[Snyk] Fix for 1 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/cli/package.json
• packages/cli/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	828

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

PR Type

Bug fix, Dependencies

---

Description

• Updated @octokit/rest and yeoman-generator dependencies in package.json to address vulnerabilities.
• Synchronized package-lock.json with the updated dependencies to ensure consistency.
• This update addresses a Regular Expression Denial of Service (ReDoS) vulnerability.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Update dependencies to fix vulnerabilities                              packages/cli/package.json Updated @octokit/rest dependency version from ^16.2.0 to ^17.0.0. Updated yeoman-generator dependency version from ^3.1.1 to ^5.0.0. +2/-2      package-lock.json Synchronize package-lock with updated dependencies              packages/cli/package-lock.json Updated lock file to reflect changes in package.json. Ensured compatibility with updated dependencies. +4568/-639
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/cli/package-lock.json ... +4568/-639

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[codiumai-pr-agent-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Version Compatibility Major version upgrades of dependencies may introduce breaking changes. Verify compatibility between [email protected] and [email protected]

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
Possible issue	Align dependency versions to ensure compatibility between related packages Consider updating yeoman-environment dependency to a version compatible with [email protected] to avoid potential version conflicts and ensure proper functionality. packages/cli/package.json [83-84] -"yeoman-environment": "^1.5.2", +"yeoman-environment": "^3.0.0", "yeoman-generator": "^5.0.0" Apply this suggestion Suggestion importance[1-10]: 8 Why: Using [email protected] with [email protected] could cause compatibility issues since they are major version mismatches. Updating yeoman-environment is important for proper functionality.	8

💡 Need additional feedback ? start a PR chat