[Snyk] Security upgrade appium from 1.22.3 to 2.0.0

[naiba4]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	160/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.83, Score Version: V5	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: appium

The new version differs by 250 commits.

• 3fa73a1 chore(appium): remove rc tag from appium 2
• 1ab323b chore(appium): promote appium npm tag to latest
• b8e1f38 chore(docutils): update dependency mkdocs-material to v9.1.18
• 02896d0 chore(deps): update eslint-related packages
• 8a6a4ba chore: publish
• 52b646c chore(typedoc-plugin-appium): update snapshots
• 2b35170 fix(base-driver): pass thru all type args to ExternalDriver
• c13333b fix(appium): type fixes for ts v5
• 62f4244 fix(types): update some more types to reflect reality
• 26eb766 chore(base-driver): actually run type tests
• 679865e fix(eslint-config-appium): remove prototype assignment warning
• f1d768c chore: upgrade typescript
• d6cca51 fix(types): separate the type of opts from initialOpts
• 3d614d6 fix(base-driver): allow subclass to define shape of settings object
• ee9b2a3 fix(types): ensure return type of deleteSession can always be void
• e30ad0e chore(appium,types): remove some useless type arguments
• 01061b2 fix(types,base-driver): remove deviceName from base constraints
• 24e7aec fix(types): fix signature of updateSettings
• ed1856d fix(support): update dependency semver to v7.5.3
• 757fbaa chore(deps): update dependency @ types/node to v18.16.19
• fdd2ac0 fix(doctor): update dependency appium-adb to v9.11.7
• 3906f7d chore(docutils): update dependency mkdocs-material to v9.1.17
• f09fbb6 fix(appium): restrict address to ipv6/hostname (When hovering over a nested block in select mode, the left border disappears WordPress/gutenberg#18824)
• 97fe159 chore(appium): Improve the error message on config load error (Fix Tools icon being 24x24 instead of 20x20. WordPress/gutenberg#18829)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gutenberg	❌ Failed (Inspect)			Jan 2, 2024 4:33am
gutenberg-wd9x	❌ Failed (Inspect)			Jan 2, 2024 4:33am

[pull-request-quantifier-deprecated]

This PR has 2 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +1 -1
Percentile : 0.8%

Total files changed: 1

Change summary by file extension:
.json : +1 -1

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[openzeppelin-code]

[Snyk] Security upgrade appium from 1.22.3 to 2.0.0

Generated at commit: f3bc5bc9163e07670758091e175b329d215beb6f

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 0 0 0 0 0
Dependencies	Critical High Medium Low Note Total	0 0 0 0 0 0

---

For more details view the full report in OpenZeppelin Code Inspector

[socket-security]

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
appium	1.22.3...2.0.0	shell	+125/-252	121 MB	jlipps

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Chronological version anomaly	@types/lockfile	1.0.4	Previous Chronological: @types/lockfile@0.4.32 (10/18/2023, 7:22:07 AM) Previous Semver: @types/lockfile@1.0.3 (10/18/2023, 7:22:00 AM)	appium@2.0.0 via package.json
Chronological version anomaly	minimatch	7.4.6	Previous Chronological: minimatch@8.0.4 (4/9/2023, 8:17:45 PM) Previous Semver: minimatch@7.4.5 (4/3/2023, 4:49:58 PM)	appium@2.0.0 via package.json
Environment variable access	minimatch	7.4.6	Env Vars: MINIMATCH_TESTING_PLATFORM Location: dist/cjs/index.js +5 more instances...	appium@2.0.0 via package.json
Environment variable access	minimatch	9.0.3	Env Vars: MINIMATCH_TESTING_PLATFORM Location: dist/cjs/index.js +5 more instances...	appium@2.0.0 via package.json
Chronological version anomaly	winston	3.9.0	Previous Chronological: winston@2.4.7 (11/15/2022, 4:45:44 PM) Previous Semver: winston@3.8.2 (9/7/2022, 4:21:55 PM)	appium@2.0.0 via package.json
Chronological version anomaly	typescript	5.3.3	Previous Chronological: typescript@5.4.0-dev.20231206 (12/6/2023, 7:09:35 AM) Previous Semver: typescript@5.3.2 (11/20/2023, 5:35:59 PM)	appium@2.0.0 via package.json
Chronological version anomaly	typescript	5.0.4	Previous Chronological: typescript@5.1.0-dev.20230407 (4/7/2023, 7:12:28 AM) Previous Semver: typescript@5.0.3 (3/30/2023, 8:51:58 PM)	appium@2.0.0 via package.json
Chronological version anomaly	@types/uuid	9.0.7	Previous Chronological: @types/uuid@2.0.34 (10/18/2023, 6:49:46 PM) Previous Semver: @types/uuid@9.0.6 (10/18/2023, 6:49:36 PM)	appium@2.0.0 via package.json
Chronological version anomaly	@types/klaw	3.0.6	Previous Chronological: @types/klaw@1.3.8 (10/18/2023, 6:39:47 AM) Previous Semver: @types/klaw@3.0.5 (10/18/2023, 6:39:39 AM)	appium@2.0.0 via package.json
Chronological version anomaly	@types/lodash	4.14.202	Previous Chronological: @types/lodash@3.10.8 (11/7/2023, 8:24:04 PM) Previous Semver: @types/lodash@4.14.201 (11/7/2023, 8:23:42 PM)	appium@2.0.0 via package.json
Debug access	appium	2.0.0	Module: module Location: build/lib/utils.js +1 more instances...	package.json
Dynamic require	appium	2.0.0	Location: build/lib/extension/extension-config.js +5 more instances...	package.json
Environment variable access	appium	2.0.0	Env Vars: Location: build/lib/extension/extension-config.js +27 more instances...	package.json
Shell access	appium	2.0.0	Module: child_process Location: build/lib/cli/extension-command.js +1 more instances...	package.json
Debug access	ts-node	9.1.1	Module: module Location: dist-raw/node-esm-resolve-implementation.js +4 more instances...	@testing-library/react-native@11.3.0, @wordpress/e2e-test-utils@9.4.0, @wordpress/e2e-tests@6.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-preset-default@10.8.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, appium@2.0.0, jest@27.4.5, jest-watch-typeahead@1.0.0, snapshot-diff@0.8.1 via package.json jest@27.4.5 via packages/e2e-test-utils/package.json @wordpress/e2e-test-utils@9.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, jest@27.4.5 via packages/e2e-tests/package.json jest@27.4.5 via packages/jest-console/package.json @wordpress/jest-console@6.10.0, jest@27.4.5 via packages/jest-preset-default/package.json jest@27.4.5 via packages/jest-puppeteer-axe/package.json @wordpress/jest-preset-default@10.8.0, jest@27.4.5 via packages/scripts/package.json
Dynamic require	ts-node	9.1.1	Location: dist/bin.js +8 more instances...	@testing-library/react-native@11.3.0, @wordpress/e2e-test-utils@9.4.0, @wordpress/e2e-tests@6.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-preset-default@10.8.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, appium@2.0.0, jest@27.4.5, jest-watch-typeahead@1.0.0, snapshot-diff@0.8.1 via package.json jest@27.4.5 via packages/e2e-test-utils/package.json @wordpress/e2e-test-utils@9.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, jest@27.4.5 via packages/e2e-tests/package.json jest@27.4.5 via packages/jest-console/package.json @wordpress/jest-console@6.10.0, jest@27.4.5 via packages/jest-preset-default/package.json jest@27.4.5 via packages/jest-puppeteer-axe/package.json @wordpress/jest-preset-default@10.8.0, jest@27.4.5 via packages/scripts/package.json
Environment variable access	ts-node	9.1.1	Env Vars: Location: dist/index.spec.js +3 more instances...	@testing-library/react-native@11.3.0, @wordpress/e2e-test-utils@9.4.0, @wordpress/e2e-tests@6.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-preset-default@10.8.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, appium@2.0.0, jest@27.4.5, jest-watch-typeahead@1.0.0, snapshot-diff@0.8.1 via package.json jest@27.4.5 via packages/e2e-test-utils/package.json @wordpress/e2e-test-utils@9.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, jest@27.4.5 via packages/e2e-tests/package.json jest@27.4.5 via packages/jest-console/package.json @wordpress/jest-console@6.10.0, jest@27.4.5 via packages/jest-preset-default/package.json jest@27.4.5 via packages/jest-puppeteer-axe/package.json @wordpress/jest-preset-default@10.8.0, jest@27.4.5 via packages/scripts/package.json
Filesystem access	ts-node	9.1.1	Module: fs Location: dist-raw/node-esm-resolve-implementation.js +3 more instances...	@testing-library/react-native@11.3.0, @wordpress/e2e-test-utils@9.4.0, @wordpress/e2e-tests@6.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-preset-default@10.8.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, appium@2.0.0, jest@27.4.5, jest-watch-typeahead@1.0.0, snapshot-diff@0.8.1 via package.json jest@27.4.5 via packages/e2e-test-utils/package.json @wordpress/e2e-test-utils@9.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, jest@27.4.5 via packages/e2e-tests/package.json jest@27.4.5 via packages/jest-console/package.json @wordpress/jest-console@6.10.0, jest@27.4.5 via packages/jest-preset-default/package.json jest@27.4.5 via packages/jest-puppeteer-axe/package.json @wordpress/jest-preset-default@10.8.0, jest@27.4.5 via packages/scripts/package.json
Major refactor	ts-node	9.1.1	Change Percentage: 59.99 Current Line Count: 4836 Previous Line Count: 5920 Lines Changed: 6452	@testing-library/react-native@11.3.0, @wordpress/e2e-test-utils@9.4.0, @wordpress/e2e-tests@6.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-preset-default@10.8.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, appium@2.0.0, jest@27.4.5, jest-watch-typeahead@1.0.0, snapshot-diff@0.8.1 via package.json jest@27.4.5 via packages/e2e-test-utils/package.json @wordpress/e2e-test-utils@9.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, jest@27.4.5 via packages/e2e-tests/package.json jest@27.4.5 via packages/jest-console/package.json @wordpress/jest-console@6.10.0, jest@27.4.5 via packages/jest-preset-default/package.json jest@27.4.5 via packages/jest-puppeteer-axe/package.json @wordpress/jest-preset-default@10.8.0, jest@27.4.5 via packages/scripts/package.json
Debug access	typedoc	0.23.28	Module: module Location: dist/lib/utils/options/readers/tsconfig.js +1 more instances...	appium@2.0.0 via package.json
Dynamic require	typedoc	0.23.28	Location: dist/lib/utils/options/readers/typedoc.js +3 more instances...	appium@2.0.0 via package.json
Filesystem access	typedoc	0.23.28	Module: fs Location: dist/lib/converter/plugins/PackagePlugin.js +10 more instances...	appium@2.0.0 via package.json
No v1	typedoc	0.23.28	Location: Package overview	appium@2.0.0 via package.json
Deprecated	typedoc-plugin-resolve-crossmodule-references	0.3.3	Reason: Upgrade to typedoc >= 0.24 and remove typedoc-plugin-resolve-crossmodule-references from your dependencies	appium@2.0.0 via package.json
Modified license	typedoc-plugin-resolve-crossmodule-references	0.3.3	License: Apache-2.0 Similarity: 0.99 +1 more instances...	appium@2.0.0 via package.json
No v1	typedoc-plugin-resolve-crossmodule-references	0.3.3	Location: Package overview	appium@2.0.0 via package.json
Unmaintained	typedoc-plugin-resolve-crossmodule-references	0.3.3	Last Publish: 12/10/2022, 3:39:29 PM	appium@2.0.0 via package.json
Dynamic require	@appium/support	4.1.11	Location: build/lib/node.js +5 more instances...	appium@2.0.0 via package.json
Environment variable access	@appium/support	4.1.11	Env Vars: _LOG_TIMESTAMP Location: build/lib/logging.js +17 more instances...	appium@2.0.0 via package.json
Filesystem access	@appium/support	4.1.11	Module: fs Location: build/lib/fs.js +5 more instances...	appium@2.0.0 via package.json
Dynamic require	@appium/typedoc-plugin-appium	0.6.6	Location: build/lib/logger.js +5 more instances...	appium@2.0.0 via package.json
No v1	@appium/typedoc-plugin-appium	0.6.6	Location: Package overview	appium@2.0.0 via package.json
Dynamic require	consola	2.15.3	Location: dist/consola.js +1 more instances...	appium@2.0.0 via package.json
Environment variable access	consola	2.15.3	Env Vars: Location: dist/consola.js +7 more instances...	appium@2.0.0 via package.json
Filesystem access	consola	2.15.3	Module: fs Location: dist/consola.js +1 more instances...	appium@2.0.0 via package.json
Dynamic require	lunr	2.3.9	Location: test/env/chai.js +9 more instances...	appium@2.0.0 via package.json
Filesystem access	lunr	2.3.9	Module: fs Location: perf/perf_helper.js +8 more instances...	appium@2.0.0 via package.json
Unmaintained	lunr	2.3.9	Last Publish: 8/19/2020, 8:30:07 PM	appium@2.0.0 via package.json
Dynamic require	make-error	1.3.6	Location: dist/make-error.js +1 more instances...	@testing-library/react-native@11.3.0, @wordpress/e2e-test-utils@9.4.0, @wordpress/e2e-tests@6.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-preset-default@10.8.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, appium@2.0.0, jest@27.4.5, jest-watch-typeahead@1.0.0, snapshot-diff@0.8.1 via package.json jest@27.4.5 via packages/e2e-test-utils/package.json @wordpress/e2e-test-utils@9.4.0, @wordpress/jest-console@6.10.0, @wordpress/jest-puppeteer-axe@5.10.0, @wordpress/scripts@25.4.0, jest@27.4.5 via packages/e2e-tests/package.json jest@27.4.5 via packages/jest-console/package.json @wordpress/jest-console@6.10.0, jest@27.4.5 via packages/jest-preset-default/package.json jest@27.4.5 via packages/jest-puppeteer-axe/package.json @wordpress/jest-preset-default@10.8.0, jest@27.4.5 via packages/scripts/package.json
Major refactor	make-error	1.3.6	Change Percentage: 64.27 Current