[Snyk] Fix for 1 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: node-hid

The new version differs by 14 commits.

• ee96d1b bump version
• b10da03 update prebuild and prebuild-install to latest
• de7b162 update prebuild and prebuild-install to latest
• 5c6704e add node v18 to linux test matrix
• 0da939d Merge pull request Flag to disable slide out? floating/frame#486 from Julusian/fix/electron-21
• b6c0015 fix: switch windows runner version
• fba3544 fix: electron 21 support
• 1bb251c add electron-react-boilerplate example link
• 3f2d7e0 update README to better describe Windows build-from-source setup
• 9071817 update README to better describe Linux build-from-source requirements
• 75248a2 update readme
• a327c10 update README, as suggested in Update balances on network change floating/frame#450
• 87b3930 add license (bsd) fix Dismiss signer status, base token in header, polish floating/frame#436
• 2cdb2eb attempt to make clearer what devices node-hid can access

See the full diff

Package name: semver

The new version differs by 85 commits.

• e7b78de chore: release 7.5.2
• 58c791f fix: diff when detecting major change from prerelease (Linux show/hide shortcut doesn't work floating/frame#566)
• 5c8efbc fix: preserve build in raw after inc (Fix id to hex conversion when the id is a string floating/frame#565)
• 717534e fix: better handling of whitespace (resolve path correctly when intercepting requests to load files floating/frame#564)
• 2f738e9 chore: bump @ npmcli/template-oss from 4.14.1 to 4.15.1 (decode hex messages to ascii if not hashed floating/frame#558)
• aa016a6 chore: release 7.5.1
• d30d25a fix: show type on invalid semver error (Fix persist clear and slow gas input ux floating/frame#559)
• 09c69e2 chore: bump @ npmcli/template-oss from 4.13.0 to 4.14.1 (Request polish floating/frame#555)
• 5b02ad7 chore: release 7.5.0
• e219bb4 fix: throw on bad version with correct error message (Accounts: Ledger testnet derivation different in v4.0+ floating/frame#552)
• 503a4e5 feat: allow identifierBase to be false (support transaction type 1 floating/frame#548)
• fc2f3df fix: incorrect results from diff sometimes with prerelease versions (use hex for eth_feeHistory block count floating/frame#546)
• 2781767 fix: avoid re-instantiating SemVer during diff compare (Fixes some Lattice integration issues floating/frame#547)
• 82aa7f6 chore: release 7.4.0
• 731d896 chore: enable CD (set zero value correctly to 0x0 floating/frame#545)
• 940723d fix: intersects with v0.0.0 and v0.0.0-0 (beta.5 fixes and cleanup floating/frame#538)
• aa516b5 fix: faster parse options (Remove fee update threshold floating/frame#535)
• 61e6ea1 fix: faster cache key factory for range (use shx for cross-plaform copy script floating/frame#536)
• f8b8b61 fix: optimistic parse (provide type to Lattice tx floating/frame#541)
• 796cbe2 fix: semver.diff prerelease to release recognition (Fee monitor, add chain flow, reduce persist disk writes, return chain ids from store, fix destroyed window error, token fixes floating/frame#533)
• 3f222b1 fix: reuse comparators on subset (Store next base fee floating/frame#537)
• 113f513 feat: identifierBase parameter for .inc (support eip-1559 for Ledger and Lattice floating/frame#532)
• ea689bc chore: basic type test for RELEASE_TYPES
• c5d29df docs: Add "Constants" section to README

See the full diff

Package name: stylus

The new version differs by 27 commits.

• fc2e630 chore: add url parse guard (#2600)
• 3329f5b deps: remove semver and mkdirp deps and add node17 test (#2641)
• e64ae7d feat: upgrade debug version from v3 to v4 (#2643)
• 33a5fd9 Fix: variable names beginning with a keyword and dash (#2634)
• d2cddcf Fix: `@ import` url() error in dependency resolver (#2632)
• 9cb7635 chore: add new npm ugnore config (#2631)
• dde9868 0.55.0 (#2630)
• fe5bde1 Replace dependency css-parse with css (#2554)
• 7334567 Add deg and fr as exceptions for 0 value unit omission (#2578)
• 57480a4 chore: update history.md and readme.md (#2628)
• f5a02e8 chore: add macos platform test (#2624)
• 1f7f419 fix yaml front matter (#2617)
• 6a96c0f [skip ci]chore: update reademe.md content (#2602)
• 99b05a9 chore: add issue and pull request template (#2606)
• ae9d267 chore: add github actions ci and improve test (#2601)
• 11a0735 Bump lodash from 4.17.19 to 4.17.21 (#2589)
• 7a8e777 Bump glob-parent from 5.1.1 to 5.1.2 (#2592)
• 23d3295 Merge pull request #2571 from dthadi3/ppc64le
• f546669 Travis-ci: Updated nodejs versions 10, 12, 14
• 5b90e45 Travis-ci: added support for ppc64le
• 59bc665 Merge pull request #2549 from mockee/dev
• 96c02de Bug fixes of encoding png image in `url` lib function.
• 8f42760 Merge pull request #2186 from royels/1567
• 775537b Create SECURITY.md

See the full diff

Package name: usb

The new version differs by 61 commits.

• b8b3a6a v1.8.0
• a0da058 Introduce prebuildify (Update balances on network change floating/frame#450)
• a6db778 Use libusb with sleep crash fix (Smooth out setup floating/frame#451)
• 354287f Merge pull request Fix custom endpoints floating/frame#445 from mildsunrise/patch-2
• 4179e43 Merge pull request Update module expand floating/frame#447 from tessel/libusb-move
• 3d94f4b Update libusb submodule URL
• 84dcb72 fix invalid initial refs
• e336b03 v1.7.1
• 6353add Merge pull request Lattice config floating/frame#440 from danielmain/master
• cafde3c destruction of hotplugThis when unsubscribing
• c882d34 Bump version
• 986ebef Merge pull request Token worker updates floating/frame#422 from joelpurra/update-test-instructions
• c6e93b8 Merge pull request Bump version floating/frame#421 from joelpurra/ignore-compiled-test-file
• d217ea5 Update test instructions
• 6206001 Ignore compiled test file
• 4202670 Merge pull request Bump hosted-git-info from 2.8.8 to 2.8.9 floating/frame#428 from tessel/thegecko-patch-1
• 0907f19 Update node version
• ca9d35a v1.7.1
• a6b83fb Bumped lodash dependency
• c00ed65 Merge pull request Fix typo in keyring account description floating/frame#419 from joelpurra/fix-build-warnings
• 728c257 Merge pull request v0.3.2 floating/frame#359 from penx/patch-1
• c3d4d1d Merge pull request Gas fix floating/frame#420 from joelpurra/update-repository-reference
• 5f8e3fc v1.7.1-alpha.1
• c43d4c8 Merge pull request Initial Lattice integration floating/frame#424 from tessel/prebuild-ubuntu-18.04

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)