[Snyk] Security upgrade @octokit/rest from 14.0.9 to 16.0.0

[Exnadella]

User description

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/workspaces/package.json
• packages/workspaces/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

PR Type

enhancement, dependencies

---

Description

• Upgraded @octokit/rest from version 14.0.9 to 16.0.0 in both package.json and package-lock.json.
• Introduced new dependencies to support the updated version of @octokit/rest.
• Resolved a Regular Expression Denial of Service (ReDoS) vulnerability by updating dependencies.
• Enhanced the security and functionality of the project by updating several dependencies.

---

Changes walkthrough 📝

Relevant files

Dependencies

package-lock.json Upgrade dependencies and address security vulnerabilities packages/workspaces/package-lock.json Upgraded @octokit/rest from version 14.0.9 to 16.0.0. Added new dependencies such as @octokit/endpoint, @octokit/request, and btoa-lite. Updated several existing dependencies to newer versions. Addressed a Regular Expression Denial of Service (ReDoS) vulnerability. +543/-305 package.json Update @octokit/rest dependency version                                    packages/workspaces/package.json Updated @octokit/rest dependency from version 14.0.0 to 16.0.0. +1/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[qodo-merge-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review Dependency Update The @octokit/rest package has been updated from ^14.0.0 to ^16.0.0. This is a major version update which may include breaking changes.

[qodo-merge-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Dependency update	Update the bottleneck dependency to a more recent version Consider updating the bottleneck dependency to a more recent version, as the current version (1.16.0) is quite old and may have security vulnerabilities or lack important features. packages/workspaces/package.json [23] -"bottleneck": "^1.16.0", +"bottleneck": "^2.19.5", Apply this suggestion Suggestion importance[1-10]: 8 Why: Updating the bottleneck dependency to a more recent version is a good suggestion as it can address potential security vulnerabilities and provide new features or bug fixes. The existing version is quite old, and keeping dependencies up-to-date is a best practice.	8
	Update the rimraf dependency to a more recent version Consider updating the rimraf dependency to a more recent version, as the current version (2.6.2) might be outdated and could potentially have security vulnerabilities. packages/workspaces/package.json [25] -"rimraf": "^2.6.2" +"rimraf": "^3.0.2" Apply this suggestion Suggestion importance[1-10]: 8 Why: Updating the rimraf dependency to a more recent version is a valid suggestion to mitigate potential security vulnerabilities and benefit from improvements or bug fixes. The current version is outdated, and maintaining updated dependencies is crucial for security and stability.	8

[qodo-merge-pro]

CI Failure Feedback 🧐

(Checks updated until commit 83e17ef)

Action: test (ubuntu-latest)

Failed stage: Run npm run bootstrap [❌]

Failure summary: The action failed due to an error during the npm ci command execution: The command npm ci exited with code 1 in the wct-mocha package. There are multiple deprecation warnings for @lerna packages, which might indicate compatibility issues or unsupported features. The error message suggests checking the npm help for the ci command for more information.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 595: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 596: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 597: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 598: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 599: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 600: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 601: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 602: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 603: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ... 747: npm ERR! [-ws|--workspaces] [--include-workspace-root] [--install-links] 748: npm ERR! 749: npm ERR! aliases: clean-install, ic, install-clean, isntall-clean 750: npm ERR! 751: npm ERR! Run "npm help ci" for more info 752: npm ERR! A complete log of this run can be found in: 753: npm ERR! /home/runner/.npm/_logs/2024-09-05T17_45_51_947Z-debug-0.log 754: lerna ERR! npm ci exited 1 in 'wct-mocha' 755: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.