[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • syft/pkg/cataloger/javascript/test-fixtures/pkg-json/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: npm-audit-report

The new version differs by 6 commits.

• 5ca3209 2.0.0
• afe44c6 force color support in CI
• 1148a75 Version 2 rewrite for Arborist audit data
• 5102576 simplify test fixture handling
• e179501 Update project settings to new standards
• 620842a feat: make this method synchronous

See the full diff

Package name: standard

The new version differs by 250 commits.

• 866a666 package metadata
• 34a39d2 update authors
• 5a63a03 15.0.0
• 36cbcd8 changelog
• ab0e7a5 update deps
• 3d0ea44 eslint-config-standard-jsx 9.0.0
• 8c0513a eslint-config-standard 15.0.0
• c8c255c changelog
• 1af9b8a use "Indonesian" since it's the language name
• c0fd567 remove sponsor link
• b926ce2 remove spammy standard user link
• 1cc9df7 changelog
• 8e06e4f hallmark 3
• e4c002a bump deps
• 8bdade1 Merge pull request Support for Luarocks anchore/syft#1516 from pikadun/patch-1
• 0c27f99 Merge pull request Support for multiple image refs of same sha in OCI layout anchore/syft#1544 from yoga1234/master
• 59b03fb Merge pull request Simplify CI pipeline anchore/syft#1461 from munierujp/update_japanese_docs
• fd72454 Merge pull request Support for application/vnd.oci.image.index.v1+json manifests in root OCI layout anchore/syft#1545 from logustra/add-jublia-to-users
• 1de7656 Merge pull request Links anchore/syft#1547 from kidonng/patch-1
• 6558034 add 14.3.4 changelog
• e1fa03e Update eslint to 7.11.0
• 4a0e8b0 changelog
• 4a84e61 remove weird whitespace
• 523f004 Merge pull request Export specific format versions (SPDX) anchore/syft#1519 from standard/eslint7

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: update-notifier

The new version differs by 23 commits.

• adf7803 4.0.0
• fb5161c Remove the `callback` option (Fix acceptance tests anchore/syft#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (remove accessing tag when not available anchore/syft#174)
• ccaf686 Update dependencies
• b1525e6 Disable when `NODE_ENV` is `test` (port over shell completion w/ cobra from grype, find/replace, etc. anchore/syft#173)
• bf73119 Fix install command for npm global (Use xml encoder for CycloneDX presenter anchore/syft#165)
• 592b025 3.0.1
• f8b4e60 Update Travis matrix
• a6d6b49 Update URL to TTY (Test against CycloneDX schemas anchore/syft#163)
• f9d168a Remove object spread to support node >=8.0.0 <8.6.0 (Add package URL support to the CycloneDX presenter anchore/syft#164)
• 1712928 Tidelift tasks
• 72f83d1 Create funding.yml
• a7bb3ee 3.0.0
• ad8ed1b Suggest yarn when installed with yarn (Document release process anchore/syft#132)
• 5f06620 Exit the update check process if it does not respond after 30s (Acceptances tests not indicating failures anchore/syft#156)
• 79e89ad Fix failing test (Extend CycloneDX presenter with dependency graph anchore/syft#155)
• c8faa84 Add `distTag` option (improve capture regex in setup.py cataloger anchore/syft#151)
• 14632e4 Add failing test for Add release process docs anchore/syft#153 (Extend cycloneDX presenters with syft-specific values anchore/syft#154)
• aafd8a0 Require Node.js 8
• 0d49f51 Add Tidelift mention in the readme
• 8df01b3 Fix docs position of `shouldNotifyInNpmScript` (Add documentation around catalogers, UI elements, and the event bus anchore/syft#143)
• d371834 Docs: isGlobal option does not default to true (cmd: allow no args passed, don't error anchore/syft#142)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[pull-request-quantifier-deprecated]

This PR has 10 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +5 -5
Percentile : 4%

Total files changed: 1

Change summary by file extension:
.json : +5 -5

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.