[Snyk] Upgrade chalk from 2.4.2 to 5.0.1 #10

snyk-bot · 2022-08-20T20:24:13Z

Snyk has created this PR to upgrade chalk from 2.4.2 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 9 versions ahead of your current version.
The recommended version was released 5 months ago, on 2022-03-08.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-450213	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-SETVALUE-1540541	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Command Injection SNYK-JS-NODENOTIFIER-1035794	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: chalk

5.0.1 - 2022-03-08
- Add main field to package.json for backwards compatibility with some developer tools 85f7e96
v5.0.0...v5.0.1
5.0.0 - 2021-11-26
Breaking
- This package is now pure ESM. Please read this.
  - If you use TypeScript, you need to use TypeScript 4.7 or later. Why.
  - If you use a bundler, make sure it supports ESM and that you have correctly configured it for ESM.
  - The Chalk issue tracker is not a support channel for your favorite build/bundler tool.
  - It's totally fine to stay on Chalk v4. It's been stable for years.
- Require Node.js 12.20 fa16f4e
- Move some properties off the default export to individual named exports:
  - chalk.Instance → Chalk
  - chalk.supportsColor → supportsColor
  - chalk.stderr → chalkStderr
  - chalk.stderr.supportsColor → supportsColorStderr
- Remove .keyword(), .hsl(), .hsv(), .hwb(), and .ansi() coloring methods (#433) 4cf2e40
  - These were not commonly used and added a lot of bloat to Chalk. You can achieve the same by using the color-convert package.
- The tagged template literal support moved into a separate package: chalk-template (#524) c987c61
-import chalk from 'chalk';
+import chalkTemplate from 'chalk-template';

-chalk2 + 3 = {bold ${2 + 3}};
+chalkTemplate2 + 3 = {bold ${2 + 3}};

Improvements
- Bundle dependencies 04fdbd6
  - This means Chalk no longer has any dependencies 🎉
- The install size is less than half of v4.
- Add overline style (#433) 4cf2e40
- Preserve function prototype methods (#434) 0fba91b
v4.1.0...v5.0.0
4.1.2 - 2021-07-30
- Readme updates
4.1.1 - 2021-04-21
- Readme updates 89e9e3a
4.1.0 - 2020-06-09
- Support template literals for nested calls (#392) 09ddbad
v4.0.0...v4.1.0
4.0.0 - 2020-04-02
Breaking
- Require Node.js 10 61999a4
- Change the Level TypeScript type to be a union instead of enum f0f4638
```
-if (chalk.level > Level.None) {}
+if (chalk.level > 0) {}
```
Improvements
- Use Object.setPrototypeOf as __proto__ could potentially be disabled (#387) 63469d3
v3.0.0...v4.0.0
3.0.0 - 2019-11-09
Read more
3.0.0-beta.2 - 2019-10-08
While this is a beta release, the code is well-tested and fairly stable.
We encourage you to test it out and report any issues.
```
$ npm install [email protected]
```
See the beta 1 release notes for more.
- Add ansi256 and bgAnsi256 to TypeScript declarations (#368) fb8e85a
v3.0.0-beta.1...v3.0.0-beta.2
3.0.0-beta.1 - 2019-09-27
Read more
2.4.2 - 2019-01-05
- Strict mode in Flow definition (#309) f95d9ec
This release is done from the v2-release branch, as master branch targets the work-in-progress v3 release.

from chalk GitHub release notes

Commit messages

Package name: chalk

bccde97 5.0.1
85f7e96 Add `main` field to package.json for backwards compatibiltiy
4d5c479 5.0.0
7a68935 Fix code coverage
04fdbd6 Bundle dependencies
d7c4aac Upgrade dependencies
09fd5c4 Re-export types from `supports-color` (#526)
c987c61 Remove support for tagged template literals (#524)
f478655 Update dependents number in readme (#521)
3761e45 Meta tweak (#520)
9521742 Minor tweaks
625a285 Add `types` field to package.json
48d25d1 Meta tweaks
b68c8b5 Meta tweaks
f8a3642 Minor tweaks (#437)
4cf2e40 Add `overline` style and remove `keyword`, `hsl`, `hsv`, `hwb` and `ansi` color spaces (#433)
0fba91b Keep function prototype methods (#434)
d798222 Add named exports (#432)
fa16f4e Require Node.js 12 and move to ESM
4dab5e1 Meta tweaks
9bf2985 Meta tweaks
2a9abb1 Rename `master` branch to `main`
97a0861 Update badge
0433fcf Update a link