[Snyk] Fix for 3 vulnerabilities

[cfereday]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/lego-scripts/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-jest

The new version differs by 22 commits.

• ff9269b chore: bump most dated deps (#8850)
• 7594141 chore: upgrade to eslint@6 (#8855)
• b33ce0d chore: upgrade to micromatch v4 (#8852)
• d6ff72a chore: add node 12 to CI (#8411)
• 7e9b4ea chore: upgrade jsdom (#8851)
• 4bb7a2d Use `weak-napi` instead of `weak` in `jest-leak-detector`
• ce47c6c Get rid of Node 6 support (#8455)
• bc5c3c7 jest-snapshot: Remove only the added newlines in multiline snapshots (#8859)
• d523fa8 bug.md: highlights placeholder should be removed (#8836)
• 08f109c expect: Display expectedDiff more carefully in toBeCloseTo (#8389)
• b09de2d chore: bump node-notifier for node v6 support
• 557a39f fix(linter): Fix linting failure introduced in #8847 😓 (#8849)
• 012472b fix(docs): Update broken links in docs. (#8847)
• ee2bea1 chore: sort member in imports (#8846)
• 9ba4594 add Chinese Jest work with AngularJS tutorial (#8828)
• 0e5b363 chore: reduce reliance on esModuleInterop (#8842)
• d69f8d3 getTimerCount will not include cancelled immediates (#8764)
• b4bd77b Fix grammar: "your jest's config"->"your Jest..." (#8843)
• 54b3dcf Fix grammar: "a known issues"->"a known issue" (#8844)
• e76c7da docs: update matchMedia methods (#8835)
• 23b9860 chore: roll new version of docs
• 3cdbd55 Release 24.9.0

See the full diff

Package name: lint-staged

The new version differs by 236 commits.

• 885a644 Merge pull request #852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request #837 from okonet/serial-git-add

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 5882290 16.1.0
• 6c4b64d Prepare 16.1.0 (#7415)
• 566c422 Bump file-entry-cache from 7.0.2 to 8.0.0 (#7427)
• 42bf8f8 Bump meow from 12.1.1 to 13.0.0 (#7426)
• cb509a0 Fix `function-url-quotes` false positives for SCSS variable and `@` character (#7416)
• e222352 Document benefits from TypeScript annotation (#7423)
• 760a6f1 Fix `selector-pseudo-class-no-unknown` false positive for `:popover-open` (#7425)
• 8ec6748 Add `ignore: ["keyframe-selectors"]` to `selector-disallowed-list` (#7417)
• 548b221 Add missing changelog for PR #7366
• 19ab06a Sort rules alphabetically in `docs/user-guide/rules.md` (#7422)
• 0e8b1fd Bump rollup from 4.8.0 to 4.9.1 (#7414)
• 0455938 Bump the csstools-parser group with 2 updates (#7411)
• e03a0f9 Update stylelint-stylistic plugin link (#7419)
• b92260f Bump @ csstools/selector-specificity from 3.0.0 to 3.0.1 (#7413)
• 368e40f Bump the eslint group with 2 updates (#7412)
• ef766cd Bump github/codeql-action from 2 to 3 (#7410)
• b34a184 Document testing options in more detail in the v16 migration guide (#7407)
• 7620c2c Fix `declaration-property-value-no-unknown` and other false positives for multiline SCSS interpolation (#7406)
• d03def6 Add lightness-notation (#7366)
• da7ce21 16.0.2
• 303b3c9 Prepare 16.0.2 (#7386)
• fbc6adf Bump rollup from 4.6.1 to 4.8.0 (#7394)
• d4b12aa Bump np from 8.0.4 to 9.2.0 (#7391)
• 0ec3df4 Bump the typescript group with 1 update (#7390)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution