[Snyk] Fix for 7 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 7 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/build/package.json
• packages/build/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	786
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Prototype Pollution SNYK-JS-JSON5-3182856	641
	Prototype Pollution SNYK-JS-MINIMIST-559764	601
	Validation Bypass SNYK-JS-KINDOF-537849	506
	Prototype Pollution SNYK-JS-MINIMIST-2429795	506
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Validation Bypass
🦉 Regular Expression Denial of Service (ReDoS)

---

PR Type

Bug fix, Dependencies

---

Description

• Updated several dependencies in package.json to address security vulnerabilities.
• Regenerated package-lock.json to ensure consistency with updated dependencies.
• Fixed vulnerabilities related to @babel/core, @babel/plugin-transform-exponentiation-operator, @babel/plugin-transform-parameters, and vinyl-fs.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Update dependencies to fix vulnerabilities                              packages/build/package.json Updated @babel/core dependency version to ^7.23.2. Updated @babel/plugin-transform-exponentiation-operator to ^7.12.13. Updated @babel/plugin-transform-parameters to ^7.9.3. Updated vinyl-fs dependency version to ^3.0.0. +4/-4      package-lock.json Regenerate package-lock.json for updated dependencies        packages/build/package-lock.json Updated lock file to reflect new dependency versions. Ensured compatibility with updated package.json. +4727/-4773
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/build/package-lock.json ... +4727/-4773

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[qodo-merge-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review Dependency Updates Several dependencies have been updated to newer versions, which may introduce breaking changes or require additional testing.

[qodo-merge-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Dependency management	Update all Babel-related dependencies to their latest compatible versions Consider updating all Babel-related dependencies to their latest compatible versions to ensure consistency and access to the latest features and bug fixes. packages/build/package.json [24-26] -"@babel/plugin-external-helpers": "^7.0.0", -"@babel/plugin-proposal-async-generator-functions": "^7.0.0", -"@babel/plugin-proposal-object-rest-spread": "^7.0.0", +"@babel/plugin-external-helpers": "^7.23.2", +"@babel/plugin-proposal-async-generator-functions": "^7.23.2", +"@babel/plugin-proposal-object-rest-spread": "^7.23.2", Apply this suggestion Suggestion importance[1-10]: 5 Why: Updating all Babel-related dependencies to their latest versions could ensure consistency and access to the latest features, but it may not be necessary if the current versions are already compatible and stable.	5
	Update vinyl-fs to a more recent version Update the version of vinyl-fs to a more recent version, as the current update to ^3.0.0 might be outdated. packages/build/package.json [87] -"vinyl-fs": "^3.0.0" +"vinyl-fs": "^4.0.0" Apply this suggestion Suggestion importance[1-10]: 4 Why: The suggestion to update vinyl-fs to a more recent version could be beneficial for accessing new features or bug fixes, but without specific issues identified with the current version, the necessity of this update is uncertain.	4
	Align the version of @babel/core with other Babel dependencies Update the version of @babel/core to match the other Babel packages, which are using ^7.0.0. packages/build/package.json [23] -"@babel/core": "^7.23.2", +"@babel/core": "^7.0.0", Apply this suggestion Suggestion importance[1-10]: 3 Why: The suggestion to align the version of @babel/core with other Babel dependencies is not necessary as the PR intentionally updates @babel/core to a newer version, which may be required for compatibility or new features.	3

[qodo-merge-pro]

CI Failure Feedback 🧐

(Checks updated until commit f462ed8)

Action: test (ubuntu-latest)

Failed stage: Run npm run bootstrap [❌]

Failure summary: The action failed due to an error during the execution of the npm ci command within the 'wct-mocha' package: The command exited with code 1, indicating a failure. Multiple deprecated packages were detected, which might have contributed to the failure. Specific error details were not provided in the log, but the presence of deprecated packages suggests potential compatibility or support issues.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 556: npm WARN deprecated [email protected]: This module is no longer supported. 557: npm WARN deprecated [email protected]: This package is no longer supported. 558: npm WARN deprecated [email protected]: This package is no longer supported. 559: npm WARN deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 560: npm WARN deprecated [email protected]: This package is no longer supported. 561: npm WARN deprecated [email protected]: This package is no longer supported. 562: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 563: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 564: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ... 738: npm ERR! [-ws|--workspaces] [--include-workspace-root] [--install-links] 739: npm ERR! 740: npm ERR! aliases: clean-install, ic, install-clean, isntall-clean 741: npm ERR! 742: npm ERR! Run "npm help ci" for more info 743: npm ERR! A complete log of this run can be found in: 744: npm ERR! /home/runner/.npm/_logs/2024-09-05T21_19_25_697Z-debug-0.log 745: lerna ERR! npm ci exited 1 in 'wct-mocha' 746: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.