[Snyk] Fix for 11 vulnerabilities

[mongoloidkhulmikuki366385]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (Wrong "Create a commit comment" link github/docs#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (Readme-md  github/docs#11441)
• 2226742 chore: minor simplify format results error (## ✨ ✨ New layout ✨ ✨ github/docs#11432)
• 78eb25d chore: remove needless assign (Update managing-notifications-from-your-inbox.md github/docs#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (https://docs.github.com/github/writing-on-github/getting-started-with… github/docs#11429)
• 27bee72 fix: run GC before collecting open handles (repo sync github/docs#11278)
• 50451df feat: use fallback if prettier not found (WALEED AL AREQI Update making-a-github-app-public-or-private.md github/docs#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (https://github.com/facebook/facebook-ios-sdk github/docs#11428)
• 9633a26 feat: support reporters written in ESM (Readme-md  github/docs#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (repo sync github/docs#11263)
• 57e32e9 Detect open handles with done callbacks (Join  github/docs#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (repo sync github/docs#10995)
• 4fa3a0b feat: custom haste (Blockchair github/docs#11107)
• 2047a36 chore: bump deps (Bump eslint-plugin-promise from 5.1.0 to 5.1.1 github/docs#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (repo sync github/docs#9924)
• db643a1 Link to Jest config (Blockchair github/docs#11106)
• b16082c Fix locale issue #10014 (Bump @primer/css from 17.9.0 to 18.0.2 github/docs#11412)

See the full diff

Package name: jest-puppeteer

The new version differs by 20 commits.

• 153d47b v5.0.0
• 36602a1 fix: Resolve module paths in preset (Revert "repo sync" github/docs#335)
• e54fb7e fix: Leverage Puppeteer's native support for Firefox (Add files via upload github/docs#356)
• ea3b189 chore: update dev deps
• a050a72 add jest-puppeteer.config.js back to example
• f2f5b62 feat: allow path for wait-on resource (Remove dead links github/docs#382)
• 964b9a2 fix: toFill doesn't empty contents when given an empty string (Rename access-permissions-on-github.md to .access-permissions-on-gith… github/docs#381)
• a7b5693 Update expect-puppeteer/README.md fix example code (> ### أي مقال على docs.github.com يتأثر؟ github/docs#370)
• c0559d2 Update readme with command to install types (repo sync github/docs#355)
• d3d320f Remove looking for maintainers in readme
• 183a390 Update all dependencies (Update signing-tags.md github/docs#392)
• 5a4eb5b docs(readme): looking for maintainers
• 78ebef3 Update README.md
• 28f4e56 Update README.md
• 69a0c3e docs: add missing import (Ollie07 github/docs#332)
• bcc6f9c chore(deps): bump acorn from 5.7.3 to 5.7.4 (Ollie github/docs#330)
• 949027b feat: support XPATH selectors (Along riza l patch 2 github/docs#321)
• 49d313c fix: require to `puppeteer-core` as fallback (Along riza l patch 1 github/docs#315)
• 655d37c chore: update wait-on to version 4.0.0 (homepage calculation gives bad URLs on Windows github/docs#316)
• ebbfd32 docs: fix FUNDING.yml

See the full diff

Package name: jest-silent-reporter

The new version differs by 1 commits.

• f0843f4 Update jest-utils ([Snyk] Security upgrade nodemon from 2.0.4 to 3.0.0 #20)

See the full diff

Package name: puppeteer

The new version differs by 250 commits.

• 377cd83 chore: release main ([From Zendesk] Squash and merge mention in commit signing article now incorrect github/docs#11081)
• 11f7c69 test: update Firefox BiDi expectations (Contributions when merging accounts github/docs#11082)
• 0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (Clarify content on ignoring files github/docs#11077)
• 163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (Bump lint-staged from 11.2.2 to 11.2.3 github/docs#11063)
• 67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (about-pull-requests.md github/docs#11075)
• 54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (Bump @babel/plugin-transform-runtime from 7.15.0 to 7.15.8 github/docs#11064)
• c5083bb docs: update link to `third_party/README.md` (Revert "repo sync" github/docs#11068)
• a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
• 28c1c26 test: crash mocha if unhandled errors occur (Bump eslint from 7.32.0 to 8.0.0 github/docs#11055)
• c5f2d28 test: move queryObjects to a CDP only tests (Bump prettier from 2.4.0 to 2.4.1 github/docs#11050)
• 88681a8 test: Remove invalid drag and drop test (Bump @actions/core from 1.5.0 to 1.6.0 github/docs#11054)
• eedbb13 chore: release main (Bump @graphql-inspector/core from 2.9.0 to 3.0.2 github/docs#11051)
• b0d7375 fix: remove the flag disabling bfcache (Bump jest from 27.2.0 to 27.2.5 github/docs#11047)
• 30bd030 chore: use yargs for mocha runner (Bump @primer/octicons from 15.1.0 to 16.0.0 github/docs#11045)
• 03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (repo sync github/docs#11043)
• 897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (repo sync github/docs#11042)
• f59537e ci: add sharding for chrome (repo sync github/docs#11038)
• bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (repo sync github/docs#11040)
• e853e63 refactor: use common debugError (Update bigcook12345 github/docs#11039)
• 48f9382 test: synchronize bidi expectations changes for Bug 1756595 (# github/docs#11005)
• aa16ab1 chore: use RxJS for wait for Navigation (repo sync github/docs#11024)
• c502ca8 chore: release main (Rename content/github/collaborating-with-pull-requests/index.md to co… github/docs#11025)
• e0e7e3a test: move cdp only tests to a subfolder (vedacomprime/docs github/docs#11033)
• 8993def ci: disable failing doctest (repo sync github/docs#11035)

See the full diff

Package name: website-scraper

The new version differs by 65 commits.

• 74bce19 Mention minimum supported nodejs v14.14.x
• 25bb362 Release v5
• 68f8fac Update README.md
• cf9b834 Update README.md
• 758f5f6 Bump got from 11.8.2 to 12.0.0 (Updated manipulating_file_prereqs.md github/docs#470)
• 6670b29 Bump eslint from 7.25.0 to 8.5.0 (Confusing parameter description in REST API docs for /users github/docs#472)
• efe7c52 Bump sinon from 10.0.1 to 12.0.1 (Github Actions context variables data format not precise github/docs#476)
• f452942 Bump srcset from 3.0.1 to 5.0.0 (Fix typos in search part of contribution guideline github/docs#477)
• 6376e4e Bump fs-extra from 9.1.0 to 10.0.0 (repo sync github/docs#478)
• 80a17d8 Drop Node.js v12 (Rename content/github/getting-started-with-github/access-permissions-… github/docs#479)
• b7f49ac Bump normalize-url from 6.0.1 to 7.0.2 (Create FUNDING.yml github/docs#471)
• 2e05ee6 Publish codeclimate coverage (Added a quick tip about PR's base branch github/docs#480)
• 75d7491 Run "npm i", add scheduled tests run (Fix all-contributors file. github/docs#475)
• df715e9 Remove package-lock.json
• 28d8f4a Create dependabot.yml
• e7e88c9 Enable tests on nodejs-17 (Revert 1 marleyjustin08 patch 1 github/docs#469)
• 188911e Remove coveralls (Update set-up-git.md github/docs#468)
• 0d5e8a2 Update cheerio to 1.0.0-rc.10, fixes repo sync github/docs#355 (Update building-github-apps.md github/docs#467)
• 7887499 Update BACKERS.md
• 461c6ac Avoid filtering out root urls, closes Commit link raw text contained unnecessary information github/docs#460 (Update and rename content/github/importing-your-projects-to-github/su… github/docs#465)
• 8bdc0f4 Update dependencies (Rename content/github/getting-started-with-github/exploring-early-acc… github/docs#464)
• d67969c Add node 16 to Github Actions (repo sync github/docs#463)
• 44cc74c Replace request with got (Use ubuntu-latest instead of 16.04 as an Actions example github/docs#445)
• 6db2b51 Use Github Actions for CI (#2 github/docs#450)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

[pull-request-quantifier-deprecated]

This PR has 14 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +7 -7
Percentile : 5.6%

Total files changed: 1

Change summary by file extension:
.json : +7 -7

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detected.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.

[performance-testing-bot]

Unable to locate .performanceTestingBot config file

[vizipi]

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code.
This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below )   Feedback always welcome

No other active qualified developers found to review these specific changes. You might consider involving more team members with these code segments.

---

Potential missing files from this Pull request

files commonly committed with a subset of this pr, but not committed this time. (click to collapse)

File	Percentile	rate
package-lock.json	71.65 %	187 out of 261 times

---

Committed file ranks

(click to expand)

100.00%[package.json]