[Snyk] Security upgrade snyk-nodejs-lockfile-parser from 1.56.1 to 1.58.13

[matrix-compute]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 151, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: snyk-nodejs-lockfile-parser

The new version differs by 42 commits.

• cf44acc Merge pull request Docs/fix typos snyk/cli#254 from snyk/fix/bump-micromatch
• e15ee01 fix: bump micromatch
• a5cb8b6 Merge pull request fix: don't print vulnerable paths count for docker tests snyk/cli#252 from snyk/fix/fix-empty-lockfile
• 45d6de9 fix: handle pnpm empty lockfiles
• 5133a51 Merge pull request docs: fix names for snyk report files snyk/cli#251 from snyk/fix/refactor-top-level-deps-extraction
• c0a049b fix: removed optional params from extract top level deps
• 7dce595 Merge pull request chore: upgrade sinon snyk/cli#250 from snyk/fix/fix-dev-deps-pnpm
• 4dd003a fix: fixed dev deps ref and added more debug logs
• 097c766 Merge pull request #249 from snyk/fix/out-of-sync-pnpm
• f3f5193 fix: fail early for top level deps out of sync pnpm and updated tests
• 01b8757 Merge pull request #248 from snyk/feat/support-aliases-pnpm-lockfile
• d42528b fix: [OSM-1996] support pnpm packages aliases
• ac9bf00 Merge pull request #247 from snyk/fix/bump-version-after-revert
• d6bc4d3 fix: small change for new version release
• 66c14de Merge pull request fix: not delete from this snyk/cli#246 from snyk/revert-233-fix/parse-nested-peer-deps-safely
• 7b518ee Revert "fix: [OSM-1079] support the parsing of transitive peer deps - if they are installed"
• e4f1660 Merge pull request #244 from snyk/revert-239-fix/ignore-optional-deps-if-not-installed
• 08be44c Revert "Fix/ignore optional deps if not installed"
• 23721ea Merge pull request fix: update resolve-deps to skip ~ directory snyk/cli#242 from snyk/fix/debug-log-for-undefined-versions-pnpm-lockfile
• c7bd821 fix: debug log for undefined version
• 8da13d3 Merge pull request fix: do not traverse node_modules on wizard monitor for yarn snyk/cli#239 from snyk/fix/ignore-optional-deps-if-not-installed
• 928e2f2 fix: ignore optional deps if not installed
• b0f1ab6 Merge pull request fix: Add missing CLI help text for docker remediation snyk/cli#240 from snyk/fix/remove-duplicate-includePeerDeps
• 261fb3a fix: remove duplicate includePeerDeps

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Inefficient Regular Expression Complexity

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/code-frame@7.23.5	None	0	23.3 kB	nicolo-ribaudo
npm/@babel/highlight@7.23.4	None	0	18.4 kB	nicolo-ribaudo
npm/@octokit/rest@18.12.0	Transitive: network	+14	4.28 MB	octokitbot
npm/@open-policy-agent/opa-wasm@1.6.0	None	0	875 kB	styrainc
npm/@sentry/node@7.34.0	environment, filesystem, network, shell, unsafe	+6	2.85 MB	sentry-bot
npm/@sindresorhus/is@4.0.1	None	0	53.3 kB	sindresorhus
npm/@snyk/cli-interface@2.12.0	None	+1	48.6 kB	snyk-admin
npm/@snyk/cloud-config-parser@1.14.5	None	0	82.4 kB	snyk-admin
npm/@snyk/code-client@4.23.5	filesystem, network	+13	446 kB	snyk-admin
npm/@snyk/dep-graph@2.8.1	None	+2	202 kB	snyk-admin
npm/@snyk/docker-registry-v2-client@2.11.0	environment, filesystem	0	67.3 kB	snyk-admin
npm/@snyk/fix-pipenv-pipfile@0.7.1	environment Transitive: eval, shell	+3	732 kB	snyk-admin
npm/@snyk/fix-poetry@0.9.1	Transitive: environment, eval, shell	+3	732 kB	snyk-admin
npm/@snyk/gemfile@1.2.0	filesystem	0	60.1 kB	snyk-admin
npm/@snyk/snyk-cocoapods-plugin@2.5.3	filesystem, shell	+8	361 kB	snyk-admin
npm/@snyk/snyk-hex-plugin@1.1.6	filesystem, shell	+4	169 kB	snyk-admin
npm/@types/body-parser@1.19.1	None	+1	14.3 kB	types
npm/@types/cross-spawn@6.0.2	None	0	3.91 kB	types
npm/@types/express@4.17.13	None	+5	118 kB	types
npm/@types/fs-extra@9.0.12	None	0	26.3 kB	types
npm/@types/jest-json-schema@6.1.1	None	0	4.24 kB	types
npm/@types/jest@29.5.12	None	+8	858 kB	types
npm/@types/lodash@4.14.172	None	0	859 kB	types
npm/@types/marked@4.0.0	None	0	23.1 kB	types
npm/@types/needle@3.3.0	None	0	16.3 kB	types
npm/@types/node@14.17.10	None	0	772 kB	types
npm/@types/sarif@2.1.7	None	0	74.2 kB	types
npm/@types/semver@7.3.8	None	0	23.4 kB	types
npm/@types/sinon@7.5.2	None	0	150 kB	types
npm/@typescript-eslint/eslint-plugin@4.30.0	Transitive: environment, filesystem	+9	4.74 MB	jameshenry
npm/@typescript-eslint/parser@4.30.0	Transitive: environment, filesystem	+4	1.32 MB	jameshenry
npm/@yarnpkg/lockfile@1.1.0	environment, eval, filesystem	0	280 kB	arcanis
npm/abbrev@1.1.1	None	0	4.78 kB	isaacs
npm/abort-controller@3.0.0	None	0	76.3 kB	mysticatea
npm/acorn-jsx@5.3.2	None	0	24.4 kB	rreverser
npm/acorn@7.4.1	None	0	1.21 MB	marijn
npm/adm-zip@0.5.9	filesystem	0	103 kB	cthackers
npm/agent-base@4.3.0	network	0	37.5 kB	tootallnate
npm/ajv-keywords@3.5.2	None	0	72.9 kB	esp
npm/ansi-regex@5.0.1	None	0	5.61 kB	qix
npm/ansicolors@0.3.2	None	0	7.46 kB	thlorenz
npm/anymatch@3.1.2	None	0	9.54 kB	paulmillr
npm/archy@1.0.0	None	0	8.42 kB	substack
npm/are-we-there-yet@1.1.5	Transitive: environment	+3	122 kB	iarna
npm/array-differ@3.0.0	None	0	3.06 kB	sindresorhus
npm/array-union@2.1.0	None	0	3.17 kB	sindresorhus
npm/asap@2.0.6	None	0	33.9 kB	kriskowal
npm/async@3.2.4	None	0	821 kB	hargasinski
npm/auto-bind@5.0.1	None	0	6.8 kB	sindresorhus
npm/base64-js@1.5.1	None	0	9.62 kB	feross
npm/binary-extensions@2.2.0	None	0	5.36 kB	sindresorhus
npm/body-parser@1.19.0	network Transitive: environment, filesystem	+8	303 kB	dougwilson
npm/braces@3.0.3	None	0	44.6 kB	jonschlinkert
npm/buffer-equal-constant-time@1.0.1	None	0	5.23 kB	goinstant
npm/buffer@5.7.1	None	0	82.5 kB	feross
npm/bytes@3.1.0	None	0	11 kB	dougwilson
npm/callsites@3.1.0	None	0	6.33 kB	sindresorhus
npm/camelcase@6.3.0	None	0	11.7 kB	sindresorhus
npm/chardet@0.7.0	filesystem	0	74.8 kB	runk
npm/chokidar@3.6.0	environment, filesystem	+1	102 kB	paulmillr
npm/chownr@1.1.4	filesystem	0	5.71 kB	isaacs
npm/ci-info@3.2.0	environment	0	19.8 kB	sibiraj-s
npm/clean-stack@2.2.0	None	0	5.51 kB	sindresorhus
npm/cli-boxes@3.0.0	None	0	6.62 kB	sindresorhus
npm/cli-cursor@3.1.0	None	0	4.37 kB	sindresorhus
npm/cli-spinner@0.2.10	None	0	85.1 kB	boemianrapsodi
npm/cli-spinners@2.6.0	None	0	27.4 kB	sindresorhus
npm/cli-truncate@3.1.0	None	+2	31.5 kB	sindresorhus
npm/cli-width@3.0.0	environment	0	11.5 kB	knownasilya
npm/cliui@7.0.4	None	0	30.6 kB	oss-bot
npm/clone-deep@4.0.1	None	+1	15.5 kB	jonschlinkert
npm/code-excerpt@4.0.0	None	0	4.21 kB	vdemedes
npm/code-point-at@1.1.0	None	0	2.99 kB	sindresorhus
npm/configstore@5.0.1	None	0	7.61 kB	sindresorhus
npm/console-control-strings@1.1.0	None	0	12.7 kB	iarna
npm/conventional-changelog-cli@4.1.0	Transitive: filesystem, shell	+32	1.42 MB	oss-bot
npm/convert-source-map@2.0.0	None	0	15.9 kB	phated
npm/convert-to-spaces@2.0.1	None	0	2.96 kB	vdemedes
npm/copy-webpack-plugin@9.0.1	Transitive: filesystem	+5	254 kB	evilebottnawi
npm/core-js@3.25.0	environment, eval, filesystem	0	1.02 MB	zloirock
npm/cross-spawn@6.0.5	environment, filesystem, shell	+1	84.7 kB	satazor
npm/crypto-random-string@2.0.0	None	0	3.93 kB	sindresorhus
npm/danger@10.9.0	Transitive: environment, eval, filesystem, network, shell	+29	13.7 MB	orta
npm/debug@4.3.4	environment	0	42.4 kB	qix
npm/decamelize@1.2.0	None	0	2.94 kB	sindresorhus
npm/decode-uri-component@0.2.0	None	0	5.71 kB	samverschueren
npm/deep-extend@0.6.0	None	0	9.19 kB	unclechu
npm/define-properties@1.1.3	None	0	23 kB	ljharb
npm/delegates@1.0.0	None	0	7.46 kB	tjholowaychuk
npm/depcheck@1.4.3	filesystem, unsafe Transitive: environment, eval	+28	9.34 MB	rumpl
npm/depd@1.1.2	environment, eval	0	30.5 kB	dougwilson
npm/detect-libc@1.0.3	environment, filesystem, shell	0	17.2 kB	lovell
npm/doctrine@3.0.0	None	0	106 kB	eslint
npm/dot-prop@5.3.0	None	0	9.61 kB	sindresorhus
npm/duplexify@3.7.1	Transitive: environment	+1	105 kB	mafintosh
npm/ecdsa-sig-formatter@1.0.11	None	0	20.6 kB	d2l-travis-deploy
npm/email-validator@2.0.4	None	0	12.1 kB	manishsaraan
npm/end-of-stream@1.4.4	None	0	6.23 kB	mafintosh
npm/enquirer@2.3.6	environment	+1	222 kB	jonschlinkert
npm/env-paths@2.2.1	None	0	10.2 kB	sindresorhus
npm/error-ex@1.3.2	None	0	9.04 kB	qix
npm/es-abstract@1.18.5	None	0	933 kB	ljharb
npm/es-to-primitive@1.2.1	None	0	40.4 kB	ljharb
npm/es6-promise@4.2.8	None	0	315 kB	stefanpenner
npm/es6-promisify@5.0.0	None	0	7.76 kB	digitaldesignlabs
npm/eslint-config-prettier@6.15.0	None	0	62.3 kB	lydell
npm/eslint-plugin-anti-trojan-source@1.1.1	Transitive: filesystem	+31	602 kB	lirantal_bot
npm/eslint-plugin-jest@24.4.0	filesystem Transitive: environment	+6	1.96 MB	simenb
npm/eslint-scope@5.1.1	None	0	78.4 kB	eslintbot
npm/eslint-utils@1.4.3	None	0	314 kB	mysticatea
npm/eslint@6.8.0	filesystem, unsafe	+4	2.99 MB	eslintbot
npm/espree@6.2.1	None	0	68.8 kB	eslintbot
npm/esquery@1.4.0	None	+1	1.02 MB	michaelficarra
npm/event-target-shim@5.0.1	None	0	189 kB	mysticatea
npm/events@3.3.0	None	0	82.8 kB	goto-bus-stop
npm/execa@5.1.1	environment, shell	0	57.5 kB	sindresorhus
npm/express@4.17.1	environment, filesystem, network	+17	466 kB	dougwilson
npm/extend-shallow@2.0.1	None	0	4.82 kB	jonschlinkert
npm/external-editor@3.1.0	environment, filesystem, shell	0	27 kB	mrkmg
npm/figures@3.2.0	None	0	12.1 kB	sindresorhus
npm/file-entry-cache@5.0.1	filesystem	0	24.5 kB	royriojas
npm/fill-range@7.1.1	None	0	16.7 kB	jonschlinkert
npm/find-up@4.1.0	None	0	11.6 kB	sindresorhus
npm/flat-cache@2.0.1	filesystem	+1	44.4 kB	royriojas
npm/fs-extra@9.1.0	filesystem	+1	132 kB	ryanzim
npm/fs-minipass@2.1.0	filesystem	0	14.1 kB	isaacs
npm/fsevents@2.3.2	None	0	156 kB	pipobscure
npm/function-bind@1.1.1	None	0	25.2 kB	ljharb
npm/gauge@2.7.4	None	+5	72 kB	iarna
npm/get-caller-file@2.0.5	None	0	4.72 kB	stefanpenner
npm/get-stdin@6.0.0	None	0	3.5 kB	sindresorhus
npm/get-stream@6.0.1	None	0	12.2 kB	sindresorhus
npm/glob-parent@6.0.2	None	0	7.72 kB	phated
npm/global-agent@2.2.0	environment, network	+1	134 kB	gajus
npm/globby@11.1.0	filesystem	0	21.8 kB	sindresorhus
npm/got@11.8.2	filesystem, network	0	266 kB	sindresorhus
npm/handlebars@4.7.8	filesystem	0	2.78 MB	jaylinski
npm/has-symbols@1.0.2	None	0	18.1 kB	ljharb
npm/has-unicode@2.0.1	environment	0	3.44 kB	iarna
npm/has@1.0.3	None	0	2.77 kB	ljharb

🚮 Removed packages: npm/acorn-jsx@3.0.1, npm/acorn@5.7.3, npm/ajv-keywords@2.1.1, npm/ajv@5.5.2, npm/ansi-escapes@3.1.0, npm/ansi-regex@3.0.0, npm/array-union@1.0.2, npm/array-uniq@1.0.3, npm/babel-code-frame@6.26.0, npm/caller-path@0.1.0, npm/callsites@0.2.0, npm/chalk@2.4.1, npm/chardet@0.4.2, npm/circular-json@0.3.3, npm/cli-cursor@2.1.0, npm/cli-width@2.2.0, npm/concat-stream@1.6.2, npm/cross-spawn@5.1.0, npm/debug@3.2.5, npm/del@2.2.2, npm/doctrine@2.1.0, npm/eslint-scope@3.7.3, npm/eslint-visitor-keys@1.0.0, npm/eslint@4.19.1, npm/espree@3.5.4, npm/esquery@1.0.1, npm/esrecurse@4.2.1, npm/esutils@2.0.2, npm/external-editor@2.2.0, npm/fast-deep-equal@1.1.0, npm/fast-json-stable-stringify@2.0.0, npm/figures@2.0.0, npm/file-entry-cache@2.0.0, npm/flat-cache@1.3.0, npm/glob@7.1.3, npm/globals@11.7.0, npm/globby@5.0.0, npm/graceful-fs@4.1.11, npm/has-ansi@2.0.0, npm/iconv-lite@0.4.24, npm/ignore@3.3.10, npm/inquirer@3.3.0, npm/is-fullwidth-code-point@2.0.0, npm/is-path-cwd@1.0.0, npm/is-path-in-cwd@1.0.1, npm/is-path-inside@1.0.1, npm/is-promise@2.1.0, npm/is-resolvable@1.1.0, npm/js-tokens@3.0.2, npm/js-yaml@3.12.0, npm/json-schema-traverse@0.3.1, npm/json-stable-stringify-without-jsonify@1.0.1, npm/levn@0.3.0, npm/lodash@4.17.0, npm/lodash@4.17.15, npm/lru-cache@4.1.3, npm/mimic-fn@1.2.0, npm/minimist@0.0.8, npm/mkdirp@0.5.1, npm/ms@1.0.0, npm/mute-stream@0.0.7, npm/natural-compare@1.4.0, npm/onetime@2.0.1, npm/optionator@0.8.2, npm/os-tmpdir@1.0.2, npm/path-is-inside@1.0.2, npm/pify@2.3.0, npm/pinkie-promise@2.0.1, npm/pinkie@2.0.4, npm/prelude-ls@1.1.2, npm/process-nextick-args@2.0.0, npm/progress@2.0.0, npm/readable-stream@2.3.6, npm/regexpp@1.1.0, npm/require-uncached@1.0.3, npm/resolve-from@1.0.1, npm/restore-cursor@2.0.0, npm/rewire@4.0.1, npm/rimraf@2.6.2, npm/run-async@2.3.0, npm/rx-lite-aggregates@4.0.8, npm/rx-lite@4.0.8, npm/semver@5.5.1, npm/shebang-command@1.2.0, npm/shebang-regex@1.0.0, npm/signal-exit@3.0.2, npm/slice-ansi@1.0.0, npm/snyk@1.1293.1, npm/snyk@1.778.0, npm/string-width@2.1.1, npm/strip-ansi@4.0.0, npm/strip-json-comments@2.0.1, npm/supports-color@5.5.0, npm/table@4.0.2, npm/tap@11.1.3, npm/text-table@0.2.0, npm/through@2.3.8, npm/tmp@0.0.33, npm/type-check@0.3.2, npm/typedarray@0.0.6, npm/wordwrap@1.0.0, npm/write@0.2.1

View full report↗︎