[Snyk] Fix for 2 vulnerabilities

[GTVolk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @typescript-eslint/eslint-plugin

The new version differs by 250 commits.

• 8894106 chore: publish v5.10.0
• 5046882 fix(type-utils): intersection types involving readonly arrays are now handled in most cases (Bounce rate column sorts is not working matomo-org/matomo#4429)
• 39a6806 fix(type-utils): isTypeReadonly now handles conditional types (better "Delete old visitor logs and reports" functionality matomo-org/matomo#4421)
• f4016c2 fix(eslint-plugin): [no-extra-semi] false negatives when used with eslint 8.3.0 (Analyse costs and revenue for a single visitor/a whole campaign matomo-org/matomo#4458)
• 99ab193 fix(type-utils): union types always being marked as readonly (Big extra spacing in annotations matomo-org/matomo#4419)
• ef3147c fix(type-utils): check IndexSignature internals when checking isTypeReadonly (Weird spacing in "Visits in Real-time" plugin matomo-org/matomo#4417)
• 3061ea9 chore: bump @ babel/types from 7.16.7 to 7.16.8 (Attribution by Campaign Keyword is not working as expected (zeros) matomo-org/matomo#4454)
• e56f1e5 fix(eslint-plugin): [no-invalid-this] crash when used with eslint 8.7.0 (Repeated visits reported in Visitor profile matomo-org/matomo#4448)
• ba3d3a3 chore: bump eslint-plugin-jest from 25.3.4 to 25.7.0 (Review guides at developer.piwik.org for official launch matomo-org/matomo#4456)
• 04cb5d8 chore: bump ts-jest from 27.1.2 to 27.1.3 (Use consistent fonts and colors in new Morpheus theme CSS/less matomo-org/matomo#4457)
• d8e296d chore: bump webpack from 5.65.0 to 5.66.0 (Change piwik URL to builds.piwik.org/piwik.zip matomo-org/matomo#4455)
• d053cde fix(eslint-plugin): [explicit-function-return-type] support AllowTypedFunctionExpression within AllowHigherOrderFunction (Visit summary graph is cached in mail client matomo-org/matomo#4250)
• 8a30108 chore: bump eslint-visitor-keys from 3.1.0 to 3.2.0 ("All Websites" are calculated wrong matomo-org/matomo#4452)
• 377cbcf chore: bump rollup from 2.63.0 to 2.64.0 (String data, right truncated: 1406 Data too long for column 'location_browser_lang' at row 1 matomo-org/matomo#4450)
• daf7990 chore: bump @ types/prettier from 2.4.2 to 2.4.3 ("Load more visits" with "Visitor Profile" loads the same visits matomo-org/matomo#4451)
• 4cb46ff chore: bump downlevel-dts from 0.7.0 to 0.8.0 (Display 100+ visits when at least 100 visits, in Visitor profile matomo-org/matomo#4447)
• ff05dd8 test(type-utils): fix incorrect utils import (PHP Fatal error: Call to a member function rewriteAssetsPathToTheme() matomo-org/matomo#4453)
• 95aea18 refactor(eslint-plugin): [restrict-plus-operands] add better error messages (archive.php should only process websites which exist matomo-org/matomo#4332)
• ea85dda test(type-utils): add basic tests for isTypeReadonly (Change for Yahoo! Japan matomo-org/matomo#4416)
• c8e650f fix(eslint-plugin): [no-magic-numbers] handle bigint in class props (Warning: fopen(/httpdocs/piwik/tmp/tcpdf/__tcpdf_imgmask_alpha_.... failed to open stream matomo-org/matomo#4411)
• 253bfa3 docs: fix typo in comment (Missing keyword and referer since upgrade to 2.0 matomo-org/matomo#4445)
• 4bda6ec chore: bump shelljs from 0.8.4 to 0.8.5 (LOAD DATA INFILE in chroot environment matomo-org/matomo#4442)
• 9eb0a5b chore: bump follow-redirects from 1.14.5 to 1.14.7 (Warning: file_exists(): open_basedir restriction in effect. File(plugins/Morpheus/stylesheets/ieonly.css?cb=0920 matomo-org/matomo#4437)
• 1d55a75 feat: rename `experimental-utils` to `utils` and make `experimental-utils` an alias to the new package (More SEO metrics matomo-org/matomo#4172)

See the full diff

Package name: @vue/cli-plugin-typescript

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-plugin-unit-jest

The new version differs by 250 commits.

• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)
• 0cbdf5f fix: specify vue version in the web component demo html

See the full diff

Package name: @vue/cli-service

The new version differs by 250 commits.

• 92d80a8 v5.0.1
• c913cdc v5.0.0
• e75a288 chore: pre release sync
• e7f07d8 docs: remove `@ next` [skip ci]
• 80bbf38 test: skip nightwatch --parallel test for now
• 9be19f0 test: fix tsx import
• 5cf0e13 feat: bump default typescript version to 4.5
• 22a4a53 chore: dependency maintenance
• 9577cf5 chore: Merge branch 'master' into dev
• 8b5ab22 fix: remove --skip-plugin from arguments passed to the plugins (Referrers Overview, distinct metrics sparklines are always set to one matomo-org/matomo#6972)
• ff035c6 chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 (The Pros & Cons Of Using Body Building Supplements T-Force matomo-org/matomo#6993)
• d302581 fix: update mini-css-extract-plugin to ^2.5.3 (Fixed view type for visitor log matomo-org/matomo#6987)
• 2d8fa26 test(nightwatch): skip selenium test for now
• 7a17d98 chore: replace eslint-plugin-graphql with @ graphl-eslint/eslint-plugin
• 75a6d69 v5.0.0-rc.3
• c214c3a chore: pre release sync
• 42fc8d4 docs: add cache-loader and nightwatch breaking changes [skip ci]
• 926855f feat!: make `cache-loader` optional (Dreamka2007 matomo-org/matomo#6985)
• 342c386 fix: there's a command response format change in nightwatch v2
• b78a003 chore: update web drivers
• 6c91e1a chore: update lockfile
• 37bdc0e chore: remove the console log completely and fix lint error
• 1c1f1ef chore: fix typo (Share a Custom dashboard with other users and keep it synchronised across users matomo-org/matomo#6964)
• a2b6409 feat: add build stats hash support ( Array to string conversion in /var/www/piwik/libs/Zend/Session/Exception.php on line 58 matomo-org/matomo#6980)

See the full diff

Package name: ts-jest

The new version differs by 250 commits.

• 35cf9e8 chore(release): 27.0.0 (logo-header.png has absolute path ssl https custom logo branding piwik security warning matomo-org/matomo#2617)
• 9d77c7b docs(devs-infra): prepare docs for v27 (IP-Detection displays wrong country matomo-org/matomo#2614)
• 6406c6a build(devs-dep): upgrade deps to be compatible to jest 27 (Email Reports: minor error in UI text matomo-org/matomo#2613)
• 2a6e9f9 build(deps-dev): bump eslint-plugin-jsdoc from 34.8.2 to 35.0.0 (Piwik_Url: getCurrentSchema() should check assume_secure_protocol matomo-org/matomo#2606)
• f18fc54 build(deps-dev): bump @ typescript-eslint/parser from 4.24.0 to 4.25.0 (displayed order subtotal value is equal to the quantity of purchased products matomo-org/matomo#2607)
• 5765831 build(deps-dev): bump @ typescript-eslint/eslint-plugin (Allow bar graph as well as line graph matomo-org/matomo#2608)
• 6a8200f build(devs-dep): upgrade jest deps and prettier (permanent block, suhosin matomo-org/matomo#2605)
• 04a1534 build(deps-dev): bump @ types/yargs from 16.0.2 to 17.0.0 (IP Detection Problem or ISP Detection Problem matomo-org/matomo#2601)
• 478a494 build(deps-dev): bump @ types/lodash from 4.14.169 to 4.14.170 (Piwik_Session: restore support for file-based sessions matomo-org/matomo#2602)
• f2093c1 build(deps-dev): bump eslint from 7.26.0 to 7.27.0 (#2603)
• fc2a067 build(deps-dev): bump eslint-plugin-import from 2.22.1 to 2.23.3 (Unnessary decoding of already decoded strings matomo-org/matomo#2604)
• 51c6592 build(deps-dev): bump eslint-plugin-jsdoc from 34.8.1 to 34.8.2 (assume_secure_protocol is not checked in View matomo-org/matomo#2594)
• abddb20 build(deps-dev): bump @ types/yargs from 16.0.1 to 16.0.2 (Add link to create a new website in "All websites" dashboard when logged in as Super User matomo-org/matomo#2590)
• 9b95e1e build(deps-dev): bump @ types/react from 17.0.5 to 17.0.6 (German PDF reports: wrong column size matomo-org/matomo#2591)
• a2e8e3a build(deps-dev): bump eslint-plugin-jsdoc from 34.7.0 to 34.8.1 (NoSQL support matomo-org/matomo#2592)
• 341b19d build(deps-dev): bump @ typescript-eslint/parser from 4.23.0 to 4.24.0 (more search engines treated as external sites matomo-org/matomo#2586)
• ad93c40 build(deps-dev): bump @ typescript-eslint/eslint-plugin (Bug: Weekly Goals fail both in overview and on details page matomo-org/matomo#2587)
• 0f4055f build(deps-dev): bump eslint-plugin-jsdoc from 34.6.3 to 34.7.0 (One day whose visits are not shown in evolution reports matomo-org/matomo#2588)
• 181486d build(deps-dev): bump eslint-plugin-jsdoc from 34.2.1 to 34.6.3 (UserAgentParser: Safari 5.1 unit tests matomo-org/matomo#2583)
• 530eeda build(deps-dev): bump eslint-plugin-jsdoc from 34.0.2 to 34.2.1 (UsersManager and SitesManager - add and update hooks matomo-org/matomo#2580)
• 8fd2eb7 build(deps-dev): bump @ types/semver from 7.3.5 to 7.3.6 (ZendFramework update 1.11.11 matomo-org/matomo#2581)
• ac46b9c build(deps-dev): bump @ commitlint/cli from 12.1.1 to 12.1.4 ("Mysqli prepare error" on idSite=0 matomo-org/matomo#2576)
• fa9d8bf build(deps-dev): bump @ types/lodash from 4.14.168 to 4.14.169 (Select user data that Piwik should collect matomo-org/matomo#2575)
• 7d00304 build(deps-dev): bump @ commitlint/config-angular from 12.1.1 to 12.1.4 (Call to undefined function imagecreatefrompng when generating PDF matomo-org/matomo#2577)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

[github-actions]

If you don't want this PR to be closed automatically in 28 days then you need to assign the label 'Do not close'.

[github-actions]

This PR was last updated more than one month ago, maybe it's time to close it. Please check if there is anything we still can do or close this PR. ping @matomo-org/core-reviewers