[Snyk] Upgrade lerna from 4.0.0 to 8.1.3

[YoutacRandS-VA]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade lerna from 4.0.0 to 8.1.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 88 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	432	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	432	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	432	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	432	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	432	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	432	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	432	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	432	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	432	Proof of Concept
	Code Injection SNYK-JS-LODASHTEMPLATE-1088054	432	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	432	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	432	Proof of Concept
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	432	Proof of Concept
	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	432	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	432	Proof of Concept
	Information Exposure SNYK-JS-PARSEURL-2935947	432	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	432	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	432	Proof of Concept
	Improper Input Validation SNYK-JS-PARSEURL-3024398	432	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	432	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	432	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	432	No Known Exploit
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	432	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	432	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	432	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	432	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	432	Proof of Concept

Release notes

Package name: lerna

• 8.1.3 - 2024-05-13
  

  8.1.3 (2024-05-13)

  Bug Fixes

  • deps: bump tar from 6.1.11 to 6.2.1 (#3990) (3fe0cf0)
  • list: flush output before exiting (#3971) (6426da8)
  • update to nx 19 (#4003) (03f476b)
  • version: create release when using custom tag-version-separator (#3979) (cbe01ba)
• 8.1.2 - 2024-02-05
  

  8.1.2 (2024-02-05)

  Bug Fixes

  • improve git binary error (#3945) (7637972)
• 8.1.1 - 2024-02-05
  

  8.1.1 (2024-02-05)

  Bug Fixes

  • list: explicitly exit upon completion (bafe090)
• 8.1.0 - 2024-02-05
  

  8.1.0 (2024-02-05)

  Features

  • support nx v18 (#3950) (ea3fb65)
  • version: custom tag-version-separator for independent projects (#3951) (43de79c)
• 8.0.2 - 2024-01-05
  

  8.0.2 (2024-01-05)

  Bug Fixes

  • add-caching: explicitly set targetDefaults for all scripts (#3929) (dae18c9)
• 8.0.1 - 2023-12-15
  

  8.0.1 (2023-12-15)

  Bug Fixes

  • update node-gyp usage to v10 to resolve npm warning (#3919) (f5fdcba)
  • version: create correct independent tags when using --sign-git-tag (#3917) (8f7a32b)
• 8.0.0 - 2023-11-23
  

  BREAKING CHANGES

  After updating we strongly recommend running lerna repair in your project. This will migrate your lerna.json to the latest and greatest and remove any outdated options.

  As this is a major release there are a few breaking changes to be aware of, which may or may not affect your lerna repos, depending on how you are using the tool.

  • node v16 support is dropped because it is end of life

  When a node version becomes end of life (EOL) it means that it does not receive any updates or maintenance whatsoever, even if critical security vulnerabilities have been uncovered.

  We strongly encourage all folks here to keep up with the maintenance LTS version of Node at an absolute minimum:

  https://github.com/nodejs/release#release-schedule

  • lerna's task runner for lerna run now depends on nx v17 instead of v16

  lerna run gets to benefit from all of the further performance improvements in the nx v17 task runner behind scenes.

  • @ lerna/child-process is no longer a separately published package

  Lerna is a monorepo management tool with versioning and publishing capabilities, it is not a child process manager. There are lots of good options out there in the ecosystem to help you with managing child processes in nodejs, and it does not really make sense to treat some of lerna's implementation details around child processes as if they were a public API. The package will be officially deprecated on npm in the future. You can of course take the code and fork it and adapt it for your own purposes if you wish!

  • Older packages under @ lerna/ on npm have been officially marked as deprecated

  Under prior stewardship the lerna repo used to publish a very large (>65) number of packages. The vast majority of these should not form part of the public API of lerna and so they have no longer been published as packages since v6. We have now officially marked them as deprecated packages on the npm registry so that users get clear feedback that they are using packages which are no longer maintained (which they can of course fork and do whatever they want with). NOTE: We have not yet marked @ lerna/child-process as deprecated so as not to create noise for lerna v7 users until they have had chance to migrate to v8.

  Features

  • version: add --premajor-version-bump option to force patch bumps for non-breaking changes in premajor packages (#3876) (3b05947)
  • version: use corepack for install when enabled (#3877) (a3cb7ca)
• 8.0.0-alpha.0 - 2023-11-22
• 7.4.2 - 2023-10-27
  

  7.4.2 (2023-10-27)

  Bug Fixes

  • version: support changelog-presets using async factory funcs (#3873) (bb5e7d7)
• 7.4.1 - 2023-10-18
  

  7.4.1 (2023-10-18)

  7.4.0 contained a malformed dist directory, please bump to 7.4.1 for the correct artifacts

• 7.4.0 - 2023-10-17
  

  7.4.0 (2023-10-17)

  Bug Fixes

  • version: update lock files after the version hook (#3849) (7e30a31)

  Features

  • version: add json option (#3858) (86f22f4)
  • version: add option to force version update (#3852) (914dd96)
• 7.3.1 - 2023-10-10
• 7.3.0 - 2023-09-13
• 7.2.0 - 2023-08-29
• 7.1.5 - 2023-08-09
• 7.1.4 - 2023-07-15
• 7.1.3 - 2023-07-12
• 7.1.2 - 2023-07-12
• 7.1.1 - 2023-06-28
• 7.1.0 - 2023-06-25
• 7.0.2 - 2023-06-15
• 7.0.1 - 2023-06-13
• 7.0.0 - 2023-06-08
• 7.0.0-alpha.8 - 2023-06-07
• 7.0.0-alpha.7 - 2023-06-05
• 7.0.0-alpha.6 - 2023-06-02
• 7.0.0-alpha.5 - 2023-06-01
• 7.0.0-alpha.4 - 2023-06-01
• 7.0.0-alpha.3 - 2023-05-31
• 7.0.0-alpha.2 - 2023-05-31
• 7.0.0-alpha.1 - 2023-05-31
• 7.0.0-alpha.0 - 2023-05-10
• 6.6.2 - 2023-05-04
• 6.6.1 - 2023-03-24
• 6.6.0 - 2023-03-23
• 6.5.1 - 2023-02-14
• 6.5.0 - 2023-02-13
• 6.5.0-alpha.2 - 2023-02-05
• 6.5.0-alpha.1 - 2023-02-05
• 6.5.0-alpha.0 - 2023-01-30
• 6.4.2-beta.0 - 2023-01-19
• 6.4.1 - 2023-01-12
• 6.4.0 - 2023-01-05
• 6.3.1-beta.8 - 2022-12-27
• 6.3.1-beta.6 - 2022-12-27
• 6.3.1-beta.5 - 2022-12-27
• 6.3.1-beta.4 - 2022-12-27
• 6.3.1-beta.3 - 2022-12-27
• 6.3.1-beta.2 - 2022-12-27
• 6.3.1-beta.1 - 2022-12-27
• 6.3.1-beta.0 - 2022-12-26
• 6.3.0 - 2022-12-26
• 6.2.0 - 2022-12-13
• 6.1.0 - 2022-11-29
• 6.0.3 - 2022-11-07
• 6.0.2 - 2022-11-02
• 6.0.1 - 2022-10-14
• 6.0.0 - 2022-10-12
• 6.0.0-alpha.2 - 2022-10-12
• 6.0.0-alpha.1 - 2022-10-09
• 6.0.0-alpha.0 - 2022-10-07
• 5.6.2 - 2022-10-09
• 5.6.1 - 2022-09-30
• 5.6.0 - 2022-09-29
• 5.5.4 - 2022-09-28
• 5.5.2 - 2022-09-20
• 5.5.1 - 2022-09-09
• 5.5.0 - 2022-08-31
• 5.4.3 - 2022-08-16
• 5.4.2 - 2022-08-14
• 5.4.1 - 2022-08-12
• 5.4.0 - 2022-08-08
• 5.3.0 - 2022-07-27
• 5.2.0 - 2022-07-22
• 5.1.8 - 2022-07-07
• 5.1.7 - 2022-07-06
• 5.1.6 - 2022-06-24
• 5.1.5 - 2022-06-24
• 5.1.4 - 2022-06-15
• 5.1.3 - 2022-06-15
• 5.1.2 - 2022-06-13
• 5.1.1 - 2022-06-09
• 5.1.0 - 2022-06-07
• 5.1.0-alpha.0 - 2022-05-25
• 5.0.0 - 2022-05-24
• 5.0.0-alpha.2 - 2022-05-24
• 5.0.0-alpha.1 - 2022-05-24
• 5.0.0-alpha.0 - 2022-05-24
• 4.0.0 - 2021-02-10

from lerna GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs