[Snyk] Fix for 2 vulnerabilities

[adamlaska]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/common/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-jest

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (#8850)
• 7594141 chore: upgrade to eslint@6 (#8855)
• b33ce0d chore: upgrade to micromatch v4 (#8852)
• d6ff72a chore: add node 12 to CI (fix: notification bubble codesandbox/codesandbox-client#8411)
• 7e9b4ea chore: upgrade jsdom (#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (feat: add codeium in featured templates codesandbox/codesandbox-client#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
• d523fa8 bug.md: highlights placeholder should be removed (#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (fix: show upgrade button only for admins  codesandbox/codesandbox-client#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
• 012472b fix(docs): Update broken links in docs. (#8847)
• ee2bea1 chore: sort member in imports (#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
• e76c7da docs: update matchMedia methods (#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Package name: jest

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (#8850)
• 7594141 chore: upgrade to eslint@6 (#8855)
• b33ce0d chore: upgrade to micromatch v4 (#8852)
• d6ff72a chore: add node 12 to CI (fix: notification bubble codesandbox/codesandbox-client#8411)
• 7e9b4ea chore: upgrade jsdom (#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (feat: add codeium in featured templates codesandbox/codesandbox-client#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
• d523fa8 bug.md: highlights placeholder should be removed (#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (fix: show upgrade button only for admins  codesandbox/codesandbox-client#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
• 012472b fix(docs): Update broken links in docs. (#8847)
• ee2bea1 chore: sort member in imports (#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
• e76c7da docs: update matchMedia methods (#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/compat-data@7.24.4	None	0	65.2 kB	nicolo-ribaudo
npm/@babel/helper-hoist-variables@7.22.5	None	0	7.03 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.23.5	None	0	11.7 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-async-generators@7.8.4	None	0	2.52 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-bigint@7.8.3	None	0	2.42 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-import-meta@7.10.4	None	0	2.56 kB	jlhwung
npm/@babel/plugin-syntax-json-strings@7.8.3	None	0	2.58 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-nullish-coalescing-operator@7.8.3	None	0	2.63 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-object-rest-spread@7.8.3	None	0	2.53 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-optional-catch-binding@7.8.3	None	0	2.57 kB	nicolo-ribaudo
npm/@babel/plugin-syntax-optional-chaining@7.8.3	None	0	2.52 kB	nicolo-ribaudo
npm/@bcoe/v8-coverage@0.2.3	None	0	277 kB	bcoe
npm/@types/estree@1.0.5	None	0	25.7 kB	types
npm/@webassemblyjs/floating-point-hex-parser@1.11.6	None	0	5.14 kB	xtuc
npm/@webassemblyjs/helper-api-error@1.11.6	None	0	5.4 kB	xtuc
npm/@webassemblyjs/helper-buffer@1.12.1	None	0	10.8 kB	xtuc
npm/@webassemblyjs/helper-wasm-bytecode@1.11.6	None	0	16 kB	xtuc
npm/@webassemblyjs/utf8@1.11.6	None	0	7.31 kB	xtuc
npm/@xtuc/long@4.2.2	None	0	190 kB	xtuc
npm/ajv@6.12.6	eval	0	929 kB	esp
npm/any-promise@1.3.0	None	0	22.2 kB	kevinbeaty
npm/array-slice@1.1.0	None	0	6.26 kB	jonschlinkert
npm/big.js@5.2.2	None	0	63.9 kB	mikemcl
npm/bluebird@3.7.2	environment, eval, unsafe	0	632 kB	esailija
npm/browserify-aes@1.2.0	None	+1	34.6 kB	cwmma
npm/call-bind@1.0.2	None	0	14.7 kB	ljharb
npm/cipher-base@1.0.4	None	0	7.95 kB	cwmma
npm/combined-stream@1.0.8	None	0	11.5 kB	alexindigo
npm/console-control-strings@1.1.0	None	0	12.7 kB	iarna
npm/constants-browserify@1.0.0	None	0	7.46 kB	juliangruber
npm/create-hash@1.2.0	None	+1	12.9 kB	cwmma
npm/create-hmac@1.1.7	None	0	5.81 kB	cwmma
npm/damerau-levenshtein@1.0.8	None	0	11.8 kB	lazurski
npm/deepmerge@4.2.2	None	0	30.1 kB	tehshrike
npm/electron-to-chromium@1.4.777	None	0	290 kB	kilianvalkhof
npm/emoji-regex@9.2.2	None	0	97.9 kB	google-wombot
npm/encodeurl@1.0.2	None	0	7.86 kB	dougwilson
npm/es6-promise@4.2.8	None	0	315 kB	stefanpenner
npm/eslint-scope@5.1.1	None	0	78.4 kB	eslintbot
npm/esrecurse@4.3.0	None	0	13.5 kB	michaelficarra
npm/estraverse@4.3.0	None	0	36.3 kB	michaelficarra
npm/esutils@2.0.3	None	0	50.6 kB	michaelficarra
npm/evp_bytestokey@1.0.3	None	+1	12.8 kB	dcousens
npm/expand-tilde@2.0.2	None	0	6.59 kB	doowb
npm/form-data@2.3.3	filesystem, network	0	119 kB	alexindigo
npm/functions-have-names@1.2.3	None	0	16.7 kB	ljharb
npm/gensync@1.0.0-beta.2	None	0	28.9 kB	loganfsmyth
npm/globals@11.12.0	None	0	39.8 kB	sindresorhus
npm/has-bigints@1.0.2	None	0	12.8 kB	ljharb
npm/has-unicode@2.0.1	environment	0	3.44 kB	iarna
npm/hash.js@1.1.7	None	0	41.7 kB	indutny
npm/homedir-polyfill@1.0.3	environment, filesystem	+1	14 kB	doowb
npm/https-browserify@1.0.0	network	0	2.79 kB	feross
npm/infer-owner@1.0.4	filesystem	0	4.29 kB	isaacs
npm/inherits@2.0.4	None	0	3.96 kB	isaacs
npm/invariant@2.2.4	None	0	7.64 kB	zertosh
npm/is-bigint@1.0.4	None	0	14.8 kB	ljharb
npm/is-boolean-object@1.1.2	None	0	22.1 kB	ljharb
npm/is-fullwidth-code-point@3.0.0	None	0	4.99 kB	sindresorhus
npm/is-number-object@1.0.7	None	0	22.2 kB	ljharb
npm/is-wsl@2.2.0	environment, filesystem	0	3.76 kB	sindresorhus
npm/jsonstream@1.3.5	None	+1	36.8 kB
npm/leven@3.1.0	None	0	5.34 kB	sindresorhus
npm/loader-runner@4.3.0	eval, filesystem	0	18.4 kB	sokra
npm/loose-envify@1.4.0	environment	0	5.81 kB	zertosh
npm/map-age-cleaner@0.1.3	None	+1	11.3 kB	samverschueren
npm/merge-stream@2.0.0	None	0	4.31 kB	stevemao
npm/minimalistic-assert@1.0.1	None	0	1.55 kB	cwmma
npm/minimalistic-crypto-utils@1.0.1	None	0	4.76 kB	indutny
npm/node-releases@2.0.14	None	0	34 kB	chicoxyzzy
npm/nopt@3.0.6	environment	0	31.3 kB	othiym23
npm/nullthrows@1.1.1	None	0	2.84 kB	zertosh
npm/oauth-sign@0.9.0	None	0	13.8 kB	simov
npm/open@7.4.2	environment, filesystem, shell	0	41.9 kB	sindresorhus
npm/osenv@0.1.5	environment, shell	0	4.89 kB	isaacs
npm/p-is-promise@2.1.0	None	0	3.57 kB	sindresorhus
npm/p-try@2.2.0	None	0	4.37 kB	sindresorhus
npm/parse-filepath@1.0.2	None	+2	18.1 kB	phated
npm/pify@4.0.1	None	0	7.23 kB	sindresorhus
npm/process-nextick-args@2.0.1	None	0	3.17 kB	cwmma
npm/qs@6.5.2	None	0	114 kB	ljharb
npm/querystring-es3@0.2.1	None	0	16.1 kB	spaintrain
npm/querystring@0.2.0	None	0	33.3 kB	gozala
npm/react-is@16.13.1	environment	0	24 kB	acdlite
npm/react-lifecycles-compat@3.0.4	None	0	29 kB	brianvaughn
npm/resolve-dir@1.0.1	None	0	6.29 kB	phated
npm/resolve-from@4.0.0	filesystem, unsafe	0	4.64 kB	sindresorhus
npm/rimraf@2.7.1	filesystem	0	15.5 kB	isaacs
npm/ripemd160@2.0.2	None	0	9.79 kB	dcousens
npm/run-async@2.4.1	None	0	6.6 kB	sboudrias
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/set-blocking@2.0.0	None	0	4.22 kB	bcoe
npm/setimmediate@1.0.5	None	0	8.56 kB	domenic
npm/sha.js@2.4.11	None	0	31.1 kB	dcousens
npm/source-map@0.5.7	None	0	766 kB	tromey
npm/sprintf-js@1.0.3	None	0	34.8 kB	alexei
npm/string_decoder@1.3.0	None	0	14.4 kB	matteo.collina
npm/text-table@0.2.0	None	0	11 kB	substack
npm/through2@2.0.5	None	0	9.65 kB	rvagg
npm/typedarray@0.0.6	None	0	26 kB	substack
npm/unc-path-regex@0.1.2	None	0	4.93 kB	tunnckocore
npm/universalify@0.1.2	None	0	4.71 kB	ryanzim
npm/uuid@3.4.0	None	0	34.3 kB	ctavan
npm/valid-url@1.0.9	None	0	17.2 kB	odysseas
npm/wcwidth@1.0.1	None	0	14.2 kB	timoxley
npm/webpack-sources@3.2.3	None	0	91.3 kB	sokra
npm/which-boxed-primitive@1.0.2	None	0	15 kB	ljharb
npm/which@2.0.2	environment	0	9.97 kB	isaacs
npm/xtend@4.0.2	None	0	6.46 kB	raynos
npm/yauzl@2.10.0	filesystem	+1	96 kB	thejoshwolfe

🚮 Removed packages: npm/@babel/code-frame@7.10.4, npm/@babel/parser@7.10.5, npm/@babel/traverse@7.10.5, npm/@babel/types@7.10.5, npm/@prettier/plugin-pug@1.6.1, npm/@starptech/prettyhtml@0.10.0, npm/@types/eslint-scope@3.7.0, npm/@types/eslint-visitor-keys@1.0.0, npm/@types/eslint@7.2.2, npm/@types/glob@7.1.3, npm/@types/js-beautify@1.11.0, npm/@types/json-schema@7.0.5, npm/@types/lodash@4.14.161, npm/@types/mocha@8.0.3, npm/@types/node@14.11.1, npm/@types/prettier@2.1.1, npm/@types/read-pkg-up@6.0.0, npm/@types/resolve@1.17.1, npm/@types/unist@2.0.3, npm/acorn@7.4.0, npm/ajv@6.12.0, npm/ansi-colors@4.1.1, npm/anymatch@3.1.1, npm/bootstrap-vue-helper-json@1.1.1, npm/braces@3.0.2, npm/ccount@1.0.4, npm/chalk@4.1.0, npm/codecov@3.7.2, npm/collapse-white-space@1.0.5, npm/commander@2.19.0, npm/core-js@3.6.5, npm/cross-spawn@7.0.3, npm/debug@4.1.1, npm/decamelize-keys@1.1.0, npm/define-properties@1.1.3, npm/element-helper-json@2.0.6, npm/es-abstract@1.17.6, npm/eslint-plugin-vue@7.0.0-beta.3, npm/eslint-scope@5.1.0, npm/eslint-utils@2.1.0, npm/eslint@7.9.0, npm/esquery@1.3.1, npm/estraverse@4.2.0, npm/extend-shallow@3.0.2, npm/find-up@2.1.0, npm/fsevents@2.1.3, npm/get-value@2.0.6, npm/glob-parent@5.1.1, npm/glob@7.1.6, npm/graceful-fs@4.1.15, npm/gridsome-helper-json@1.0.3, npm/has-symbols@1.0.1, npm/hast-util-has-property@1.0.3, npm/hast-util-is-element@1.0.3, npm/ini@1.3.5, npm/is-binary-path@2.1.0, npm/is-callable@1.2.0, npm/is-decimal@1.0.3, npm/is-descriptor@1.0.2, npm/is-glob@4.0.1, npm/is-hidden@1.1.2, npm/is-regex@1.1.0, npm/is-string@1.0.5, npm/istanbul-lib-coverage@3.0.0, npm/js-beautify@1.13.0, npm/js-yaml@3.13.1, npm/json5@2.1.3, npm/kind-of@6.0.2, npm/levn@0.4.1, npm/lodash.assign@4.2.0, npm/lodash@4.17.20, npm/lru-cache@4.1.5, npm/make-dir@3.1.0, npm/mkdirp@1.0.4, npm/mocha@8.1.3, npm/normalize-package-data@2.5.0, npm/nuxt-helper-json@1.0.0, npm/nyc@15.1.0, npm/object.assign@4.1.0, npm/parse-gitignore@1.0.1, npm/picomatch@2.2.1, npm/prettier-eslint@11.0.0, npm/prettier-tslint@0.4.2, npm/prettier@2.1.2, npm/rc@1.2.8, npm/read-pkg-up@7.0.1, npm/readdirp@3.4.0, npm/regex-not@1.0.2, npm/resolve@1.17.0

View full report↗︎