[Snyk] Fix for 2 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • tools/node_modules/eslint/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 114 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: jsdoc

The new version differs by 2 commits.

• 0842185 4.0.0
• b018408 chore!: replace taffydb package with @ jsdoc/salty

See the full diff

Package name: markdownlint-cli

The new version differs by 250 commits.

• ce0d77a Bump version 0.34.0
• 3de966d Add Node 20 to CI test matrix.
• e540262 Bump xo from 0.54.1 to 0.54.2
• 02edb23 Bump markdownlint from 0.28.1 to 0.28.2
• 5024217 Bump glob from 10.1.0 to 10.2.2
• 26bbe10 Bump glob from 10.0.0 to 10.1.0
• 3f3c26c Bump xo from 0.54.0 to 0.54.1
• 98660a3 Bump commander from 10.0.0 to 10.0.1
• 5c71ad6 Bump glob from 9.3.4 to 10.0.0
• cd230b0 Update markdownlint.js to group require calls together for new xo policy.
• 1910c83 Bump xo from 0.53.1 to 0.54.0
• fc825b4 Bump markdownlint from 0.28.0 to 0.28.1
• 49da7ee Bump minimatch from 8.0.3 to 9.0.0
• afd8f0c Bump glob from 9.3.2 to 9.3.4
• 5027dd0 Bump minimatch from 7.4.3 to 8.0.3
• 2d95a13 Bump minimatch from 7.4.2 to 7.4.3
• 4e6fb32 Bump glob from 9.3.0 to 9.3.2
• 6da2a65 Bump markdownlint from 0.27.0 to 0.28.0
• 9844fce Bump execa from 7.1.0 to 7.1.1
• c9b0147 Rename local-only "test-rule-package" to avoid incorrect attribution to malware on npm via Dependabot alerts (https://snyk.io/redirect/github/igorshubovych/markdownlint-cli/security/dependabot/4).
• e6a706f Normalize "\" character in output path to get tests passing on Windows after dependency update to glob v9.
• 1636b71 Bump glob from 8.1.0 to 9.3.0
• a1ca192 Bump webpack from 5.64.1 to 5.76.1
• 12c54e6 Bump execa from 7.0.0 to 7.1.0

See the full diff

Package name: puppeteer

The new version differs by 250 commits.

• a07ff12 chore: use scoped tags for publishing (http: name anonymous functions nodejs/node#9055)
• ee1272e chore: release main (dns: name anonymous functions nodejs/node#9052)
• bafdb47 chore: update pin_dependencies.py (assert: name anonymous functions nodejs/node#9051)
• d4c6ff1 chore: update pin dependencies (SIGINT and loops nodejs/node#9050)
• d1b61cf chore: update generate sources (tools: avoid let in for loops nodejs/node#9049)
• 9b28a3b chore: use file dependencies at root (inspect flaky test-tls-wrap-timeout on ubuntu1604_docker_alpine34-64 nodejs/node#9048)
• a359873 chore: pin dependencies on pre-release (fs.ReadStrem.read(size) trigger 'readable' event twice or once nodejs/node#9046)
• 469ac02 chore: fix release-please (doc: explain why we don't use the GitHub merge button nodejs/node#9044)
• f42336c feat: separate puppeteer and puppeteer-core (src: fix typo rval to value nodejs/node#9023)
• 3aee641 chore(main): release 18.1.0 (process: add emitExperimentalWarning() nodejs/node#9042)
• 022fbde feat(chromium): roll to Chromium 107.0.5296.0 (r1045629) (Array Joining is slower in Node 6.x nodejs/node#9039)
• b7b07e3 chore: add documentation to xpath prefix and deprecated page.waitForTimeout (Backport src: fix handle leaks #7711 nodejs/node#9014)
• 5dbd69e chore: type in waitForRequest function description (Segmentation fault using TLS after uprgrade to nodejs 6.7.0 / CentOS 7 nodejs/node#9015)
• c0c7878 chore: initiate monorepo migration (test: move module out of fixture directory nodejs/node#9022)
• 2a21896 chore: rename vendor to third_party (events: fix TypeError in EventEmitter warning nodejs/node#9021)
• f8de7b1 chore: bundle vendor code (tls: copy the Buffer object before using (backport to v4.x) nodejs/node#9016)
• d06a905 chore: update deps (FreeBSD failures on v4.x nodejs/node#9013)
• 023ebd8 chore: enable firefox tests on Mac (Stream not emitting end after removeListener nodejs/node#9002)
• a00d466 chore: add strategy.fail-fast=false (doc: errno is a number, not a string nodejs/node#9007)
• 5a1b8d2 chore: add headful support for Firefox (fix:events.js has a clerical error nodejs/node#9004)
• c21c3ba chore: remove environment variable that forces WebRender to be disabled in Firefox (Outdated variable name in comment nodejs/node#9001)
• a6f4584 chore: clarify build instructions (src: remove out-of-date TODO comment nodejs/node#9000)
• 3939d55 chore: enable continue on error (TypeError: EventEmitter, setMaxListeners, Symbol nodejs/node#9003)
• ddc567a chore(main): release 18.0.5 (Occasional infinite loop in previously working code path in 6.5+ nodejs/node#8997)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.