughtException: refactor, move and add tests
• b431609 docs: update browser options
• 883ae4b ESLint: use 'const' instead of 'let'
• 2a1b637 Upgrade: ESLint v6.8 ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#4138)
• dbba276 Manage author list in AUTHORS instead of package.json ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#4058)
• d0f04e9 Release v7.0.1

See the full diff

Package name: mongodb-js-precommit

The new version differs by 28 commits.

• 0832143 2.0.1
• e4fe994 fix: make dependency-check work again
• <...