[Snyk] Fix for 29 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • script/package.json
  • script/package-lock.json
  • script/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2421199	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-SIMPLEGIT-2434306	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-1585622	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-460283	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-chromedriver

The new version differs by 46 commits.

• a23c983 chore: update version to v21.0.0
• 0ac5c76 chore(deps): Bump got and @ electron/get ([Snyk] Security upgrade atom-package-manager from 2.5.2 to 2.6.3 #102)
• 1fe2c99 chore: fix release workflow
• afd10d3 build: update Xcode image on CircleCI ([Snyk] Security upgrade stylelint from 9.3.0 to 9.4.0 #100)
• 99b5a6a chore: update version to v20.0.0
• a2bb9c6 build: add npm publish step to release workflow ([Snyk] Security upgrade yargs from 4.8.1 to 13.2.4 #99)
• 4831462 build: run tests before releasing
• d51fcaa chore: add release update action ([Snyk] Fix for 1 vulnerabilities #98)
• c27d694 chore: update to v19.0.0 ([Snyk] Fix for 1 vulnerabilities #97)
• d136e7c chore: update package-lock.json
• 0871077 chore: add semantic commit action
• f2c1267 chore(deps): Bump minimist from 1.2.5 to 1.2.6 ([Snyk] Security upgrade yargs from 4.8.1 to 7.0.0 #96)
• 42bf5fe chore(deps): Bump ansi-regex from 3.0.0 to 3.0.1 ([Snyk] Security upgrade yargs from 4.8.1 to 7.0.0 #95)
• 9bf997a chore: bump to 18.0.0 (⬆️ Bump async from 2.0.1 to 2.6.4 in /script #94)
• 85a0ed1 chore(deps): Bump ajv from 6.10.2 to 6.12.6 (⬆️ Bump simple-git from 2.11.0 to 3.5.0 in /script #93)
• 1e78180 chore: update to v17.0.0 (⬆️ Bump moment from 2.24.0 to 2.29.2 #92)
• e68d020 Merge pull request [Snyk] Security upgrade atom-package-manager from 2.5.2 to 2.6.2 #91 from electron/v16.0.0
• 9e8451c feat: update to v16.0.0
• d6c86d1 Merge pull request [Snyk] Security upgrade async from 3.2.0 to 3.2.2 #89 from electron/v15.0.0
• 4337f07 chore: bump to v15.0.0
• 94f0d4b Merge pull request [Snyk] Security upgrade simple-git from 2.11.0 to 3.5.0 #88 from lesha1201/chore/bump-to-15
• df9d838 chore: bump to 15.0.0
• 3ef0ef2 Merge pull request [Snyk] Security upgrade mkdirp from 0.5.1 to 0.5.2 #87 from electron/14.0.0-bump
• 21c4064 chore: bump to 14.0.0

See the full diff

Package name: electron-packager

The new version differs by 89 commits.

• 9124e28 16.0.0
• 88e8173 docs: Update NEWS.md
• 5c0102a fix: properly import info logger (Handle EACCES errors when saving an editor atom/atom#1405)
• 0d692d7 feat!: upgrade Node.js to 14 LTS (Panes stick around when they shouldnt atom/atom#1399)
• a723fa8 build: bump got to 2.0.0 (Select an indented line of text by placing your cursor at the beginning of the line and pressing the atom/atom#1397)
• 8a86df2 15.5.2
• c7ecd1c docs: update NEWS.md
• 1baed70 chore: remove node 10 job (Speed up keymap loading atom/atom#1403)
• 7c01d6f revert: "feat!: upgrade Node.js to 14 LTS (text atom/atom#1393)" (Show low disk space errors when running CI atom/atom#1398)
• b0f27bc fix: ignore node_gyp_bins if it exists (pacman atom/atom#1391)
• a6db65f chore: bump fs-extra from 9.1.0 to 10.1.0 (If I right-click on an item in Atom that has a context menu (like a file in the tree view) I can atom/atom#1358)
• 7dcaf44 chore(deps): bump yargs-parser from 20.2.9 to 21.1.1 (pacman atom/atom#1395)
• c6b4c78 feat!: upgrade Node.js to 14 LTS (text atom/atom#1393)
• e147b5e docs: update SUPPORT.md
• a65eb75 fix: package should not log info on --quiet flag (Atom keeps freezing. When it does, atom renderer is at nearly 100% cpu in activity monitor. atom/atom#1361)
• 4c6c88f chore: bump sinon from 13.0.2 to 14.0.0 (who wants to live forever atom/atom#1364)
• 49c726d 15.5.1
• 49e74d7 docs: update NEWS.md
• 6845866 fix: build universal packages sequentially and allow hooks to return error in TS (Can’t Rename a file by only changing the case of the filename atom/atom#1359)
• efc2ae6 15.5.0
• 73d2ffa docs: update NEWS.md
• c6849c2 feat: integrate @ electron/universal (First package dev journal atom/atom#1346)
• b66e97f chore: bump actions/checkout from 2 to 3 (Attempting to launch atom while it's updating should give me a nice message atom/atom#1341)
• 8b49d7c chore: bump sinon from 12.0.1 to 13.0.1 (Word movement uses end-of-word and beginning-of-word atom/atom#1329)

See the full diff

Package name: fs-admin

The new version differs by 110 commits.

• 4bc7dfe 0.20.0
• 0dcecb2 Merge pull request [Snyk] Security upgrade electron-packager from 15.0.0 to 16.0.0 #115 from atom/boolean-instead-of-number
• e82121c Merge pull request [Snyk] Fix for 29 vulnerabilities #150 from atom/dependabot/npm_and_yarn/prebuild-11.0.3
• 66b02f6 Merge pull request [Snyk] Fix for 23 vulnerabilities #141 from atom/dependabot/npm_and_yarn/node-gyp-8.4.1
• 5d924d9 Merge pull request [Snyk] Fix for 29 vulnerabilities #144 from atom/dependabot/npm_and_yarn/node-addon-api-4.3.0
• 7425d26 Bump prebuild from 11.0.0 to 11.0.3
• de16c9a Merge pull request [Snyk] Fix for 29 vulnerabilities #136 from atom/dependabot/npm_and_yarn/standard-16.0.4
• 29215ed Merge pull request [Snyk] Fix for 23 vulnerabilities #126 from atom/dependabot/npm_and_yarn/path-parse-1.0.7
• f385261 Bump node-gyp from 8.0.0 to 8.4.1
• 9bb9d5f Bump standard from 16.0.3 to 16.0.4
• bba736c Bump node-addon-api from 4.2.0 to 4.3.0
• e600ffe Merge pull request [Snyk] Fix for 12 vulnerabilities #145 from atom/dependabot/npm_and_yarn/mocha-9.2.0
• f358060 Merge pull request [Snyk] Fix for 12 vulnerabilities #147 from atom/dependabot/npm_and_yarn/prebuild-install-7.0.1
• fdb6892 Bump mocha from 8.4.0 to 9.2.0
• 1f07e6b Bump prebuild-install from 6.1.2 to 7.0.1
• ae01fb9 Merge pull request [Snyk] Fix for 29 vulnerabilities #148 from icecream17/patch-1
• d4cdffb macos hosted runners are available
• e212161 Merge pull request [Snyk] Security upgrade atom-package-manager from 2.5.2 to 2.6.3 #133 from atom/dependabot/npm_and_yarn/node-addon-api-4.2.0
• f2bb058 Bump prebuild from 10.0.1 to 11.0.0 ([Snyk] Fix for 23 vulnerabilities #134)
• b356b00 Bump node-addon-api from 3.1.0 to 4.2.0
• 5f9d85b Bump path-parse from 1.0.6 to 1.0.7
• e215b58 Use Boolean instead of Number
• ad11452 Bump node-gyp from 7.1.2 to 8.0.0 ([Snyk] Security upgrade terser from 3.10.8 to 4.8.1 #109)
• 1fcf996 Bump mocha from 8.3.2 to 8.4.0 ([Snyk] Security upgrade @octokit/rest from 15.9.5 to 16.0.4 #114)

See the full diff

Package name: klaw-sync

The new version differs by 14 commits.

• 2059501 update changelog, bump to v2.0.0
• 84532ab 2.0.0
• 3fc387f Merge pull request ⬆️ Bump highlight.js from 9.18.1 to 9.18.5 #2 from manidlou/add-filter-opt
• 4323677 update readme
• e76afdf change option name, update readme and changelog
• c4c78c5 remove unnecessary deps
• 2389ab0 update readme and changelog
• 56d1828 update changelog
• dd27335 refactor filter additional option, update readme
• e56432d add more tests for filter, update readme
• 739a6e3 remove ignore option, remove micromatch, refactor filter option, update bm.js
• a8c98ab fix bug: ignore with glob pattern (closes ⬆️ Bump ini from 1.3.5 to 1.3.8 #1), add filter option
• ab77725 benchmark/bm.js: set async run to false
• 4d498ea benchmark/bm.js: set async run to false

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: node-fetch

The new version differs by 7 commits.

• 1ef4b56 backport of Closing a tab activates the wrong tab atom/atom#1449 (Overwriting default keyboard commands is confusing atom/atom#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (Add heap details to status bar atom/atom#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (who wants to live forever atom/atom#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (Choose already opened file even from another pane atom/atom#1303)
• 18193c5 fix v2.6.3 that did not sending query params (Text Aliasing atom/atom#1301)
• ace7536 fix: properly encode url with unicode characters (Make i18n support a setting atom/atom#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (Atom Public Release Priorities atom/atom#1274)

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 [email protected]
• 94f92de [email protected]
• 7ac621c [email protected]
• 218caca [email protected]
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 [email protected]
• e9e5ee5 @ npmcli/[email protected]
• 991a3bd [email protected]
• f077724 [email protected]
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 [email protected]
• df57f0d @ npmcli/[email protected]
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: npm-check

The new version differs by 5 commits.

• eff52bc 6.0.1
• c6e9911 update package-lock, add renovate.json.
• 3c8798d Latest packages; added basic yarn support; added rc file depcheck api support (Hide text until syntax highlighting finishes atom/atom#397)
• f92f449 Merge pull request On cefode branch, subsequent refreshes slower than initial load atom/atom#411 from abernier/patch-1
• 4a261a4 updated `npm-outdated` doc link

See the full diff

Package name: simple-git

The new version differs by 250 commits.

• 66c903c Merge pull request Literate CoffeeScript Issues atom/atom#776 from steveukx/changeset-release/main
• 4fc3747 Version Packages
• 9665dee Merge pull request Base stylesheet loading questions/proposal atom/atom#775 from steveukx/snyk/clone
• 2040de6 Prevent use of `--upload-pack` as a command in `git.clone` to avoid potential accidental command execution.
• 9bf9baa Merge pull request Fix color highlight issue in Ruby, #716 atom/atom#772 from steveukx/changeset-release/main
• 64c41db Version Packages
• 357b4de Merge pull request Dragging a file onto Atom window opens new blank document rather than the file atom/atom#771 from steveukx/feat/status-with-nulls
• ed412ef Status Summary should use null terminators to allow files with spaces in their names
• 94c2462 Merge pull request [Website] A bold new idea. atom/atom#768 from steveukx/changeset-release/main
• 9113366 Version Packages
• 372efa0 Merge pull request Closing the last window takes a really long time atom/atom#767 from steveukx/feat/fix-fetch-snyk
• d119ec4 Prevent use of `--upload-pack` as a command in `git.fetch` to avoid potential accidental command execution.
• e4ff627 Merge pull request Inserting newlines is taking > 300ms atom/atom#761 from steveukx/changeset-release/main
• fcc7618 Version Packages
• 7c24bb0 Merge pull request Scroll performance is not smooth atom/atom#760 from steveukx/fix/project-readme
• 80651d5 Remove pre-publish step of copying `readme.md`, no longer required
• 0d0c198 Merge pull request [Website] Addon support atom/atom#759 from steveukx/changeset-release/main
• 6838e24 Version Packages
• d53875f Merge pull request [Marketing] The Atom Story atom/atom#758 from steveukx/fix/project-readme
• ac4f38f Move workspace readme into the `simple-git` package, symlink to it from the workspace
• e9f0461 Move workspace readme into the `simple-git` package, symlink to it from the workspace
• bcfa6f8 Merge pull request [Marketing] Headlines atom/atom#756 from steveukx/changeset-release/main
• 7a29566 Version Packages
• 50a8a6b Merge pull request [Marketing] Atom Vision atom/atom#755 from steveukx/release-attempt

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 060310c 14.0.0
• ff4a1ef Prepare CHANGELOG
• 8d2f6e1 Bump postcss (Uncaught Error: ENOENT, open 'undefined//Users/atlosm/workspace/tech-ex-2015/backend/src/main/scala/techex/cases/project.json' atom/atom#5619)
• f552608 Merge pull request Fix multi-folder regressions atom/atom#5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
• 7ed17ad Bump husky from 7.0.2 to 7.0.4
• 4d9f75e Merge pull request Tree-view is broken on Windows 8.1 since 0.180.0 atom/atom#5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
• bc9dd0b Bump jest from 27.2.5 to 27.3.1
• 82e2507 Merge pull request Config settings not working. atom/atom#5604 from stylelint/v14
• 16d259f Update CHANGELOG.md
• 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (atom.project.path === undefined atom/atom#5613)
• 8dca498 Show more info in missing customSyntax warning (Atom helper high CPU on Mac atom/atom#5611)
• 2eee0a9 Remove v14 CI triggers (Failed to spawn command clang atom/atom#5610)
• 12f8081 14.0.0-0
• 5dd7ec1 Prepare 14.0.0
• 67313a3 Add support for `extends` in `overrides` config (Add CORS headers for atom.io API usage atom/atom#5603)
• b6fd2fc Document no need for postcss-html maintainer (--dev linked packages are undefined unless in --dev mode atom/atom#5602)
• bf28025 Recommend using shared configs ( fix deb for debian and ubuntu 14.04TLS comfortability  atom/atom#5598)
• 07118d6 Update CHANGELOG.md
• 367142a Change `ignoreFiles` to be extendable (Combined/Shared UI + Syntax theme atom/atom#5596)
• 1b4162f Fix conflicts in dependabot
• 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (Atom Windows installer does not pin to Start menu in Windows 8+ atom/atom#5601)
• 1f32094 Bump typescript from 4.4.3 to 4.4.4 (Restore old behavior for multiple path CLI args atom/atom#5599)
• 88b9575 Revise contributors section of README (Title bar is not appropriate for non-project files atom/atom#5585)
• e38da70 Use problem rather than violation in docs and types ("Hide Git Ignored Files" does not honor ~/.gitignore atom/atom#5592)

See the full diff

Package name: terser

The new version differs by 250 commits.

• 40674a4 update changelog, version
• d8cc569 backport fix to potential regexp DDOS
• 504b967 4.8.0
• 9f380dc update changelog
• 7dd0b9d update assumptions
• cfad907 Allow yield to be used as property key in generators.
• 283f44f Make class property assignment pure.
• ee965e8 Add numeric separators support (Package writing feedback atom/atom#725)
• ee6b8af 4.7.0
• 807f729 update changelog
• 2e0e6c2 audit fix
• 87f7e7f fix functional tests
• 9b11e3d update node version
• 2ddf987 fix: fix a bug in AST_Arrow.prototype._size (Namespace theme styles by adding a class to the body atom/atom#701)
• 149e580 consider property access of arguments object to be pure. Closes Advanced collaboration atom/atom#687
• 2a25f3f ensure `const` declarations values are replaced with something, since `const` must have a value.
• 056623c 4.6.13
• b0e3686 update changelog
• 8d8200c fix specs cannot be run from release build atom/atom#678. when optimizing object properties, Terser should take care to not create incompatible identifiers
• 29e6d1b fix more of Clean up sync/async method names in fs-utils.coffee atom/atom#525
• 4f161d7 4.6.12
• 3729fae lint
• ea01f7d update changelog
• 7fda1de further fix the equivalent-to fix

See the full diff

Package name: yargs

The new version differs by 250 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (Incrementally load packages with activation events atom/atom#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (Attempting to launch atom while it's updating should give me a nice message atom/atom#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (Add the ability to cancel project.scan atom/atom#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (Provide a way to trigger a check for available updates. atom/atom#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (Fix mini editor leak atom/atom#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (The cursor's really hard to see when it's to the left of a matched search term. It's pretty hard to atom/atom#1330)
• c294d1b test: accept differently formatted output (Run atom CI on windows atom/atom#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (Handle native commands in render process atom/atom#1320)
• 0295132 fix: address issues with dutch translation (cmd-w shouldn't be able to close the tree-view. atom/atom#1316)
• 9f2468e doc: clarify parserConfiguration object structure (Add clean script atom/atom#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (Common core commands to workspaceView atom/atom#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (Text Aliasing atom/atom#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn