[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • script/package.json
  • script/package-lock.json
  • script/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	/1000 Why?	Command Injection SNYK-JS-SIMPLEGIT-2421199	Yes	No Known Exploit
	/1000 Why?	Command Injection SNYK-JS-SIMPLEGIT-2434306	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 3dd6741 7.0.0
• 9a722f9 Build: changelog update for 7.0.0
• b98d8bd Upgrade: eslint-release@2.0.0 (Atom editor crashes on startup atom/atom#13271)
• 4c0b028 Fix: remove Node.js and CommonJS category from build process (Atom crashes when trying to add a project folder with a corrupt .git/index atom/atom#13242)
• 401a687 Chore: fix rules list for prereleases (Use yarn to download packages atom/atom#13230)
• 4ef6158 Breaking: espree@7.0.0 (Syntax Highlighting breaks after certain length of line atom/atom#13270)
• b5c8d73 Docs: update 7.0.0 migration guide for consistency (Window reload key unusable in v1.13.0-beta4 atom/atom#13267)
• 356fdb4 Docs: add migration guide (Split screen horizontal / floating windows atom/atom#12692)
• 015edf6 Sponsors: Sync README with website
• fdfa364 7.0.0-rc.0
• 8d1b4db Build: changelog update for 7.0.0-rc.0
• 0b1d65a Update: Improve report location for array-callback-return (refs When searching acorss a project it should be possible to copy the text of the search result for reference atom/atom#12334) (Uncaught Error: Could not call remote function 'emit'. Check that the function signature is corre... atom/atom#13109)
• d85e291 Fix: yoda left string fix for exceptRange (fixes Always return Disposable from maintain{Config,Grammar} atom/atom#12883) (Problem with saving.  atom/atom#13052)
• 2ce6bed Chore: added tests for nested arrays (Feature Request: Drag and drop files from the tree view into browser to open in browser (similar to how the open file tabs can be dragged in) atom/atom#13145)
• d3aac53 Update: report backtick loc in no-unexpected-multiline (refs When searching acorss a project it should be possible to copy the text of the search result for reference atom/atom#12334) (Syntax Highlight Error after "&" atom/atom#13142)
• 8e7a2d9 Fix: func-call-spacing "never" reports wrong message (fixes /usr/bin/atom: line 111: 13463 Segmentation fault  atom/atom#13190) (Atom crashed.. atom/atom#13193)
• bcafd0f Update: Add ESLint API (refs New: ESLint Class Replacing CLIEngine eslint/rfcs#40) (test pull request atom/atom#12939)
• 3eeae56 Upgrade: some (dev) deps (Shake Screen effect of Active Power Mode Package in Gnome Classic is not working atom/atom#13155)
• 6b7030b Chore: Run tests on Node.js v14 (Screen goes blue after switching workspace in Linux atom/atom#13210)
• ebc28d7 Fix: Remove default .js from --ext CLI option (RPM Install: error while loading shared libraries: libXss.so.1: cannot open shared object file: No such file or directory atom/atom#13176)
• 5c1bdeb Update: Improve report location for getter-return (refs When searching acorss a project it should be possible to copy the text of the search result for reference atom/atom#12334) (Portable version for macOS atom/atom#13164)
• 56d2bee Docs: fix typos (After updating to 1.12.1 the command line binaries were no longer present. atom/atom#13204)
• e13256e Chore: use espree.latestEcmaVersion in config-initializer (beta7 stuck on Installing autocomplete-css@0.13.1  atom/atom#13157)
• e4f57b7 Chore: add nested array tests for array-element-newline (Additional license clarification and update license year atom/atom#13161)

See the full diff

Package name: simple-git

The new version differs by 250 commits.

• 66c903c Merge pull request Literate CoffeeScript Issues atom/atom#776 from steveukx/changeset-release/main
• 4fc3747 Version Packages
• 9665dee Merge pull request Base stylesheet loading questions/proposal atom/atom#775 from steveukx/snyk/clone
• 2040de6 Prevent use of `--upload-pack` as a command in `git.clone` to avoid potential accidental command execution.
• 9bf9baa Merge pull request Fix color highlight issue in Ruby, #716 atom/atom#772 from steveukx/changeset-release/main
• 64c41db Version Packages
• 357b4de Merge pull request Dragging a file onto Atom window opens new blank document rather than the file atom/atom#771 from steveukx/feat/status-with-nulls
• ed412ef Status Summary should use null terminators to allow files with spaces in their names
• 94c2462 Merge pull request [Website] A bold new idea. atom/atom#768 from steveukx/changeset-release/main
• 9113366 Version Packages
• 372efa0 Merge pull request Closing the last window takes a really long time atom/atom#767 from steveukx/feat/fix-fetch-snyk
• d119ec4 Prevent use of `--upload-pack` as a command in `git.fetch` to avoid potential accidental command execution.
• e4ff627 Merge pull request Inserting newlines is taking > 300ms atom/atom#761 from steveukx/changeset-release/main
• fcc7618 Version Packages
• 7c24bb0 Merge pull request Scroll performance is not smooth atom/atom#760 from steveukx/fix/project-readme
• 80651d5 Remove pre-publish step of copying `readme.md`, no longer required
• 0d0c198 Merge pull request [Website] Addon support atom/atom#759 from steveukx/changeset-release/main
• 6838e24 Version Packages
• d53875f Merge pull request [Marketing] The Atom Story atom/atom#758 from steveukx/fix/project-readme
• ac4f38f Move workspace readme into the `simple-git` package, symlink to it from the workspace
• e9f0461 Move workspace readme into the `simple-git` package, symlink to it from the workspace
• bcfa6f8 Merge pull request [Marketing] Headlines atom/atom#756 from steveukx/changeset-release/main
• 7a29566 Version Packages
• 50a8a6b Merge pull request [Marketing] Atom Vision atom/atom#755 from steveukx/release-attempt

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution