[Snyk] Fix for 1 vulnerabilities

[popomore]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: bin-links

The new version differs by 27 commits.

• 9288589 chore: release 4.0.0 (feat: link root packages to storeDir/node_modules #53)
• 4f4c58c feat: do not alter file ownership (feat: support ignore-scripts #59)
• decf1c0 chore: postinstall for dependabot template-oss PR
• 11ed9cf chore: bump @ npmcli/template-oss from 4.4.4 to 4.5.1
• 6253529 chore: postinstall for dependabot template-oss PR
• fecbd8a chore: bump @ npmcli/template-oss from 4.3.2 to 4.4.4
• 36b2668 feat!: postinstall for dependabot template-oss PR
• 527942a chore: bump @ npmcli/template-oss from 3.5.0 to 4.3.2
• 947697c chore(main): release 3.0.3 (Not working on repo with commit hash #51)
• 3ffe1e9 deps: bump npm-normalize-package-bin from 1.0.1 to 2.0.0 (fix: try to fix the max satisfy version (n.x) in grandfather's deps #50)
• a9e0009 chore(main): release 3.0.2 (Find the max satisfy version (n.x) in grandfather's deps #49)
• 163f021 fix: linting (fix: fsevents use binary-mirror-config too #48)
• df2d8e8 chore: bump @ npmcli/template-oss from 3.4.2 to 3.4.3 (feat: Auto set China mirror for prebuild binary packages #47)
• 8c3bafc chore: postinstall for dependabot template-oss PR
• 59612f6 chore: bump @ npmcli/template-oss from 3.4.1 to 3.4.2
• b0561df chore: bump @ npmcli/template-oss from 3.2.2 to 3.4.1 (Support prebuild mirrors config #45)
• 58fa8e8 chore: bump tap from 15.2.3 to 16.0.1 (fix: add _from, _resolved back to package.json #43)
• 492a1be chore(main): release 3.0.1 (missing meta in package.json #42)
• 5d01244 fix: remove unsafe regex
• 847964e chore: postinstall for dependabot template-oss PR
• 02a7cb7 chore: bump @ npmcli/template-oss from 2.9.2 to 3.2.2
• 56dbfa0 fix: replace deprecated String.prototype.substr() (fix: add prepublish script after postinstall #38)
• 24a1f3c deps: bump cmd-shim from 4.1.0 to 5.0.0 (fix: support shortcut install options #39)
• 36a652f deps: bump read-cmd-shim from 2.0.0 to 3.0.0 (fix: install package@tag -g should work #40)

See the full diff

Package name: node-gyp

The new version differs by 27 commits.

• 9acb4c7 chore: release 10.0.0
• 3032e10 chore: run tests after release please PR
• 864a979 feat!: use .npmignore file to limit which files are published (#2921)
• 4e493d4 chore: misc testing fixes (#2930)
• d52997e feat: convert internal classes from util.inherits to classes
• 355622f feat: convert all internal functions to async/await
• 1b3bd34 feat!: drop node 14 support (#2929)
• e388255 deps: which@4.0.0 (#2928)
• 059bb6f deps: make-fetch-happen@13.0.0 (#2927)
• 4bef1ec deps: glob@10.3.10 (#2926)
• 21a7249 chore: add check engines script to CI (#2922)
• 707927c feat(gyp): update gyp to v0.16.1 (#2923)
• d644ce4 docs: update applicable GitHub links from master to main (#2843)
• 4a50fe3 chore: empty commit to add changelog entries from #2770
• 26683e9 chore: GitHub Workflows security hardening (#2740)
• 91fd8ff Python lint: ruff --format is now --output-format
• b3d41ae doc: Add note about Python symlinks (PR 2362) to CHANGELOG.md for 9.1.0 (#2783)
• 5746691 test: update expired certs (#2908)
• d3615c6 Fix incorrect Xcode casing in README (#2896)
• bb93b94 docs: README.md Do not hardcode the supported versions of Python (#2880)
• 0f1f667 fix: create Python symlink only during builds, and clean it up after (#2721)
• 445c28f test: increase mocha timeout (#2887)
• 1bfb083 Fix Python lint error by using an f-string (#2886)
• c9caa2e docs: Update windows installation instructions in README.md (#2882)

See the full diff

Package name: pacote

The new version differs by 27 commits.

• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0
• 9fa2de9 chore: release 17.0.0
• e9e964b deps: bump read-package-json from 6.0.4 to 7.0.0
• f69d844 chore: hosted-git-info@7.0.0
• 5d26500 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c deps: bump @ npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 deps: bump cacache from 17.1.4 to 18.0.0
• 2db2fb5 fix: drop node 16.13.x support
• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support (fix: show every runscript log before run it #290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (dee32a1) 91.11% compared to head (bb1a077) 91.03%.
Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #470      +/-   ##
==========================================
- Coverage   91.11%   91.03%   -0.09%     
==========================================
  Files          31       31              
  Lines        4828     4828              
  Branches      958      953       -5     
==========================================
- Hits         4399     4395       -4     
- Misses        429      433       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.