[Snyk] Fix for 6 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/node_modules/is-core-module/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00396, Social Trends: No, Days since published: 1135, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	218/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 374, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 10.1, Likelihood: 2.16, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	Proof of Concept
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 161, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 326, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 161, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 2436, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: aud

The new version differs by 7 commits.

• dff6264 EOL
• 884ca7e v3.0.0
• 84af24d [Refactor] move entrypoint to ESM
• 7ba7bec [Refactor] replace `rimraf` with `fs.rmSync` recursive
• 517cfa1 [Deps] update `tmp`
• 8030e3f [Deps] update `rimraf`
• 72c2567 [Breaking] update `npm-lockfile`; drop node < 16.14

See the full diff

Package name: eslint

The new version differs by 250 commits.

• e0cbc50 9.0.0
• 75cb5f4 Build: changelog update for 9.0.0
• 19f9a89 chore: Update dependencies for v9.0.0 (node-8.9.3 two immediate execution function error nodejs/node#18275)
• 7c957f2 chore: package.json update for @ eslint/js release
• d73a33c chore: ignore `/docs/v8.x` in link checker (Delete file after createWriteStream raises no error when stream.write('whatever') nodejs/node#18274)
• d54a412 feat: Add --inspect-config CLI flag (src: don't abort when package.json is a directory nodejs/node#18270)
• e151050 docs: update get-started to the new `@ eslint/create-config` (test: added input validation test for fchmod nodejs/node#18217)
• 610c148 fix: Support `using` declarations in no-lone-blocks (investigate flaky parallel/test-tls-server-verify on Windows nodejs/node#18269)
• 44a81c6 chore: upgrade knip (build: make linters independent of local node nodejs/node#18272)
• 94178ad docs: mention about `name` field in flat config (Flaky dgram-udp6-send-default-host nodejs/node#18252)
• 1765c24 docs: add Troubleshooting page (In writable stream, should we always set state.errorEmitted to true when executing stream.emit('error')? nodejs/node#18181)
• e80b60c chore: remove code for testing version selectors (stream: fix not calling cleanup() when unpiping all streams. nodejs/node#18266)
• 96607d0 docs: version selectors synchronization (deps: upgrade libuv to 1.19.1 nodejs/node#18260)
• e508800 fix: rule tester ignore irrelevant test case properties (Maccabi Tel Aviv vs Crvena Zvezda 2018 Live Stream Basketball Watch Euroleague Basketball Online Web TV Thursday, 18 January 2018 nodejs/node#18235)
• a129acb fix: flat config name on ignores object (doc: improve callback documentation of http2Stream.pushstream() nodejs/node#18258)
• 97ce45b feat: Add `reportUsedIgnorePattern` option to `no-unused-vars` rule (net: remove ADDRCONFIG DNS hint on Windows nodejs/node#17662)
• 651ec91 docs: remove `/* eslint-env */` comments from rule examples (Fragile/buggy implementation of ES module loading nodejs/node#18249)
• 950c4f1 docs: Update README
• 3e9fcea feat: Show config names in error messages (async_wrap,inspect: heap snapshot CHECKs in WrapperInfo nodejs/node#18256)
• b7cf3bd fix!: correct `camelcase` rule schema for `allow` option (strange befavior about console.err,console.log on win10 nodejs/node#18232)
• 12f5746 docs: add info about dot files and dir in flat config ( stream: remove unreachable code  nodejs/node#18239)
• b93f408 docs: update shared settings example (Flaky http2-settings-flood nodejs/node#18251)
• 26384d3 docs: fix `ecmaVersion` in one example, add checks (async_wrap: schedule destroy hook as unref nodejs/node#18241)
• 7747097 docs: Update PR review process (RFC: Per Package Loader Hooks nodejs/node#18233)

See the full diff

Package name: nyc

The new version differs by 250 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (Please make iojs and bson works together on Windows x64 nodejs/node#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn (Document code style guidelines nodejs/node#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports (Release proposal: v1.6.1 nodejs/node#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases (Fail verbosely on invalid use of util.inherits nodejs/node#1240)
• f3c9e6c chore: Temporarily pin test-exclude (Breaking change: cluster connection behavior when between workers nodejs/node#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (deps: upgrade v8 to 4.2.77.10 (next) nodejs/node#1232)
• 7307626 chore: Remove cp-file module (doc: fix typo in CHANGELOG nodejs/node#1230)
• dfd629d fix: Better error handling for main execution, reporting (vm: fix crash on fatal error in debug context nodejs/node#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir (crash on iojs-1.6.x nodejs/node#1228)
• a1dee03 chore: Update yargs (deps: upgrade v8 to 4.1.0.25 nodejs/node#1224)
• 8078a79 chore: Fix 404 in README.md. (Consistent error messages in all modules nodejs/node#1220)
• 7a02cb7 chore: Add enterprise language (streams: update .readable/.writable to false nodejs/node#1217)
• ea94c7f chore: Remove unused functions (node: reset signal handler to SIG_DFL on FreeBSD nodejs/node#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README (test: double timeout in tls-wrap-timeout.js nodejs/node#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files (path: reduce type checking on some methods nodejs/node#1216)
• f890360 docs: Fix URL to default excludes in README.md (src: ignore ENOTCONN on shutdown race with child nodejs/node#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps (deps: check in gtest, add util unit test nodejs/node#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers (build: remove incorrect arg in vcbuild.bat nodejs/node#1198)
• cc77e13 chore: Add `use strict` to all except fixtures (iojs -i does nothing when -e is used nodejs/node#1197)
• bcbe1df chore: Update dependencies (test: cache lazy properties, fix style nits nodejs/node#1196)
• 2735ee2 chore: 100% coverage (installing io.js with a secondary gcc nodejs/node#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup (src: don't error at startup when cwd doesn't exist nodejs/node#1194)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[sourcery-ai]

🧙 Sourcery has finished reviewing your pull request!

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, snyk-io[bot]!). We assume it knows what it's doing!
• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.