[Snyk] Fix for 12 vulnerabilities

[snyk-io]

Snyk has created this PR to fix 12 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/package.json
• workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/.snyk

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Command Injection npm:shell-quote:20160621	214
	Denial of Service (DoS) SNYK-JS-ECSTATIC-540354	159
	Prototype Pollution SNYK-JS-MINIMIST-559764	137
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	131
	Improper minification of non-boolean comparisons npm:uglify-js:20150824	119
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	115
	Insecure Randomness npm:crypto-browserify:20140722	108
	Prototype Pollution SNYK-JS-MINIMIST-2429795	60
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	58
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	46
	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	45

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Prototype Pollution
🦉 Command Injection
🦉 More lessons are available in Snyk Learn

Summary by Sourcery

Upgrade several npm packages to fix 12 vulnerabilities, including command injection, denial of service, and prototype pollution.

Bug Fixes:

• Fix command injection vulnerability (npm:shell-quote:20160621).
• Fix denial of service vulnerability (SNYK-JS-ECSTATIC-540354).
• Fix prototype pollution vulnerability (SNYK-JS-MINIMIST-559764).
• Fix resource leak vulnerability (SNYK-JS-INFLIGHT-6095116).
• Fix improper minification of non-boolean comparisons vulnerability (npm:uglify-js:20150824).
• Fix prototype pollution vulnerability (SNYK-JS-UNSETVALUE-2400660).
• Fix insecure randomness vulnerability (npm:crypto-browserify:20140722).
• Fix prototype pollution vulnerability (SNYK-JS-MINIMIST-2429795).
• Fix regular expression denial of service vulnerability (npm:debug:20170905).
• Fix regular expression denial of service vulnerability (SNYK-JS-UGLIFYJS-1727251).
• Fix regular expression denial of service vulnerability (npm:uglify-js:20151024).

Enhancements:

• Upgrade browserify from 4.2.3 to 13.2.0.
• Upgrade http-server from 0.11.2 to 0.13.0.
• Upgrade mocha from 3.5.3 to 11.0.1.
• Upgrade webpack from 1.15.0 to 4.44.0.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades several npm packages to address 12 vulnerabilities found by Snyk. The upgrades include browserify, http-server, mocha, and webpack. A .snyk file was added to track Snyk-related information.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Upgrade browserify from 4.2.3 to 13.2.0	Updated the browserify package version in package.json	workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/package.json
Upgrade http-server from 0.11.2 to 0.13.0	Updated the http-server package version in package.json	workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/package.json
Upgrade mocha from 3.5.3 to 11.0.1	Updated the mocha package version in package.json	workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/package.json
Upgrade webpack from 1.15.0 to 4.44.0	Updated the webpack package version in package.json	workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/package.json
Add .snyk file	Created a new .snyk file to store Snyk metadata	workspaces/arborist/test/fixtures/tap-with-yarn-lock/node_modules/async-hook-domain/node_modules/source-map-support/.snyk

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!