[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 879c373 6.6.0
• c8ba30a Build: changelog update for 6.6.0
• 39dfe08 Update: false positives in function-call-argument-newline (fixes #12123) (#12280)
• 4d84210 Update: improve report location for no-trailing-spaces (fixes #12315) (#12477)
• c6a7745 Update: no-trailing-spaces false negatives after comments (fixes #12479) (#12480)
• 0bffe95 Fix: no-misleading-character-class crash on invalid regex (fixes #12169) (#12347)
• c6a9a3b Update: Add enforceForIndexOf option to use-isnan (fixes #12207) (#12379)
• 364877b Update: measure plugin loading time and output in debug message (#12395)
• 1744fab Fix: operator-assignment removes and duplicates comments (#12485)
• 52ca11a Fix: operator-assignment invalid autofix with adjacent tokens (#12483)
• 0f6d0dc Fix: CLIEngine#addPlugin reset lastConfigArrays (fixes #12425) (#12468)
• 923a8cb Chore: Fix lint failure in JSDoc comment (#12489)
• aac3be4 Update: Add ignored prop regex no-param-reassign (#11275)
• e5382d6 Chore: Remove unused parameter in dot-location (#12464)
• 49faefb Fix: no-obj-calls false positive (fixes #12437) (#12467)
• b3dbd96 Fix: problematic installation issue (fixes #11018) (#12309)
• cd7c29b Sponsors: Sync README with website
• 8233873 Docs: Add note about Node.js requiring SSL support (fixes #11413) (#12475)
• 89e8aaf Fix: improve report location for no-tabs (#12471)
• 7dffe48 Update: Enable function string option in comma-dangle (fixes #12058) (#12462)
• e15e1f9 Docs: fix doc for no-unneeded-ternary rule (fixes #12098) (#12410)
• b1dc58f Sponsors: Sync README with website
• 61749c9 Chore: Provide debug log for parser errors (#12474)
• 7c8bbe0 Update: enforceForOrderingRelations no-unsafe-negation (fixes #12163) (#12414)

See the full diff

Package name: mocha

The new version differs by 194 commits.

• e1194ab Release v8.3.0
• 9e75153 update CHANGELOG for v8.3.0 [ci skip]
• 6dd12be match supporter's properties with supporter.js (Answering before routes are registered expressjs/express#4569)
• 9f2dd41 docs: add example of generating tests with a closure (req.hostname getting undefined when listening event 'upgrade' expressjs/express#4494)
• 9122909 Adds BigInt support to stringify util function (Http/2 Still not working? expressjs/express#4112)
• 9878f32 Add file location when SyntaxError happens in ESM (App.use(path, ...) Does Not Mount at '//' expressjs/express#4557)
• 84d0c96 Deps: update workerpool (#4566)
• 3c2f82f GH actions: purge-expired-artifacts.yml (Requesting triager role for firmanJS expressjs/express#4565)
• 1a05ad7 chore(deps): upgrade all to latest stable (App.use(path, ...) Does Not Mount at '//' expressjs/express#4556)
• c667d10 docs: fix javascript syntax errors (NodeJS Modules expressjs/express#4555)
• 6eb3c3c Update dependencies yargs and yargs-parser (Feature Request: Allow middleware to handle errors thrown by async handlers expressjs/express#4543)
• 30d5b66 Fix workflow filter on pull-request event (Nested router overrides param sanitization expressjs/express#4550)
• 6bcb89e Improve CI tests workflow (headerSent undefined expressjs/express#4547)
• c21a90f Fix present year in LICENSE (clearCookie should probably only set one header per cookie name test case expressjs/express#4542)
• c3c976b fixes require path
• bc8ce05 add test for this.test.error() behavior in "after each" hooks
• 78a41d1 Add GH Actions workflow status badge (There is a warning when building webpack. "Critical Dependency: A dependency request is an expression." expressjs/express#4503)
• c6856ba add error code for test timeout errors
• 6d3fe26 add support for typescript-style docstrings
• 025fc2e run browser tests on GHA
• b1f26e2 handful of improvements to integration tests
• 59f31e3 fix typo in comment [ci skip]
• d1781b3 refactor collect-files to be a little more simple
• 185cada Release v8.2.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[pull-request-quantifier-deprecated]

This PR has 4 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +2 -2
Percentile : 1.6%

Total files changed: 1

Change summary by file extension:
.json : +2 -2

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.