[Snyk] Upgrade pm2 from 5.2.0 to 5.3.0

[blinkhash]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade pm2 from 5.2.0 to 5.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2023-03-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-ASYNC-2441827	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-5537100	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772823	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-VM2-5772825	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-FASTJSONPATCH-3182961	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') SNYK-JS-VM2-5537079	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Arbitrary Command Injection SNYK-JS-SYSTEMINFORMATION-5914637	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Arbitrary Code Execution SNYK-JS-VM2-2990237	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Sandbox Bypass SNYK-JS-VM2-3018201	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5415299	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Sandbox Escape SNYK-JS-VM2-5422057	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Handling of Exceptional Conditions SNYK-JS-VM2-5426093	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: pm2

• 5.3.0 - 2023-03-15
  
  • fix: replace non-working condition that blocks flush from clearing the logs #5533 @ Sailboat265
  • fix: ESM script loader #5524 @ BlueWater86
• 5.2.2 - 2022-10-13
  
  • fix cluster error avoiding process restart (#5396)
  • ensure increment_var value is a number (#5435)
  • update dependencies
  • add node latest to travis testing
• 5.2.1 - 2022-10-13
• 5.2.0 - 2022-02-17
  
  • replace node-cron by croner (#5183 #5035)
  • upgrade mocha deps
  • fix pm2 report when daemon not running
  • remove semver check for legacy node.js versions
  • update node version in setup.deb.sh by using lts (#5201) + openrc
  • replace legacy util._extend by Object.assign (#5239)
  • add missing start options types (#5242)
  • recursive detection of package.json (#5267)
  • make tarball module uninstall cross-platform (#5269)
  • Fix unnecessary "ENOENT" console.error when serving a spa (#5272)
  • fix: used env variable instead of hardcode datetime format (#5277)
  • copyright update (#5278)
  • fix: remove constants import from VersionCheck (not needed) (#5279)
  • Reduce async import (#5280)

from pm2 GitHub release notes

Commit messages

Package name: pm2

• c7a84c2 pm2@5.3.0
• d61f139 Merge branch 'development'
• 1b5e0ab Merge pull request #5533 from Sailboat265/development-flush-patch
• 4cabf82 Merge pull request #5524 from BlueWater86/development
• 3a6b48d hotfix: replace non-working if-else condition to use fs.existsSync while handling flush
• ca36f30 Update ProcessContainer.js
• 5dbb561 Update .travis.yml
• 5e70845 pm2@5.2.2
• 5278057 Merge pull request #5456 from dko-slapdash/fix-large-id-erasure-in-pm2-list
• dcffe8d Merge branch 'development' of github.com:Unitech/pm2 into development
• 43b638d Merge pull request #5457 from JSKitty/development
• 0e2b65e fix other launch typos
• 6fe3179 fix cli launching typo
• e1e301f fix large id erasure in "pm2 list"
• d78f5ec pm2@5.2.1
• 09c5c52 add back 16/14/12 node.js versions
• 1dd1574 change php test dependency
• e13ab5c add dist:focal
• 7c472e2 try out node 18
• 7e2850e pm2@5.2.1
• fa16e17 Merge branch 'development' of github.com:Unitech/pm2 into development
• b3b2ca7 Merge pull request #5396 from TeamGuilded/restartonerror
• 8ef8fd2 Merge pull request #5435 from watsonian/master
• 5e4dcbf update deps

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (5d5011c) 99.54% compared to head (e8d9882) 99.54%.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #190   +/-   ##
=======================================
  Coverage   99.54%   99.54%           
=======================================
  Files          13       13           
  Lines        1324     1324           
  Branches      321      321           
=======================================
  Hits         1318     1318           
  Misses          5        5           
  Partials        1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.