[Snyk] Fix for 26 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • tools/node_modules/eslint/node_modules/estraverse/package.json
  • tools/node_modules/eslint/node_modules/estraverse/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1135, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 161, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	140/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00074, Social Trends: No, Days since published: 1708, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 97, Impact: 5.62, Likelihood: 2.48, Score Version: V5	Prototype Pollution SNYK-JS-DOTOBJECT-548905	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 326, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1344, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00858, Social Trends: No, Days since published: 1344, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.44, Score Version: V5	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	152/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.02082, Social Trends: No, Days since published: 1938, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.69, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1522, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.67, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 189, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00128, Social Trends: No, Days since published: 2089, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	133/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.004, Social Trends: No, Days since published: 2026, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.21, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00858, Social Trends: No, Days since published: 1344, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.44, Score Version: V5	Code Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 161, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 3045, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00179, Social Trends: No, Days since published: 734, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	59/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.03488, Social Trends: No, Days since published: 945, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.51, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1685, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	154/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 866, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.56, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	154/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1667, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.56, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0016, Social Trends: No, Days since published: 489, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 981, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2582, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	187/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00526, Social Trends: No, Days since published: 2730, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.9, Score Version: V5	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	140/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00122, Social Trends: No, Days since published: 2441, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.48, Score Version: V5	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00123, Social Trends: No, Days since published: 3045, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00171, Social Trends: No, Days since published: 2716, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 100, Impact: 2.35, Likelihood: 1.67, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 250 commits.

• 5c4c547 chore: Release 5.0.0 (v4.0.0 doesn't give file/line for wrong syntax. nodejs/node#2762)
• bf72116 chore: Add index.mjs to files list
• b00de68 feat: Provide an ESM export (--harmony_modules isn't working? nodejs/node#2760)
• 72668c6 chore!: Normalize repository, dropping node <10.13 support (Fix cross compile error nodejs/node#2758)
• 85896d4 chore(docs): Update stream handbook link (filename option in vm.runInThisContext function argument disabled nodejs/node#2711)
• 818bd73 Docs: Remove gulp-sourcemaps because it is built-in (src: re-enable fast math on arm nodejs/node#2592)
• 598f971 Docs: Fix broken link in recipe (Refactor mac installer (Rebase of #776 against master) nodejs/node#2571)
• 9877de0 Docs: Guide CustomRegistries to maintain properties on tasks (fixes segfault with v3.1.0 and possibly --harmony-arrow-functions nodejs/node#2561) (MSI related changes for Convergence nodejs/node#2565)
• f91c388 Docs: Remove typo in custom registry docs (Feature: requestIdleCallback(cb) nodejs/node#2543)
• df25250 Docs: Fix typo in task docs (doc: sync CHANGELOG.md from master to v3.x nodejs/node#2524)
• b6d6d7c Docs: fix recipe link (http: add strictMode option and checkIsHttpToken check nodejs/node#2526)
• c26ebcb Docs: Cleanup registry error message subtitles
• d51c6eb Docs: Rename the automate releases recipe file
• 4c1bead Docs: Add subtitles for registry error messages (Version 3.1.0 release notes? nodejs/node#2502)
• 6e56ed8 Docs: Update and refactor release workflow recipe (fs: do basic arg validation of truncate in js nodejs/node#2498)
• 131b702 Docs: Remove recipe for using a config file
• c5ff7e0 Docs: Remove recipe for splitting tasks in files
• 147327c Docs: Remove recipe for specifying a CWD
• 1a653a9 Docs: Remove recipe for running shell commands
• e1190ea Docs: Remove recipe for exporting tasks
• c4305df Docs: Remove recipe for running tasks in series
• 486f927 Docs: Remove recipes for selecting changed files
• b7b70b8 Docs: Fix some links
• 93564bd Docs: Add advanced section for creation of custom registries (stream: code cleanup and micro-optimization nodejs/node#2479)

See the full diff

Package name: gulp-bump

The new version differs by 18 commits.

• d107a05 2.0.0
• 079ccbb refactor - switch to regex parsing
• f2ac137 Merge pull request [Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #44 from crea1/patch-1
• 2027e9f Update example with missing require of semver
• aa25493 1.0.0
• c87e010 clean required modules - add plugin error/log/vinyl
• f264fd1 remove gulp-util, add dotnotation type test
• ffa9596 rebuild plugin - close [Snyk] Fix for 1 vulnerabilities #41 close [Snyk] Fix for 8 vulnerabilities #42 close [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #43 close [Snyk] Fix for 6 vulnerabilities #38
• dad1d96 0.3.1
• 776cac7 update license
• d588ac4 add preid to readme
• 7fb8a69 merge
• 3292fc2 0.3.0
• 59ef309 update deps
• 46fdc14 add test for preid
• 6920483 add basic test for preid
• 919cc8e Merge pull request [Snyk] Fix for 1 vulnerabilities #36 from scamden/master
• d23cb78 allow preid to be passed

See the full diff

Package name: gulp-filter

The new version differs by 27 commits.

• 845b913 5.1.0
• b00bb32 Meta tweaks
• 52df753 Remove deprecated gulp-util dependency ([Snyk] Fix for 5 vulnerabilities #86)
• b9fb0bc 5.0.1
• b40dd36 Meta tweaks
• d7cf3d4 Support Windows for resolve path ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #80)
• f27adc6 Fix testcase for Windows ([Snyk] Fix for 8 vulnerabilities #81)
• 7276430 5.0.0
• 835efdf ES2015ify and require Node.js 4
• f148c7b Add support for relative parent paths ([Snyk] Fix for 7 vulnerabilities #78)
• 2e3dd05 Fix option typo
• f1dbe11 meta tweaks
• a551307 Merge pull request [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #60 from leocaseiro/patch-1
• 922496e Fix documents with references from [Snyk] Fix for 19 vulnerabilities #55
• 317ec39 4.0.0
• b0728ab Merge pull request [Snyk] Security upgrade ws from 3.3.3 to 5.2.4 #59 from cb1kenobi/relative-fix
• 5fd40bc Fixed code to use the correct relative path wrt the current working directory.
• 3310ca3 improve readme
• 4163b9a 3.0.1
• 91c996a add XO
• 83b219b Merge pull request [Snyk] Fix for 196 vulnerabilities #46 from sindresorhus/stevemao-patch-1
• 93d4c4b Fixing tests
• b92d8e9 Bumping streamfilter
• 9124d6d Update options.restore brief to the latest API

See the full diff

Package name: gulp-git

The new version differs by 31 commits.

• 9327f6a 2.5.0
• 83ff535 core: remove deprecated gulp-util dependency ([Snyk] Security upgrade tap from 0.4.13 to 18.0.0 #176)
• d54339b Add current branch name example to readme
• 852ffda added the possiblity to use an array of strings as message in git.commit ([Snyk] Fix for 1 vulnerabilities #173)
• 61c9eaa node 4, 7, 8
• a5c8391 added the possiblity to use an array of strings as message in git.commit and git.tag to the docs ([Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #172)
• f831f03 travis only clones depth 10, fixes tag test
• 38eb389 2.4.2
• 951c0d7 ensure all tags are returned if no message is sent - closes [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #170
• 0accffa Added git.add({ cwd: '/cwd/path' }) option to ReadMe ([Snyk] Security upgrade ava from 3.15.0 to 5.3.0 #169)
• 0d49cbf 2.4.1
• 71ba307 fix all double callback errors - closes [Snyk] Fix for 5 vulnerabilities #166
• 4578bed 2.4.0
• 2aeb295 Updated push.js, default branch to push will be current branch with this fix ([Snyk] Fix for 1 vulnerabilities #163)
• 8e4ecd9 2.3.2
• 167d083 fix double callbacks + missing cb check - closes [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #162 closes [Snyk] Security upgrade tap from 16.3.10 to 18.0.0 #159
• 968f95d 2.3.1
• de6fb9a Update require-dir for node v8 - closes [Snyk] Fix for 1 vulnerabilities #164
• 3afb0cd 2.3.0
• fa10a51 support git branch --contains ([Snyk] Security upgrade eslint from 8.57.1 to 9.0.0 #160)
• 747a196 2.2.0
• ca63976 Fix pull with callback only ([Snyk] Fix for 8 vulnerabilities #158)
• aaac3c7 update title
• 7894cdd 2.1.0

See the full diff

Package name: mocha

The new version differs by 250 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (Problem with build Node v0.10.x on ARM Linux nodejs/node#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons (Wrong exception reported for throw with toString returning symbol nodejs/node#4912)
• 41567df Support prefers-color-scheme: dark (Shared library issues for nodejs V5.5.0 on Solaris x86 11.2 and 11.3 nodejs/node#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (Feature Request: get current response headers or unset them alll nodejs/node#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill (Node crashes when a big sparse array is given to console.log (might cause DoS) nodejs/node#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (Cannot build msi nodejs/node#4899)
• 023f548 build(v10.0.0): release
• 62b1566 build(v10.0.0): update CHANGELOG
• fbe7a24 chore: update dependencies (SNICallback doesn't appear to work with tls.createSecurePair() nodejs/node#4878)
• 2b98521 docs: replace 'git.io' short links (Clarify Buffer hex string error message nodejs/node#4877) [ci skip]
• 007fa65 chore(ci): add Node v18 to test matrix (doc: keep the names in sorted order nodejs/node#4876)
• f6695f0 chore(esm): remove code for Node v12 (src: attach error to stack on displayErrors nodejs/node#4874)
• 59f6192 chore(ci): conditionally skip 'push' event (deps: upgrade to npm 2.14.15 nodejs/node#4872)
• b863359 docs: fix 'fgrep' url (doc: make Buffer documentation styles consistent nodejs/node#4873)
• baaa41a chore(ci): ignore changes to docs files (doc: fix JSON generation for aliased methods nodejs/node#4871)
• ac81cc5 refactor!: drop support of 'growl' notification (doc: make doctool support guides nodejs/node#4866)
• 3946453 chore(deps)!: upgrade 'minimatch' (octane benchmark faults on ppc64le nodejs/node#4865)
• 592905b refactor!: rename 'bin/mocha' to 'bin/mocha.js' (doc: fix nonsensical grammar in Buffer::write nodejs/node#4863)
• b7b849b refactor!: remove deprecated Runner signature (test: fs.link() test runs on same device nodejs/node#4861)
• 0608fa3 chore(site): fix supporters' download (test: fs.link() on same device nodejs/node#4859)
• 785aeb1 chore(test): drop AMD/'requirejs' (OpenSSL upgrades: January 28th 2016 nodejs/node#4857)
• ed640c4 chore(devDeps): upgrade 'coffee-script' (Proposal: canary/next/master release strategy nodejs/node#4856)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00123, Social Trends: No, Days since published: 3045, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Code Injection

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!