[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/pify/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ava

The new version differs by 250 commits.

• b4cfc8d 3.0.0
• 776788f Ship v3 🎉
• 0d11ff7 More issue template tweaks
• 9983976 Update various contributing documents and GitHub configuration
• 5a33572 Fix fail-fast interrupt test
• 61e0d05 Fix VSCode debugging instructions
• 630aac3 Fix remaining AVA link
• 5c8bcec Fix AVA link in snapshot reports
• 7b20f6c Allow Node arguments to be configured
• ad27246 3.0.0-beta.2
• ae948d8 Lowercase CLI argument description asides
• ac8c852 Update dependencies
• 2bd890f Disable timeouts in debug mode
• 15d73ca Make console & process globals available to ava.config.js files
• efa8635 Fix patterns and unpin picomatch
• 580705e Fix --update-snapshots
• cf26b6d Ensure t.assert() counts as a passed assertion
• 82cef5c Add Selenium WebDriverJS recipe
• 090884b Use question mark to indicate optional argument in docs
• 7c352db 3.0.0-beta.1
• 66dd09f Rebuild package-lock
• f02ac7a Install latest @ ava/babel
• 8bdcf8b Anticipate asynchronous loads
• e919b40 Pass extensions to load as modules to Babel provider

See the full diff

Package name: xo

The new version differs by 192 commits.

• ab16df2 0.42.0
• de55a03 Upgrade dependencies
• 34800b7 Upgrade `globby` ([Snyk] Fix for 1 vulnerabilities #574)
• f81e933 Re-enable `import/newline-after-import` rule
• 47af93e 0.41.0
• af93e79 Upgrade dependencies
• 0733cc5 Fix code style ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #570)
• ab17a3c Lint `.cjs` files in codebase ([Snyk] Fix for 1 vulnerabilities #569)
• 0a752c7 Update dependencies ([Snyk] Security upgrade eslint from 6.8.0 to 7.0.0 #568)
• 41c8f39 Convert project to module ([Snyk] Fix for 1 vulnerabilities #566)
• b3c5e15 Fix typo ([Snyk] Fix for 1 vulnerabilities #567)
• 2ef9f22 Prevent the `useEslintrc` option from being used ([Snyk] Fix for 1 vulnerabilities #565)
• 41f0484 0.40.3
• 374dd73 Support `xo.config.cjs` and `.xo-config.cjs` ([Snyk] Fix for 1 vulnerabilities #561)
• 3e7b77c Remove some needless imports ([Snyk] Fix for 1 vulnerabilities #560)
• 6adf459 Remove `update-notifier`
• b6389ef 0.40.2
• 7ace6e5 Fix handling of `parserOptions` for TypeScript ([Snyk] Fix for 1 vulnerabilities #557)
• 7629ce0 0.40.1
• d2c5750 Properly resolve base config ([Snyk] Fix for 1 vulnerabilities #545)
• e9c96a1 Properly handle `parserOptions` ([Snyk] Fix for 1 vulnerabilities #544)
• 8e1801c Avoid destructuring and just build the expected object once ([Snyk] Fix for 1 vulnerabilities #538)
• 4cfdc72 Fix CI
• 56be018 0.40.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution