[Snyk] Fix for 2 vulnerabilities

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	No	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

Commit messages

Package name: mocha

The new version differs by 8 commits.

• 5f96d51 build(v10.1.0): release
• ed74f16 build(v10.1.0): update CHANGELOG
• 51d4746 chore(devDeps): update 'ESLint' to v8 (Question: Any way to get result/merged interface microsoft/TypeScript#4926)
• 4e06a6f fix(browser): increase contrast for replay buttons (Template string expression statement leading with object literal gives incorrect emit microsoft/TypeScript#4912)
• 41567df Support prefers-color-scheme: dark (Indexer with type parameter microsoft/TypeScript#4896)
• 61b4b92 fix the regular expression for function `clean` in `utils.js` (Why these import/export statements behave differently...? microsoft/TypeScript#4770)
• 77c18d2 chore: use standard 'Promise.allSettled' instead of polyfill ("design:paramnames" metadata key microsoft/TypeScript#4905)
• 84b2f84 chore(ci): upgrade GH actions to latest versions (Multiline ES6 syntax import formatting microsoft/TypeScript#4899)

See the full diff

Package name: xml2js

The new version differs by 18 commits.

• bd0f780 Bump dependency versions to fix security issues
• 3a8d46e Update lockfile
• 9f730bb Update package.json with latest PR
• 50a492a Merge pull request scanTrivia from old LS keeps hitting error condition microsoft/TypeScript#603 from autopulated/master
• 7bc3c5d Merge pull request Don't allow falsely discarded parameters when determining overloaded signature compatibility microsoft/TypeScript#598 from fnimick/master
• f412a12 Merge pull request Add constructor paramters to Blob microsoft/TypeScript#635 from wisesimpson/patch-1
• d318ce0 Update README.md
• 581b19a use Object.create(null) to create all parsed objects (prevent prototype replacement)
• a212950 Add documentation for `explicitCharkey` option
• 1832e0b Merge pull request export import generates no code (perhaps due optimization) microsoft/TypeScript#512 from economia/master
• 198063c Merge pull request Can no longer debug typescript files in Visual Studio 2013 Update 3 microsoft/TypeScript#556 from Omega-Ariston/fix-issue544
• 0d71785 Merge pull request Ensure that sys is not used outside tsc.ts microsoft/TypeScript#562 from Omega-Ariston/addDocExample
• a44bad4 Update README.md
• a3ae596 append example to README for issue Fixed a simple typo in CONTRIBUTING.md microsoft/TypeScript#552
• aad6dd6 fix issue554
• fa32064 readme updated with default empty tag as function
• f074644 cr fixes (will be squashed after another cr)
• 19a4c2f Call function for emptyTag if specified

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

[changeset-bot]

⚠️ No Changeset found

Latest commit: ad133e1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR