[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: lerna

The new version differs by 183 commits.

• 4582c47 chore(release): v4.0.0
• 2d0a97a fix(version): Ensure --create-release environment variables are present during initialization
• 63f18ba test(version): Assert on mocked releases, not calls
• 1f17e0c chore(lerna): Set top-level package tag -> next
• 80a072e chore(lerna): Enable --temp-tag during publish
• e00779a chore: Add release script
• 255c2ea docs(version): Move changelogPreset examples
• 7acf883 Merge branch 'next' into 'main'
• c3814b5 test(child-process): Avoid windows bullshit
• 671ddef chore: Reset lockfile
• affed1c feat(deps): Bump dependencies
• 126676a chore(scripts): Support --no-install flag
• d8100fd feat(deps): execa@^5.0.0
• 187cd58 chore(deps): Bump devDependencies
• ce232c8 chore: remove volta pins, annoying
• d181863 chore: Bump volta pins
• 42ab453 feat(prompt): Remove ambiguous exports
• 4acff59 refactor: Synchronize import ChildProcessUtilities -> childProcess
• a02e12e refactor(test): Refactor mockPromptChoices() -> promptSelectOne.chooseBump()
• 69bb2e4 refactor: Decompose PromptUtilities namespace import
• a08bafb refactor(test): Use unambiguous mockPromptChoices() method
• 3c67f15 refactor: Migrate to unambiguous promptConfirmation()
• 5d05d95 refactor: Migrate to unambiguous promptSelectOne()
• e9237f3 refactor: Migrate to unambiguous promptTextInput()

See the full diff

Package name: mocha

The new version differs by 250 commits.

• e1194ab Release v8.3.0
• 9e75153 update CHANGELOG for v8.3.0 [ci skip]
• 6dd12be match supporter's properties with supporter.js (unable to catch "Invalid JSON RPC Response" exception web3/web3.js#4569)
• 9f2dd41 docs: add example of generating tests with a closure (4.x build analysis web3/web3.js#4494)
• 9122909 Adds BigInt support to stringify util function (Retrieving the private/ public key for a specific path from truffle/hdwallet-provider web3/web3.js#4112)
• 9878f32 Add file location when SyntaxError happens in ESM (Invalid gas check web3/web3.js#4557)
• 84d0c96 Deps: update workerpool (Update all the dependencies for the 4.x rewrite web3/web3.js#4566)
• 3c2f82f GH actions: purge-expired-artifacts.yml (Create web3-eth-contract package structure for the 4.x web3/web3.js#4565)
• 1a05ad7 chore(deps): upgrade all to latest stable (Improve formatParam to not mutate the input web3/web3.js#4556)
• c667d10 docs: fix javascript syntax errors (Consistent encoding/decoding of the parameters  web3/web3.js#4555)
• 6eb3c3c Update dependencies yargs and yargs-parser ([4.x] Tests for injected providers web3/web3.js#4543)
• 30d5b66 Fix workflow filter on pull-request event (Create web3-eth-ens package structure for the 4.x web3/web3.js#4550)
• 6bcb89e Improve CI tests workflow (Documentation update web3/web3.js#4547)
• c21a90f Fix present year in LICENSE (Typescript compile error web3/web3.js#4542)
• c3c976b fixes require path
• bc8ce05 add test for this.test.error() behavior in "after each" hooks
• 78a41d1 Add GH Actions workflow status badge (Init web3-eth web3/web3.js#4503)
• c6856ba add error code for test timeout errors
• 6d3fe26 add support for typescript-style docstrings
• 025fc2e run browser tests on GHA
• b1f26e2 handful of improvements to integration tests
• 59f31e3 fix typo in comment [ci skip]
• d1781b3 refactor collect-files to be a little more simple
• 185cada Release v8.2.1

See the full diff

Package name: nyc

The new version differs by 55 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (Update the Documentation of methods.myMethod.send web3/web3.js#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn (Parity compatibility web3/web3.js#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports (unlockaccount spawns many nodejs defunct processes web3/web3.js#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases (Dependency Error while installing Web3.js web3/web3.js#1240)
• f3c9e6c chore: Temporarily pin test-exclude (Confirmation of transaction each second  web3/web3.js#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (npm install web3 node-gyp permission denied web3/web3.js#1232)
• 7307626 chore: Remove cp-file module (web3.eth.gasPrice is returning incorrect value web3/web3.js#1230)
• dfd629d fix: Better error handling for main execution, reporting (1.0.0-beta.20 fails when using within serverless framework web3/web3.js#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir (Extends HttpProvider with custom http headers web3/web3.js#1228)
• a1dee03 chore: Update yargs (Adds checksum isAddress() test cases web3/web3.js#1224)
• 8078a79 chore: Fix 404 in README.md. (web3.eth.personal.sign gives error Unhandled rejection Error: Returned error: Method not found web3/web3.js#1220)
• 7a02cb7 chore: Add enterprise language (Pass config object to WebSocketClient web3/web3.js#1217)
• ea94c7f chore: Remove unused functions (web3.js always returns invalid JSON RPC response web3/web3.js#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README (web3-core-requestmanager: Use sendAsync when available in sendBatch web3/web3.js#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files (sendTransaction/sendSignedTransaction does not return tx hash on error web3/web3.js#1216)
• f890360 docs: Fix URL to default excludes in README.md (fix: make signTransaction return a promise, fixes #1213 web3/web3.js#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps (web3-bzz has es6 depedencies which don't work with old nodejs versions web3/web3.js#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers (web3 is undefined in server/lib/lib.js - Web3@1.0.0 -Meteor web3/web3.js#1198)
• cc77e13 chore: Add `use strict` to all except fixtures (Property 'sendRawTransaction, gasPrice,fromWei,toHex' does not exist on type 'Eth' or Web3 in web3 1.0.0-beta.26 web3/web3.js#1197)
• bcbe1df chore: Update dependencies (empty string handling for asciiToHex web3/web3.js#1196)
• 2735ee2 chore: 100% coverage (subscribe(“logs”) don't support address list? web3/web3.js#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup (Efficient way to get multiple blocks / transactions? web3/web3.js#1194)

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (estimateGas for ERC20 contract doesn't work web3/web3.js#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (is there a release process? what's the current version ? web3/web3.js#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (no value retuned for transaction? web3/web3.js#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Cannot use uppercase address in isAddress web3/web3.js#1256)
• 7a5b33d feat(webpack-cli): added mode argument ("Provider not set or invalid." Error after transition from 1.0.0-beta.24 to 1.0.0-beta.27 web3/web3.js#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (Checks input type string to avoid confusing error web3/web3.js#1254)
• a7cba2f chore: project maintanance and typescript fix (Error accessing accounts web3/web3.js#1247)
• 7748472 chore: ignore package-lock.json and remove its references ([1.0] sendTransaction not timing out as expected web3/web3.js#1252)
• a014aa7 docs: fix supported arguments & commands link in README (fix typo web3/web3.js#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (change crypto library reference web3/web3.js#1238)
• 6cc6a49 chore: post refactor CLI (Fixe web3.eth.accounts encrypt/decrypt lib web3/web3.js#1237)
• 358651e chore: move cli under lerna package (web3 folder is blank while installing web3 using npm install web3@1.0.0 beta.16 web3/web3.js#1225)
• 2dc495a fix(init): fix webpack config scaffold (update dependencies to ones without potential security issues web3/web3.js#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (Ethereum transaction doesn't apear in blockchain. web3/web3.js#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (npm install web3 node-gyp permission denied web3/web3.js#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (Serverless.com offline mode: Error: Cannot find module web3-requestManager web3/web3.js#1234)
• 35d1381 tests(generator): enable init generator test (Uncaught ReferenceError: Web3 is not defined web3/web3.js#1233)
• 66cdcb6 chore(generator): remove transpiled tests (1.0.0-beta.20 fails when using within serverless framework web3/web3.js#1229)
• f29a170 fix(init): fix the invalid package name (Extends HttpProvider with custom http headers web3/web3.js#1228)
• 8c3a66d chore(cli): updated changelog of v3 (Adds checksum isAddress() test cases web3/web3.js#1224)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic