[Snyk] Security upgrade @twilio/flex-plugin-scripts from 6.0.2 to 6.4.0

[twilio-product-security]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	167/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00055, Social Trends: No, Days since published: 206, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.36, Score Version: V5	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	No	Proof of Concept
	67/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 156, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.83, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	No	Proof of Concept
	125/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 134, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.08, Score Version: V5	Prototype Pollution SNYK-JS-AXIOS-6144788	No	No Known Exploit
	124/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 5, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.06, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	No	No Known Exploit
	115/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 825, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.92, Score Version: V5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @twilio/flex-plugin-scripts

The new version differs by 250 commits.

• 2318777 v6.4.0
• 0396b85 Merge pull request #985 from twilio/refactor-plugins-api-client-v2
• d1e2ad4 Updated v6 changelog
• 37e7984 Updated v6 changelog
• 345b195 Merge branch 'refactor-plugins-api-client' of github.com:twilio/flex-plugin-builder into refactor-plugins-api-client-v2
• b17f9fc Fixed type
• dd1a08c Merged snyk upgrades
• a3172b0 updated flex-plugins-api-client to integrate the latest flex plugins api spec
• 653fe7d fixed e2e
• c35c8d6 updated gh workflow to use fixed alpha version for e2e
• d94fcb8 Fixed e2e
• 5538618 Refactored flex-plugin-api-client to work in browser env
• b65b526 remove skip-npm (#979)
• 58cb2fd add push (#976)
• f15ec27 v6.3.3 Fixed package and package-lock for all the packages (#975)
• 52254f7 Merge pull request #974 from twilio/bump-version-6.3.3
• 46ae615 Updating version
• ecf9390 Updated publish script (#973)
• 427dcda Fix for loading remote plugins in localhost (#969)
• 6e2179d Merge pull request #962 from twilio/create-pr
• 83c4301 Merge branch 'main' into create-pr
• 4a982a0 remove extra fow
• 5bd0f2c Fix E2E - submit login password API change (#964)
• 7953ff9 Cleaned up changelog (#963)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution