[Snyk] Security upgrade yeoman-generator from 4.13.0 to 5.0.0

[m-ajay]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • superset-frontend/packages/generator-superset/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: yeoman-generator

The new version differs by 97 commits.

• aad5fac 5.0.0
• 4f4a802 Add transform to expected priority.
• 57d240c Remove only from test.
• 812751f Lint fix
• 33d050f Implement getFeatures for singleton support.
• 99ac2c5 Add transform priority.
• 5136342 Bump peter-evans/create-pull-request from v3.8.0 to v3.8.2 ([SQLLab] Fix the usage of Redux DevTools Enhancer apache/superset#1278)
• fa408bd Bump actions/stale from v3.0.15 to v3.0.16 ([explore v2] add scrollbar in control panels container apache/superset#1275)
• d7103f3 Drop reference from yeoman-test repository
• b36f294 Bump yeoman-environment to 3.0.0-rc.1
• ee0d1ad Hide shared options and drop support for kebab case options.
• 310f72d Fix spawn destinationRoot.
• 8f4afe9 Switch composeWith to use environment.
• e9d0a15 Remove support for chainning at composeWith.
• c2245e1 Switch from node 10 to 12 at Travis.
• 5be7b07 5.0.0-rc.0
• 8a448b4 Bump yeoman-environment to 3.0.0-rc.0
• 6d6c4b0 Changes to queueTransformStream
• 632d60d Add option to skip parsing options.
• 7050e53 Pass destinationRoot to spawn-command by default.
• 097cd20 Implement package-json mixin.
• 52c90a2 Add merge support to Storage.
• f4336d9 5.0.0-beta.1
• 1952724 Change version to 5.0.0-beta.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Remote Code Execution (RCE)
🦉 Arbitrary Code Injection