[Snyk] Fix for 1 vulnerabilities

[gregoryrabbit]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • cyclic-dep/package.json
  • cyclic-dep/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @thebespokepixel/meta

The new version differs by 63 commits.

• b66c461 Update Dependencies
• dd5dda8 Update package
• f107d6f Fix
• 119eab2 Update as module
• 323dec2 Merge branch 'release/v2.0.4' into develop
• 5336b21 Update Documentation
• b901dc5 Update Dependencies
• a9182d6 Merge branch 'release/v2.0.3' into develop
• 5b68088 Update Documentation
• 7c53b9b Update Dependencies
• 3cbb771 Update, remove greenkeeper
• 4c753ff Merge branch 'release/v2.0.2' into develop
• 4cb96ad Update Documentation
• b87c50b Update Dependencies
• 7471498 Merge branch 'release/v2.0.1' into develop
• 7da2626 Update Documentation
• c5f0b9b Update Dependencies
• 4fbaf31 Fix travis
• 44aa5d8 Merge branch 'release/v2.0.0' into develop
• bcf20eb Update Documentation
• 4efa10a Update Dependencies
• 36c9b20 Merge branch 'release/v1.0.5' into develop
• 4e2ccd8 Update Documentation
• da53067 Update Dependencies

See the full diff

Package name: @thebespokepixel/string

The new version differs by 70 commits.

• c5d179d Update Dependencies
• 43834cf Merge branch 'master' into develop
• 8bdfcb7 Merge branch 'release/v2.0.0'
• 845f929 Add missing types
• 595934c Update Dependencies
• ace3cab Merge branch 'release/v1.0.3' into develop
• 6c77f1c Merge branch 'release/v1.0.3'
• ab8c49b Update Documentation
• 686074d Update Dependencies
• 168a121 Merge branch 'release/v1.0.2' into develop
• 78a0782 Merge branch 'release/v1.0.2'
• 8ad560f Update Documentation
• 00cfc1e Update Dependencies
• fce5cf6 Merge branch 'release/v1.0.1' into develop
• 5684b08 Merge branch 'release/v1.0.1'
• cc3ab5e Update Documentation
• a5a3939 Update Dependencies
• 256a712 Merge branch 'release/v1.0.0' into develop
• 1cc3413 Merge branch 'release/v1.0.0'
• 44c46b3 Update Documentation
• 9583b13 Update Dependencies
• d308121 Merge branch 'release/v0.5.10' into develop
• d49e695 Merge branch 'release/v0.5.10'
• 8ccef83 Update Documentation

See the full diff

Package name: read-pkg-up

The new version differs by 17 commits.

• c4f8985 8.0.0
• e6fbe7f Require Node.js 12 and move to ESM
• 021b1ec Move to GitHub Actions ([Snyk] Fix for 1 vulnerabilities #16)
• c92040f 7.0.1
• d96ce60 Readme tweaks
• 69983fc Tidelift tasks
• 83476ad 7.0.0
• 4406073 Update dependencies
• 8140c73 Rename `.package` to `.packageJson`
• 9ecaa3e Tidelift tasks
• e473d2a Create funding.yml
• 5267672 6.0.0
• 1c15896 Rename `pkg` property to `package`, return `undefined` instead of empty object, add TypeScript definition ([Snyk] Fix for 1 vulnerabilities #10)
• 2c1d52f Add Node.js 12 to testing ([Snyk] Fix for 1 vulnerabilities #9)
• d8d5100 5.0.0
• 4412fe2 Require Node.js 8
• 5bb0a79 Upgrade `read-pkg` to v4 ([Snyk] Security upgrade undefsafe from 1.3.1 to 2.0.3 #7)

See the full diff

Package name: update-notifier

The new version differs by 42 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #192)
• 132b7ce Remove a project from "Users" section ([Snyk] Security upgrade tap from 5.8.0 to 18.0.0 #191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output ([Snyk] Security upgrade tap from 5.8.0 to 6.3.0 #183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option ([Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest ([Snyk] Security upgrade tap from 5.8.0 to 12.0.2 #174)
• ccaf686 Update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)