[Snyk] Fix for 1 vulnerabilities

[s4sc]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 118 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: init-package-json

The new version differs by 100 commits.

• 6b7dbaf chore: release 4.0.0 (buffer: add indexOf method nodejs/node#160)
• ea53243 chore: bump @ npmcli/config from 4.2.2 to 6.0.0 (Graceful FS by default nodejs/node#167)
• 99e3307 chore: bump @ npmcli/eslint-config from 3.1.0 to 4.0.0 (buffer: added Buffer methods to r/w 24 bits integers. nodejs/node#169)
• b869b31 deps: bump read-package-json from 5.0.2 to 6.0.0 (Get all headers 3992 nodejs/node#170)
• d342821 deps: bump validate-npm-package-name from 4.0.0 to 5.0.0 (Release Cycle Proposal nodejs/node#168)
• a9b2e54 chore: postinstall for dependabot template-oss PR
• 9eacc7e chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• ada46c8 chore: postinstall for dependabot template-oss PR
• bb17043 chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• e8ea83a feat!: postinstall for dependabot template-oss PR
• 2eeb977 chore: bump @ npmcli/template-oss from 3.6.0 to 4.3.2
• 18e3c78 chore: postinstall for dependabot template-oss PR
• 197e9c3 chore: bump @ npmcli/template-oss from 3.5.0 to 3.6.0
• 8abb642 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (Inbound data lost when TLS connection resets. nodejs/node#149)
• 64ad963 chore: postinstall for dependabot template-oss PR
• 6f0fbd3 chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• 9023742 chore: bump @ npmcli/template-oss from 3.2.1 to 3.4.1 (Support io.js Dockerfile or Docker Repo nodejs/node#147)
• e063094 chore(main): release 3.0.2 (docs: Supplement docs for Writable and Transform streams nodejs/node#142)
• e4ba49a chore: bump @ npmcli/template-oss from 3.2.0 to 3.2.1 (doc: cherry-pick tc-minutes from master nodejs/node#143)
• fa7574a deps: bump validate-npm-package-name from 3.0.0 to 4.0.0 (doc: added TC meeting minutes for 2014-12-10 nodejs/node#144)
• b1ec548 deps: update npm-package-arg requirement from ^9.0.0 to ^9.0.1 (Introduce the Nil Object nodejs/node#136)
• 3b443aa chore: bump tap from 15.2.3 to 16.0.1 (domain: add soft deprecation notice nodejs/node#141)
• d8bdf52 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.0 (install,windows: symlink iojs -> node? nodejs/node#140)
• a1348c6 chore: release 3.0.1 (io.js (IO.js? iojs?) and node.js documentation fragmentation nodejs/node#135)

See the full diff

Package name: node-gyp

The new version differs by 250 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published (lib,src,doc: remove usage of events.EventEmitter nodejs/node#2921)
• 4e493d4 chore: misc testing fixes (New Uint8Arrays are sometimes filled with garbage nodejs/node#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (url.parse("http://:::1") is parsed as "http://:1/::" nodejs/node#2929)
• e388255 deps: [email protected] (Segfault in node::Environment::KickNextTick nodejs/node#2928)
• 059bb6f deps: [email protected] (Socket connects and gets data from non-existing service nodejs/node#2927)
• 4bef1ec deps: [email protected] (No event on child-process stdout nodejs/node#2926)
• 21a7249 chore: add check engines script to CI (module: remove unnecessary property and method nodejs/node#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (calling function in each other module is not working nodejs/node#2923)
• d644ce4 docs: update applicable GitHub links from master to main (win,v8: Support for MSVS 2015 in v0.12 nodejs/node#2843)
• 4a50fe3 chore: empty commit to add changelog entries from test: add test-spawn-cmd-named-pipe nodejs/node#2770
• 26683e9 chore: GitHub Workflows security hardening (Stream Transform with Arrow Functions nodejs/node#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 (Compiling node v4.0.0 with OpenSSL 1.0.1 fails nodejs/node#2783)
• 5746691 test: update expired certs (Spawn detached window hide option nodejs/node#2908)
• d3615c6 Fix incorrect Xcode casing in README (Fix code example in events API docs nodejs/node#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python (Small documentation markup error nodejs/node#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after (Yet another segmentation fault in node-v4.0.0-rc.1 nodejs/node#2721)
• 445c28f test: increase mocha timeout (Ctrl+C exits debugger from repl v4.0.0 nodejs/node#2887)
• 1bfb083 Fix Python lint error by using an f-string (doc: jenkins-iojs.nodesource.com -> ci.nodejs.org, iojs.org/download -> nodejs.org/download nodejs/node#2886)
• c9caa2e docs: Update windows installation instructions in README.md (How to inherit from new Buffer implementation nodejs/node#2882)

See the full diff

Package name: rimraf

The new version differs by 71 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Package name: tar

The new version differs by 195 commits.

• 1098f4b v3.0.0
• 51396a9 test and push on version bump
• 753ea13 parse test: early end isn't a zlib error on v4
• 9440c43 Merge branch 'v3'
• 7ac6960 pack test: set times explicitly so travis doesn't fail
• 7d8bd02 Handle truncated zlib input
• 3d1b142 docs: fix example code for tar.t({file})
• 50bfa6e Parser: emit warning about truncated input
• 3c70b5d Directory entries should have 0 size
• 4bfd57b Pax: don't break on line-break-having values or empty keys
• 09215cd ;
• a2a12d3 Doc improvements. Warnings and cwd consistency
• 740ac18 parse: Array is not faster than linked list
• f5899f6 parser: make consumeBody/Meta/Header private methods
• d32397f benchmark: output timer to stdout
• 0e8b390 Don't create obnoxious directories
• dffa806 follow option for packing
• 4b0b393 add preserveOwner flag for tar.x/tar.Unpack
• 5db47b0 use makeTar in unpack test
• 41965bd ignore extract benchmark folder
• 080d4d6 abstract out timer code from benchmarks
• 0b195dc Document benchmarks, clearer output
• 2464b53 Add files stanza to package.json
• ca9611a comprehensive benchmarks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.