[Snyk] Fix for 1 vulnerabilities

[Oleksandr1201vsp]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: addons-linter

The new version differs by 250 commits.

• e24b9fc 6.8.0
• 45b8f7f chore(deps-dev): bump tar-fs from 2.1.1 to 3.0.2 (#4925)
• 8126da1 chore(deps): bump eslint from 8.42.0 to 8.43.0 (#4926)
• 7fdb2c3 chore(deps): bump @ mdn/browser-compat-data from 5.2.64 to 5.2.65 (#4924)
• cecc6b0 Pontoon: Update Turkish (tr) localization of AMO Linter
• daf246e chore(deps): bump semver from 7.5.1 to 7.5.2 (#4923)
• aff63b0 chore(deps-dev): bump webpack from 5.86.0 to 5.87.0 (#4922)
• e72caa7 Pontoon: Update Turkish (tr) localization of AMO Linter
• e898ff0 Pontoon: Update Czech (cs) localization of AMO Linter
• 47d637d chore(deps): bump @ mdn/browser-compat-data from 5.2.63 to 5.2.64 (#4920)
• f00ced5 chore(deps-dev): bump sinon from 15.1.0 to 15.1.2 (#4921)
• 7f7abd5 chore(deps): bump @ mdn/browser-compat-data from 5.2.62 to 5.2.63 (#4919)
• bb92c8a chore(deps-dev): bump @ babel/cli from 7.21.5 to 7.22.5 (#4911)
• da2ebd8 chore(deps-dev): bump @ babel/plugin-proposal-throw-expressions from 7.18.6 to 7.22.5 (#4917)
• 904eeb4 chore(deps-dev): bump @ babel/plugin-proposal-decorators from 7.22.3 to 7.22.5 (#4913)
• 2af21c5 chore(deps-dev): bump @ babel/core from 7.22.1 to 7.22.5 (#4914)
• d54d6d7 chore(deps-dev): bump @ babel/eslint-parser from 7.21.8 to 7.22.5 (#4915)
• f818deb chore(deps-dev): bump @ babel/plugin-proposal-function-sent from 7.18.6 to 7.22.5 (#4916)
• 0b76e6a chore(deps-dev): bump @ babel/register from 7.21.0 to 7.22.5 (#4912)
• 4d486cd chore(deps-dev): bump @ babel/preset-env from 7.22.4 to 7.22.5 (#4918)
• a38262a Better validate add-on names (#4903)
• 1395e78 chore(deps-dev): bump webpack from 5.85.0 to 5.86.0 (#4909)
• 56c87da chore(deps): bump glob from 10.2.6 to 10.2.7 (#4906)
• 66092f7 chore(deps): bump @ mdn/browser-compat-data from 5.2.61 to 5.2.62 (#4907)

See the full diff

Package name: update-notifier

The new version differs by 26 commits.

• 311557e 6.0.0
• 9183541 Require Node.js 14 and move to ESM
• 3fdb218 5.1.0
• 73c391b Upgrade dependencies
• 0a6027e Move to GitHub Actions
• d8fa601 Rename `master` branch to `main`
• f63b2eb 5.0.1
• 9e2b772 Update dependencies
• da7c464 5.0.0
• 5b440c2 Require Node.js 10
• 3dfe42d Don't suggest to upgrade to lower version (Load add-on from pseudo symlink in run command mozilla/web-ext#192)
• 132b7ce Remove a project from "Users" section (Update flow-bin to version 0.23.0 🚀 mozilla/web-ext#191)
• c9d2166 4.1.1
• f42fc8f Improve vertical alignment of the notifier output (fix(): Fixed source-map-support import error mozilla/web-ext#183)
• 71a3f19 Use HTTPS links
• 64c5236 Fix Travis
• 9d9f4ff 4.1.0
• 4062f12 Update dependencies
• adbeb6e Add template support for the `message` option (fix(): Increased test timeout for Travis mozilla/web-ext#175)
• adf7803 4.0.0
• fb5161c Remove the `callback` option (Update eslint to version 2.5.2 🚀 mozilla/web-ext#158)
• 39682de Rename `boxenOpts` option to `boxenOptions`
• bc1721a Avoid showing notification if current version is the latest (docs(): Improved commit message docs mozilla/web-ext#174)
• ccaf686 Update dependencies

See the full diff

Package name: yargs

The new version differs by 4 commits.

• 59739e6 chore: release 13.3.0 (Update to secure version of firefox-profile when available mozilla/web-ext#1358)
• e230d5b fix(deps): yargs-parser update addressing several parsing bugs (fix: Use default javascript.options.strict=false mozilla/web-ext#1357)
• 4dfa19b feat(i18n): swap out os-locale dependency for simple inline implementation (Update debounce to the latest version 🚀 mozilla/web-ext#1356)
• 812048c feat: support defaultDescription for positional arguments

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)