[Snyk] Fix for 4 vulnerabilities

[twilio-product-security]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	593/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4	Information Exposure SNYK-JS-NANOID-2332193	Yes	Proof of Concept
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @oclif/dev-cli

The new version differs by 69 commits.

• 7386f79 chore(release): 1.24.0 [skip ci]
• 810e7c1 feat: add support for custom help classes (#141)
• e0cc3b0 chore(deps): bump @ oclif/config from 1.15.1 to 1.17.0 (#200)
• 02cb879 chore(deps-dev): bump ts-node from 8.10.2 to 9.0.0 (#219)
• 7a6af5b chore(deps): bump lodash from 4.17.19 to 4.17.20 (#215)
• 7a8cd25 chore(deps): bump bl from 3.0.0 to 3.0.1 (#229)
• 2f6de48 chore(deps): bump debug from 4.1.1 to 4.2.0 (#237)
• ba2a202 chore(deps-dev): bump @ types/chai from 4.2.12 to 4.2.14 (#247)
• 061cae0 chore(deps-dev): bump @ types/node from 14.0.27 to 14.14.7 (#258)
• ec6cd2c chore(deps): bump normalize-package-data from 2.5.0 to 3.0.0 (#248)
• 3c66d8f chore(release): 1.23.1 [skip ci]
• 5a75e79 fix: downgrade fs-extras (#264)
• 4188ba7 chore(deps-dev): bump conventional-changelog-cli from 2.0.34 to 2.1.1 (#259)
• 314b091 chore(deps-dev): bump @ types/mocha from 8.0.1 to 8.0.4 (#261)
• 103c60d chore(deps-dev): bump @ types/lodash from 4.14.158 to 4.14.165 (#260)
• 68cfa0a chore(deps-dev): bump eslint from 7.6.0 to 7.13.0 (#262)
• c7ea1cb chore(deps): bump cli-ux from 5.4.10 to 5.5.1 (#263)
• 6a67887 chore(deps-dev): bump @ types/supports-color from 5.3.0 to 7.2.0 (#251)
• 74de370 chore(deps-dev): bump aws-sdk from 2.738.0 to 2.790.0 (#256)
• 07e8f71 chore(deps-dev): bump @ types/fs-extra from 9.0.1 to 9.0.4 (#257)
• 0c73ad6 chore(release): 1.23.0 [skip ci]
• ccc31d7 ci: release job (#161)
• bdb5ab4 chore(deps): bump @ oclif/errors from 1.3.3 to 1.3.4 (#255)
• 2d1b6fd chore: sync dependabot.yml (#227)

See the full diff

Package name: eslint-config-oclif

The new version differs by 50 commits.

• b41e879 chore(release): 3.1.1 [skip ci]
• 188f803 fix: allow release from main branch
• d58f559 Update to latest standards (#85)
• ec95e5d chore: sync dependabot.yml (#81)
• 849b2b7 build!: require node 12+ (#82)
• 8ae10c6 Remove Codecov
• a850bb2 chore(deps): bump eslint-plugin-unicorn from 28.0.2 to 30.0.0 (#67)
• 799269e chore(deps): bump eslint-config-xo-space from 0.25.0 to 0.27.0 ([Snyk] Security upgrade @twilio/cli-core from 7.2.1 to 7.26.4 #63)
• 2f65616 chore(deps): bump eslint-plugin-mocha from 8.0.0 to 8.1.0 (https://github.com/twilio-labs/plugin-token/issues #64)
• 93097f3 chore(deps-dev): bump eslint from 7.21.0 to 7.23.0 (#66)
• af3acef chore(deps-dev): bump eslint from 7.17.0 to 7.21.0 (twilio token:voice --identity=alice --voice-app-sid=AP40f04d5c678c9fd3a3b5add1724395e8 -l debug #61)
• 3fe82a9 chore(deps): bump eslint-plugin-unicorn from 25.0.1 to 28.0.2 ([DEBUG] identity is required to be specified in options #62)
• 130c798 chore(deps-dev): bump eslint from 7.15.0 to 7.17.0 (Bump debug and mocha #57)
• 4f130cc chore(deps): bump eslint-plugin-unicorn from 21.0.0 to 25.0.1 (Bump semver from 5.7.0 to 5.7.2 #56)
• ccf8472 chore: sync dependabot.yml (Bump jsonwebtoken from 8.5.1 to 9.0.0 #53)
• 8202c27 chore(deps-dev): bump eslint from 7.6.0 to 7.15.0 (Bump minimist from 1.2.5 to 1.2.8 #52)
• ad29e51 chore: sync dependabot.yml (Bump ajv and eslint #43)
• 4c2f489 chore(deps): bump eslint-plugin-mocha from 7.0.1 to 8.0.0 (Bump @actions/core from 1.6.0 to 1.9.1 #40)
• 6c49e07 chore(deps-dev): bump eslint from 7.5.0 to 7.6.0 (Update oclif & minor refactors #39)
• 1df696d chore: sync dependabot.yml (Bump minimist from 1.2.5 to 1.2.6 #38)
• d93e12d chore(deps-dev): bump eslint from 7.4.0 to 7.5.0 (Bump url-parse from 1.5.4 to 1.5.10 #37)
• eb010e3 chore(deps): bump eslint-plugin-unicorn from 20.1.0 to 21.0.0 (Bump url-parse from 1.5.4 to 1.5.7 #36)
• 412a5f7 chore(deps): bump lodash from 4.17.15 to 4.17.19 (Bump follow-redirects from 1.14.7 to 1.14.8 #35)
• a613406 chore(deps-dev): bump eslint from 7.3.1 to 7.4.0 (Bump pathval from 1.1.0 to 1.1.1 #34)

See the full diff

Package name: mocha

The new version differs by 118 commits.

• cc51b8f build(v9.2.0): release
• dea3115 build(v9.2.0): update CHANGELOG [ci skip]
• 1825645 chore: update dependencies (#4818)
• bc0fda2 chore: update some devDependencies (#4816)
• 8b089a2 feat(parallel): assign each worker a worker-id (#4813)
• 9fbf3ae chore: run Netlify deploy on Node v16 (#4778) [ci skip]
• f297790 chore: switch 'linkify-changelog.js' to ESM (#4812) [ci skip]
• 0a1b7f8 build(v9.1.4): release
• a04d050 build(v9.1.4): update CHANGELOG [ci skip]
• baa12fd fix: wrong error thrown if loader is used (#4807)
• 60fafa4 Update copyright year in LICENSE (#4804)
• 3b4cc05 chore(devDeps): remove 'cross-spawn' (#4779)
• a99d40c chore(ci): add Node v17 to test matrix (#4777)
• ac43029 chore(devDeps): update 'prettier' (#4776)
• 9c9fcb5 chore: update some devDependencies (#4775)
• 28b4824 build(v9.1.3): release
• 3dcc2d9 build(v9.1.3): update CHANGELOG [ci skip]
• 012d79d fix(browser): enable 'bdd' import for bundlers (#4769)
• 111467f fix(integration): revert deprecation of 'EVENT_SUITE_ADD_*' events (#4764)
• 0ea732c fix(website): improve backers sprite image (#4756)
• 18a1055 build(v9.1.2): release
• 011a5a4 fix: regex in 'update-authors.js'
• 06f3f63 build(v9.1.2): update CHANGELOG [ci skip]
• a87461c chore(deps): remove 'wide-align' (#4754)

See the full diff

Package name: nyc

The new version differs by 55 commits.

• bebf4d6 chore(release): 15.0.0
• 2931730 chore: Update to final releases of dependencies (#1245)
• d44ff19 chore: Update node-preload and use process-on-spawn (#1243)
• 5258e9f feat: Filenames relative to project cwd in coverage reports (#1212)
• 6039f29 chore: Unpin test-exclude, update to latest pre-releases (#1240)
• f3c9e6c chore: Temporarily pin test-exclude (#1239)
• 28ed746 chore: Lazy load modules that are rarely/never needed in test processes. (#1232)
• 7307626 chore: Remove cp-file module (#1230)
• dfd629d fix: Better error handling for main execution, reporting (#1229)
• 549c953 chore: Update dependencies, pin find-cache-dir (#1228)
• a1dee03 chore: Update yargs (#1224)
• 8078a79 chore: Fix 404 in README.md. (#1220)
• 7a02cb7 chore: Add enterprise language (#1217)
• ea94c7f chore: Remove unused functions (#1218)
• 53c66b9 docs: `npm home nyc` goes to github master branch README (#1201)
• cf5e5d3 chore: Update dependencies
• 8411a26 fix: Correct handling of source-maps for pre-instrumented files (#1216)
• f890360 docs: Fix URL to default excludes in README.md (#1214)
• 3726bbb chore: Update to async version of istanbul-lib-source-maps (#1199)
• 0efc6d1 chore: Tweak arguments for async coverage data readers (#1198)
• cc77e13 chore: Add `use strict` to all except fixtures (#1197)
• bcbe1df chore: Update dependencies (#1196)
• 2735ee2 chore: 100% coverage (#1195)
• fd40d49 feat: Use @ istanbuljs/schema for yargs setup (#1194)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic