[Snyk] Fix for 5 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/modulizer/package.json
• packages/modulizer/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696
	Prototype Pollution SNYK-JS-MINIMIST-559764	601
	Validation Bypass SNYK-JS-KINDOF-537849	506
	Prototype Pollution SNYK-JS-MINIMIST-2429795	506
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Validation Bypass
🦉 Prototype Pollution

---

PR Type

enhancement, dependencies

---

Description

• Updated inquirer and jscodeshift dependencies in package.json to newer versions to address vulnerabilities.
• Synchronized package-lock.json with the updated dependencies to ensure compatibility.
• This update addresses vulnerabilities related to Regular Expression Denial of Service (ReDoS), Prototype Pollution, and Validation Bypass.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Update dependencies to address vulnerabilities                      packages/modulizer/package.json Updated inquirer dependency from version 3.2.0 to 9.0.0. Updated jscodeshift dependency from version 0.5.1 to 0.6.1. +2/-2      package-lock.json Synchronize lock file with updated dependencies                    packages/modulizer/package-lock.json Updated lock file to reflect changes in package.json. Ensured compatibility with updated dependencies. +4109/-2903
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/modulizer/package-lock.json ... +4109/-2903

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review Dependency Update The PR updates two dependencies: 'inquirer' from ^3.2.0 to ^9.0.0 and 'jscodeshift' from ^0.5.1 to ^0.6.1. These are major version updates that may introduce breaking changes and require thorough testing.

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Dependency management	Update the jscodeshift package to a more recent version Consider updating the jscodeshift package to a more recent version to benefit from bug fixes and new features. packages/modulizer/package.json [59] -"jscodeshift": "^0.6.1", +"jscodeshift": "^0.13.1", Apply this suggestion Suggestion importance[1-10]: 8 Why: Updating jscodeshift to a more recent version is a good practice to benefit from bug fixes and new features, enhancing the overall stability and functionality of the project.	8
	Update the inquirer package to a more stable version Consider updating the inquirer package to a version that is compatible with the rest of your dependencies. Version 9.0.0 might be too new and could introduce breaking changes. packages/modulizer/package.json [56] -"inquirer": "^9.0.0", +"inquirer": "^8.2.5", Apply this suggestion Suggestion importance[1-10]: 7 Why: The suggestion to use a more stable version of the inquirer package is valid, as it could prevent potential compatibility issues with other dependencies. However, without specific information on breaking changes, the impact is speculative.	7

[codiumai-pr-agent-pro]

CI Failure Feedback 🧐

(Checks updated until commit d391161)

Action: test (ubuntu-latest)

Failed stage: Run npm run bootstrap [❌]

Failure summary: The action failed due to an error during the execution of the npm ci command within the lerna managed workspace 'wct-mocha'. The error message indicates that the npm ci command exited with a status code of 1. There are multiple warnings about deprecated packages, which might not directly cause the failure but suggest potential issues with package dependencies. The specific cause of the npm ci failure is not detailed in the provided log snippet, but it suggests checking the complete log at /home/runner/.npm/_logs/2024-09-05T19_33_52_345Z-debug-0.log for more information.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 558: npm WARN deprecated gauge@2.7.4: This package is no longer supported. 559: npm WARN deprecated debuglog@1.0.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 560: npm WARN deprecated copy-concurrently@1.0.5: This package is no longer supported. 561: npm WARN deprecated are-we-there-yet@1.1.5: This package is no longer supported. 562: npm WARN deprecated @lerna/write-log-file@3.13.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 563: npm WARN deprecated @lerna/symlink-binary@3.13.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 564: npm WARN deprecated @lerna/symlink-dependencies@3.13.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 565: npm WARN deprecated @lerna/run@3.13.3: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 566: npm WARN deprecated @lerna/validation-error@3.13.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ... 738: npm ERR! [-ws|--workspaces] [--include-workspace-root] [--install-links] 739: npm ERR! 740: npm ERR! aliases: clean-install, ic, install-clean, isntall-clean 741: npm ERR! 742: npm ERR! Run "npm help ci" for more info 743: npm ERR! A complete log of this run can be found in: 744: npm ERR! /home/runner/.npm/_logs/2024-09-05T19_33_52_345Z-debug-0.log 745: lerna ERR! npm ci exited 1 in 'wct-mocha' 746: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.