[Snyk] Security upgrade @salesforce/command from 4.2.2 to 5.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/core/package.json
  • packages/core/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

Commit messages

Package name: @salesforce/command

The new version differs by 32 commits.

• 76e3220 chore(release): 5.0.0 [ci skip]
• 45951bc Merge pull request [skip ci] Fix promotion of CLI to beta #60 from salesforcecli/wr/corev3
• d2ec30b chore: use regex
• 5a196d3 chore: remove suffix Error from error names
• ce6a297 chore: update oclif/core version
• fb1fe34 chore: update core
• 9a43cc7 chore: use OCLIF Flags
• 121c80b chore: clean up comments
• 5c43e25 docs: standardize flags as sf messages
• 0c419f5 docs: standardize command sf messages
• a728e92 chore: use CliUx, core everywhere
• 794037a chore: command v5 including core3, oclif/core
• 9de2661 Merge pull request Dependency Check before deploying unlocked packages #57 from salesforcecli/dependabot-npm_and_yarn-oclif-parser-3.8.7
• 770e864 chore(deps): bump @ oclif/parser from 3.8.6 to 3.8.7
• b437983 Merge pull request Do not throw error when package build number exceeds 999 #58 from salesforcecli/dependabot-npm_and_yarn-salesforce-core-2.35.3
• fbab047 chore(deps): bump @ salesforce/core from 2.35.0 to 2.35.3
• b80ccfd Merge pull request Move agents to ubuntu-latest #59 from salesforcecli/dependabot-npm_and_yarn-salesforce-kit-1.5.33
• a414a46 chore(deps): bump @ salesforce/kit from 1.5.30 to 1.5.33
• 6c9a589 Merge pull request Remove tagging function from CLI packaging tasks #48 from salesforcecli/sync-dependabot
• 5dadb0c Merge pull request New Task for Pushing Tags to Git #52 from salesforcecli/dependabot-npm_and_yarn-trim-off-newlines-1.0.3
• e0680a9 Merge branch 'main' into sync-dependabot
• 74c1f84 chore(deps): bump trim-off-newlines from 1.0.1 to 1.0.3
• d873e1c Merge pull request Add maintainer to docs/maintainers.md #53 from salesforcecli/dependabot-npm_and_yarn-oclif-config-1.18.3
• 90abfef chore(deps-dev): bump @ oclif/config from 1.18.2 to 1.18.3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[codecov-commenter]

Codecov Report

Merging #916 (063fe08) into develop (102a038) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop     #916   +/-   ##
========================================
  Coverage    80.16%   80.16%           
========================================
  Files           36       36           
  Lines         1104     1104           
  Branches       234      234           
========================================
  Hits           885      885           
  Misses         219      219           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 102a038...063fe08. Read the comment docs.

[azlam-abdulsalam]

Will update later