[Snyk] Upgrade: execa, , , , , , semver, , , , minimatch, glob, bindl, conventional-changelog-conventionalcommits, cspell, eslint, eslint-config-prettier, mocha, prettier, prettier-plugin-sh, semantic-release, semantic-release-vsce, ts-loader, typescript, webpack

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name	Versions	Released on

execa
from 5.1.1 to 9.3.1 | 15 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-14
@types/lodash
from 4.14.198 to 4.17.7 | 12 versions ahead of your current version | 2 months ago
on 2024-07-16
@types/mocha
from 10.0.1 to 10.0.7 | 6 versions ahead of your current version | 3 months ago
on 2024-06-22
@types/node
from 16.18.53 to 22.5.0 | 450 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 25 days ago
on 2024-08-21
@types/semver
from 7.5.2 to 7.5.8 | 6 versions ahead of your current version | 7 months ago
on 2024-02-24
@types/vscode
from 1.66.0 to 1.92.0 | 38 versions ahead of your current version | a month ago
on 2024-08-01
semver
from 7.5.4 to 7.6.3 | 4 versions ahead of your current version | 2 months ago
on 2024-07-16
@typescript-eslint/eslint-plugin
from 6.7.2 to 8.2.0 | 642 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-19
@typescript-eslint/parser
from 6.7.2 to 8.2.0 | 646 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-19
@vscode/test-electron
from 2.3.4 to 2.4.1 | 8 versions ahead of your current version | 2 months ago
on 2024-07-05
minimatch
from 9.0.3 to 10.0.1 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
glob
from 10.3.4 to 11.0.0 | 19 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-08
bindl
from 4.2.3 to 4.2.5 | 2 versions ahead of your current version | 10 months ago
on 2023-11-27
conventional-changelog-conventionalcommits
from 6.1.0 to 8.0.0 | 4 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 4 months ago
on 2024-05-03
cspell
from 7.3.6 to 8.14.2 | 41 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-20
eslint
from 8.49.0 to 9.9.1 | 27 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 23 days ago
on 2024-08-23
eslint-config-prettier
from 9.0.0 to 9.1.0 | 1 version ahead of your current version | 9 months ago
on 2023-12-02
mocha
from 10.2.0 to 10.7.3 | 10 versions ahead of your current version | a month ago
on 2024-08-09
prettier
from 3.0.3 to 3.3.3 | 12 versions ahead of your current version | 2 months ago
on 2024-07-13
prettier-plugin-sh
from 0.13.1 to 0.14.0 | 1 version ahead of your current version | 8 months ago
on 2024-01-17
semantic-release
from 19.0.5 to 24.1.0 | 79 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
on 2024-08-17
semantic-release-vsce
from 5.6.1 to 5.7.4 | 8 versions ahead of your current version | a month ago
on 2024-08-13
ts-loader
from 9.4.4 to 9.5.1 | 2 versions ahead of your current version | 10 months ago
on 2023-11-15
typescript
from 5.2.2 to 5.5.4 | 313 versions ahead of your current version | 2 months ago
on 2024-07-22
webpack
from 5.88.2 to 5.94.0 | 10 versions ahead of your current version | 24 days ago
on 2024-08-22

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	119	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	119	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	119	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	119	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	119	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	119	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	119	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	119	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	119	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	119	Proof of Concept
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	119	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	119	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	119	Proof of Concept

Release notes

Package name: execa

• 9.3.1 - 2024-08-14
  

  Thanks @ holic and @ jimhigson for your contributions!

  Bugs

  • Do not crash when using a custom Node.js binary without ICU support. (#1144)

  Bugs (types)

  • Fix type of the env option. It was currently failing for Remix or Next.js users. (by @ holic) (#1141)

  Documentation

  • Fix typo in "Inputs" documentation. (by @ jimhigson) (#1145)
  • Document how to terminate hanging subprocesses. (#1140)
  • Document how to add custom logging. (#1131)
• 9.3.0 - 2024-06-21
  

  Features

  • The verbose option can now be a function to customize logging. (#1130)
• 9.2.0 - 2024-06-06
  

  This release includes a new set of methods to exchange messages between the current process and a Node.js subprocess, also known as "IPC". This allows passing and returning almost any message type to/from a Node.js subprocess. Also, debugging IPC is now much easier.

  Moreover, a new gracefulCancel option has also been added to terminate a subprocess gracefully.

  For a deeper dive-in, please check and share the release post!

  Thanks @ iiroj for your contribution, @ SimonSiefke and @ adymorz for reporting the bugs fixed in this release, and @ karlhorky for improving the documentation!

  Deprecations

  • Passing 'ipc' to the stdio option has been deprecated. It will be removed in the next major release. Instead, the ipc: true option should be used. (#1056)

  - await execa('npm', ['run', 'build'], {stdio: ['pipe', 'pipe', 'pipe', 'ipc']});
  + await execa('npm', ['run', 'build'], {ipc: true});

  • The execaCommand() method has been deprecated. It will be removed in the next major release. If most cases, the template string syntax should be used instead.
  - import {execaCommand} from 'execa';
  + import {execa} from 'execa';

  - await execaCommand('npm run build');
  + await execanpm run build;

  const taskName = 'build';
  - await execaCommand(npm run ${taskName});
  + await execanpm run ${taskName};

  const commandArguments = ['run', 'task with space'];
  await execanpm ${commandArguments};

  If the file and/or multiple arguments are supplied as a single string, parseCommandString(command) can split that string into an array. More info. (#1054)

  - import {execaCommand} from 'execa';
  + import {execa, parseCommandString} from 'execa';

  const commandString = 'npm run task';
  - await execaCommand(commandString);
  + const commandArray = parseCommandString(commandString); // ['npm', 'run', 'task']
  + await execa${commandArray};

  // Or alternatively:
  const [file, ...commandArguments] = commandArray;
  await execa(file, commandArguments);

  Features

  • Add gracefulCancel option and getCancelSignal() method to terminate a subprocess gracefully. error.isGracefullyCanceled was also added. (#1109)
  • Add error.isForcefullyTerminated. It is true when the subprocess was terminated by the forceKillAfterDelay option. (#1111)
  • New methods to simplify exchanging messages between the current process and the subprocess. More info. (#1059, #1061, #1076, #1077, #1079, #1082, #1083, #1086, #1087, #1088, #1089, #1090, #1091, #1092, #1094, #1095, #1098, #1104, #1107)
    • The current process sends messages with subprocess.sendMessage(message) and receives them with subprocess.getOneMessage(). subprocess.getEachMessage() listens to multiple messages.
    • The subprocess uses sendMessage(message), getOneMessage() and getEachMessage() instead. Those are the same methods, but imported directly from the 'execa' module.
  • The ipcInput option sends an IPC message from the current process to the subprocess as it starts. This enables passing almost any input type to a Node.js subprocess. (#1068)
  • The result.ipcOutput array contains all the IPC messages sent by the subprocess to the current process. This enables returning almost any output type from a Node.js subprocess. (#1067, #1071, #1075)
  • The error message now contains every IPC message sent by the subprocess. (#1067)
  • The verbose: 'full' option now logs every IPC message sent by the subprocess, for debugging. More info here and there. (#1063)

  Types

  • Add ExecaMethod, ExecaNodeMethod and ExecaScriptMethod, ExecaSyncMethod and ExecaScriptSyncMethod types. (#1066)
  • Export the Message type, for IPC. (#1059)
  • Fix type of forceKillAfterDelay: true option. (#1116)

  Bug fixes

  • Fix passing a {file} to both the stdin and the stdout or stderr options. (#1058)
  • Fix multiple minor problems with the cancelSignal option. (#1108)
  • Fix accidental publishing of Vim backup files. (#1074)
  • Fix engines.node field in package.json. Supported Node.js version is ^18.19.0 or >=20.5.0. (by @ iiroj) (#1101)
• 9.1.0 - 2024-05-13
  

  Features (types)

  • Export TemplateExpression type. (#1049)
• 9.0.2 - 2024-05-10
  

  Bug fixes (types)

  • Do not require using --lib dom for TypeScript users (#1043, #1044)
  • Fix type of the reject option (#1046)
• 9.0.1 - 2024-05-09
  

  Bug fixes (types)

  • Fix types not being importable (#1033) 3bdab60
  • Fix complexity bug with types (#1037) 6cc519b
  • Fix complexity bug with types (#1035) fee011d
• 9.0.0 - 2024-05-08
  

  This major release brings many important features including:

  • Split the output into lines, or progressively iterate over them.
  • Transform or filter the input/output using simple functions.
  • Print the output to the terminal while still retrieving it programmatically.
  • Redirect the input/output from/to a file.
  • Advanced piping between multiple subprocesses.
  • Improved verbose mode, for debugging.
  • More detailed errors, including when terminating subprocesses.
  • Enhanced template string syntax.
  • Global/shared options.
  • Web streams and Transform streams support.
  • Convert the subprocess to a stream.
  • New documentation with many examples.

  Please check the release post for a high-level overview! For the full list of breaking changes, features and bug fixes, please read below.

  Thanks @ younggglcy, @ koshic, @ am0o0 and @ codesmith-emmy for your help!

  ---

  One of the maintainers @ ehmicky is looking for a remote full-time position. Specialized in Node.js back-ends and CLIs, he led Netlify Build, Plugins and Configuration for 2.5 years. Feel free to contact him on his website or on LinkedIn!

  ---

  Breaking changes (not types)

  • Dropped support for Node.js version <18.19.0 and 20.0.0 - 20.4.0. (834e372)

  • When the encoding option is 'buffer', the output (result.stdout, result.stderr, result.all) is now an Uint8Array instead of a Buffer. For more information, see this blog post. (by @ younggglcy) (#586)

  const {stdout} = await execa('node', ['file.js'], {encoding: 'buffer'});
  console.log(stdout); // This is now an Uint8Array

  • Renamed some of the allowed values for the encoding option. (#586, #928)
  - await execa('node', ['file.js'], {encoding: null});
  + await execa('node', ['file.js'], {encoding: 'buffer'});

- await execa('node', ['file.js'], {encoding: 'utf-8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});

- await execa('node', ['file.js'], {encoding: 'UTF8'});
+ await execa('node', ['file.js'], {encoding: 'utf8'});

- await execa('node', ['file.js'], {encoding: 'utf-16le'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'ucs2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'ucs-2'});
+ await execa('node', ['file.js'], {encoding: 'utf16le'});

- await execa('node', ['file.js'], {encoding: 'binary'});
+ await execa('node', ['file.js'], {encoding: 'latin1'});

• Passing a file path to subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() has been removed. Instead, a {file: './path'} object should be passed to the stdout or stderr option. (#752)

- await execa('node', ['file.js']).pipeStdout('output.txt');
+ await execa('node', ['file.js'], {stdout: {file: 'output.txt'}});

- await execa('node', ['file.js']).pipeStderr('output.txt');
+ await execa('node', ['file.js'], {stderr: {file: 'output.txt'}});

- await execa('node', ['file.js']).pipeAll('output.txt');
+ await execa('node', ['file.js'], {
+ stdout: {file: 'output.txt'},
+ stderr: {file: 'output.txt'},
+});

• Passing a writable stream to subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() has been removed. Instead, the stream should be passed to the stdout or stderr option. If the stream does not have a file descriptor, ['pipe', stream] should be passed instead. (#752)

- await execa('node', ['file.js']).pipeStdout(stream);
+ await execa('node', ['file.js'], {stdout: ['pipe', stream]});

- await execa('node', ['file.js']).pipeStderr(stream);
+ await execa('node', ['file.js'], {stderr: ['pipe', stream]});

- await execa('node', ['file.js']).pipeAll(stream);
+ await execa('node', ['file.js'], {
+ stdout: ['pipe', stream],
+ stderr: ['pipe', stream],
+});

• The subprocess.pipeStdout(), subprocess.pipeStderr() and subprocess.pipeAll() methods have been renamed to subprocess.pipe(). The command and its arguments can be passed to subprocess.pipe() directly, without calling execa() a second time. The from piping option can specify 'stdout' (the default value), 'stderr' or 'all'. (#757)

- await execa('node', ['file.js']).pipeStdout(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js']);

- await execa('node', ['file.js']).pipeStderr(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'stderr'});

- await execa('node', ['file.js']).pipeAll(execa('node', ['other.js']));
+ await execa('node', ['file.js']).pipe('node', ['other.js'], {from: 'all'});

• Renamed the signal option to cancelSignal. (#880)

- await execa('node', ['file.js'], {signal: abortController.signal});
+ await execa('node', ['file.js'], {cancelSignal: abortController.signal});

• Renamed error.killed to error.isTerminated. (#625)

try {
	await execa('node', ['file.js']);
} catch (error) {
- if (error.killed) {
+ if (error.isTerminated) {
		// ...
	}
}

• subprocess.cancel() has been removed. Please use either subprocess.kill() or the cancelSignal option instead. (#711)

- subprocess.cancel();
+ subprocess.kill();

• Renamed the forceKillAfterTimeout option to forceKillAfterDelay. Also, it is now passed to execa() instead of subprocess.kill(). (#714, #723)

- const subprocess = execa('node', ['file.js']);
- subprocess.kill('SIGTERM', {forceKillAfterTimeout: 1000});
+ const subprocess = execa('node', ['file.js'], {forceKillAfterDelay: 1000});
+ subprocess.kill('SIGTERM');

• The verbose option is now a string enum instead of a boolean. false has been renamed to 'none' and true has been renamed to 'short'. (#884)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.