[Snyk] Fix for 1 vulnerabilities

[Tyson-Skiba]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: auto-changelog

The new version differs by 49 commits.

• 94266e6 2.4.0
• c227823 yarn upgrade
• 417354c Logical handling of --starting-version (#227)
• 66e554b Trim commit subject (#225)
• 73a2524 feat(commits.js): added niceDate format of commits (#206)
• dbd36d5 --ending-version fixes
• c2bb8c5 Add ending-version option
• 3e25b8c Do not sort tags when sorting via --append-git-tag
• 9d271fc Bump packages
• 5d914d4 2.3.0
• f6a8ab1 Remove --sort=-creatordate from git tag logic
• 1b29530 Remove unused sortTags syntax
• 26e7d9c Remove lodash.uniqby
• a80e311 Add minor boolean to test data
• 20bb145 Add --append-git-tag
• 2f7c3ab Add --hide-empty-releases
• a7fba3c Add --starting-date
• 6592ef2 Support absolute paths for --handlebars-setup
• de35cfa Fix unreleased version diff
• b854fc0 Fix v prefix logic
• 2bdc772 Fix getSubject edge case
• d27152d Apply ignoreCommitPattern earlier in the parsing logic
• 44e8085 feat: add support for minor/preminor versions for custom templates (#185)
• 7404570 Feat: add sortCommits by subject and subject-desc (#186)

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)