[Snyk] Fix for 1 vulnerabilities

[fraxken]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @nodesecure/scanner

The new version differs by 62 commits.

• 3522b2c 5.1.0
• df9ea2b Merge pull request #183 from NodeSecure/add-warning-source
• 36869a7 refactor: use zero-semver & add source property
• f43355e chore: update @ nodesecure/i18n (3.3.0 to 3.4.0)
• 02923d1 chore: update dependencies & workflows (#182)
• 03e5c47 fix: add missing top-level await for i18n (#181)
• bf36fb0 chore: drop support for Node 16 (#179)
• c39e59f chore(deps): bump pacote from 15.2.0 to 17.0.4 (#160)
• d35f71c chore(deps-dev): bump sinon from 15.2.0 to 16.0.0 (#167)
• 478524e chore(deps): bump @ npmcli/arborist from 6.3.0 to 7.1.0 (#163)
• 4590ff8 feat: add integrity/validation check for tarball/manifest diff (#166)
• 470cc25 5.0.1
• 23ceb3f fix(package): add missing i18n folder (#168)
• b6c8031 fix(dependency): properly increment dependencyCount (#165)
• b0877d3 5.0.0
• d77508f refactor!: enhance author parsing & type defs (#162)
• 4dbaf65 chore(deps): bump actions/checkout from 3.5.0 to 3.5.3 (#149)
• 9b0b0c6 chore(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#148)
• 9e1fb86 chore(deps-dev): bump @ types/node from 18.17.1 to 20.4.5 (#154)
• 032c467 chore(deps): bump actions/setup-node from 3.6.0 to 3.7.0 (#156)
• 9329f99 chore(deps): bump github/codeql-action from 2.2.9 to 2.21.2 (#157)
• b4a829e chore(deps): bump step-security/harden-runner from 2.2.1 to 2.5.0 (#158)
• 51ac3cd refactor: implement local i18n translations (#144)
• e65c79d Implement SAST warnings for semver (#139)

See the full diff

Package name: pacote

The new version differs by 27 commits.

• 18e760f chore: release 17.0.4
• ba8f790 deps: bump @ npmcli/promise-spawn from 6.0.2 to 7.0.0
• 2c0d3ae deps: bump @ npmcli/run-script from 6.0.2 to 7.0.0
• 7aa2062 chore: release 17.0.3
• ace7c28 deps: bump npm-packlist from 7.0.4 to 8.0.0
• f1efd0c chore: release 17.0.2
• c3b892d deps: bump sigstore from 1.3.0 to 2.0.0
• c75d7d5 chore: release 17.0.1
• 6ddae13 deps: bump npm-registry-fetch from 15.0.0 to 16.0.0
• 42bf787 deps: bump npm-pick-manifest from 8.0.2 to 9.0.0
• 9fa2de9 chore: release 17.0.0
• e9e964b deps: bump read-package-json from 6.0.4 to 7.0.0
• f69d844 chore: [email protected]
• 5d26500 deps: bump npm-package-arg from 10.1.0 to 11.0.0
• d13bb9c deps: bump @ npmcli/git from 4.1.0 to 5.0.0
• 7a25e39 deps: bump cacache from 17.1.4 to 18.0.0
• 2db2fb5 fix: drop node 16.13.x support
• 5cdbfd1 chore: release 16.0.0
• 8dc6a32 deps: bump minipass from 5.0.0 to 7.0.2
• 7cebf19 deps: bump npm-registry-fetch from 14.0.5 to 15.0.0
• 73b6297 fix: drop node14 support (#290)
• 53cf17e chore: postinstall for dependabot template-oss PR
• 865d5c7 chore: bump @ npmcli/template-oss from 4.17.0 to 4.18.0
• 040add9 chore: postinstall for dependabot template-oss PR

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)