[Snyk] Security upgrade babel-plugin-module-resolver from 4.1.0 to 5.0.0

[MelvinBot]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	499/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-plugin-module-resolver

The new version differs by 3 commits.

• ff8a445 chore(release): 5.0.0
• c43e71c chore: Update dependencies and find-babel-config to fix json5 vulnerabilities (Not receiving new chat messages, refreshing logs out and results "404 No User with that partner ID" #441)
• f2daf06 docs: Valid install commands when using Github copy button (Refactor the rest of the code to remove Ion.get() #426)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[melvin-bot]

@sketchydroide Please copy/paste the Reviewer Checklist from here into a new comment on this PR and complete it. If you have the K2 extension, you can simply click: [this button]

[sketchydroide]

Reviewer Checklist

• I have verified the author checklist is complete (all boxes are checked off).
• I verified the correct issue is linked in the ### Fixed Issues section above
• I verified testing steps are clear and they cover the changes made in this PR
  • I verified the steps for local testing are in the Tests section
  • I verified the steps for Staging and/or Production testing are in the QA steps section
  • I verified the steps cover any possible failure scenarios (i.e. verify an input displays the correct error message if the entered data is not correct)
  • I turned off my network connection and tested it while offline to ensure it matches the expected behavior (i.e. verify the default avatar icon is displayed if app is offline)
• I checked that screenshots or videos are included for tests on all platforms
• I included screenshots or videos for tests on all platforms
• I verified tests pass on all platforms & I tested again on:
  • Android / native
  • Android / Chrome
  • iOS / native
  • iOS / Safari
  • MacOS / Chrome / Safari
  • MacOS / Desktop
• If there are any errors in the console that are unrelated to this PR, I either fixed them (preferred) or linked to where I reported them in Slack
• I verified proper code patterns were followed (see Reviewing the code)
  • I verified that any callback methods that were added or modified are named for what the method does and never what callback they handle (i.e. toggleReport and not onIconClick).
  • I verified that comments were added to code that is not self explanatory
  • I verified that any new or modified comments were clear, correct English, and explained "why" the code was doing something instead of only explaining "what" the code was doing.
  • I verified any copy / text shown in the product is localized by adding it to src/languages/* files and using the translation method
  • I verified all numbers, amounts, dates and phone numbers shown in the product are using the localization methods
  • I verified any copy / text that was added to the app is correct English and approved by marketing by adding the Waiting for Copy label for a copy review on the original GH to get the correct copy.
  • I verified proper file naming conventions were followed for any new files or renamed files. All non-platform specific files are named after what they export and are not named "index.js". All platform-specific files are named for the platform the code supports as outlined in the README.
  • I verified the JSDocs style guidelines (in STYLE.md) were followed
• If a new code pattern is added I verified it was agreed to be used by multiple Expensify engineers
• I verified that this PR follows the guidelines as stated in the Review Guidelines
• I verified other components that can be impacted by these changes have been tested, and I retested again (i.e. if the PR modifies a shared library or component like Avatar, I verified the components using Avatar have been tested & I retested again)
• I verified all code is DRY (the PR doesn't include any logic written more than once, with the exception of tests)
• I verified any variables that can be defined as constants (ie. in CONST.js or at the top of the file that uses the constant) are defined as such
• If a new component is created I verified that:
  • A similar component doesn't exist in the codebase
  • All props are defined accurately and each prop has a /** comment above it */
  • The file is named correctly
  • The component has a clear name that is non-ambiguous and the purpose of the component can be inferred from the name alone
  • The only data being stored in the state is data necessary for rendering and nothing else
  • For Class Components, any internal methods passed to components event handlers are bound to this properly so there are no scoping issues (i.e. for onClick={this.submit} the method this.submit should be bound to this in the constructor)
  • Any internal methods bound to this are necessary to be bound (i.e. avoid this.submit = this.submit.bind(this); if this.submit is never passed to a component event handler like onClick)
  • All JSX used for rendering exists in the render method
  • The component has the minimum amount of code necessary for its purpose, and it is broken down into smaller components in order to separate concerns and functions
• If any new file was added I verified that:
  • The file has a description of what it does and/or why is needed at the top of the file if the code is not self explanatory
• If a new CSS style is added I verified that:
  • A similar style doesn't already exist
  • The style can't be created with an existing StyleUtils function (i.e. StyleUtils.getBackgroundAndBorderStyle(themeColors.componentBG)
• If the PR modifies a generic component, I tested and verified that those changes do not break usages of that component in the rest of the App (i.e. if a shared library or component like Avatar is modified, I verified that Avatar is working as expected in all cases)
• If the PR modifies a component related to any of the existing Storybook stories, I tested and verified all stories for that component are still working as expected.
• If a new page is added, I verified it's using the ScrollView component to make it scrollable when more elements are added to the page.
• I have checked off every checkbox in the PR reviewer checklist, including those that don't apply to this PR.

Screenshots/Videos

Web

Mobile Web - Chrome

Mobile Web - Safari

Desktop

iOS

Android

[sketchydroide]

I though we originally did not use this, but we do just not for it seems, but for a log we use to access the library, it's a bit weird, but yeah I think we need to update this.

Can't really test as this is only used in prod for logs, so even it fails it's not critical, and I see no reason why it should fail.

[melvin-bot]

@sketchydroide looks like this was merged without a test passing. Please add a note explaining why this was done and remove the Emergency label if this is not an emergency.

[sketchydroide]

not an emergency snyk just doesn't have a list

[github-actions]

Performance Comparison Report 📊

Significant Changes To Duration

There are no entries

Meaningless Changes To Duration

Show entries

Name	Duration
App start nativeLaunch	9.467 ms → 19.862 ms (+10.395 ms, +109.8%) 🟡
App start TTI	655.068 ms → 659.982 ms (+4.914 ms, +0.8%)
App start runJsBundle	179.903 ms → 181.844 ms (+1.941 ms, +1.1%)
Open Search Page TTI	601.460 ms → 602.860 ms (+1.400 ms, ±0.0%)
App start regularAppStart	0.014 ms → 0.020 ms (+0.006 ms, +41.1%) 🟡

Show details

Name	Duration
App start nativeLaunch	Baseline Mean: 9.467 ms Stdev: 1.176 ms (12.4%) Runs: 7 8 8 8 8 8 9 9 9 9 9 9 9 9 9 9 10 10 10 10 10 10 10 10 10 11 11 11 12 12 Current Mean: 19.862 ms Stdev: 1.995 ms (10.0%) Runs: 17 18 18 18 18 18 18 18 18 19 19 19 19 19 20 20 20 20 20 20 21 21 21 21 21 22 23 24 26
App start TTI	Baseline Mean: 655.068 ms Stdev: 26.858 ms (4.1%) Runs: 596.5797339999117 618.3542010001838 620.5728719998151 626.4835190000013 629.4116250001825 633.9412659998052 634.4606329998933 637.1574539998546 637.454888000153 638.3564109997824 642.0885270000435 642.1126790000126 643.5767299998552 644.951661999803 647.7301960000768 654.2165430001915 659.1944340001792 660.4546759999357 661.6976109999232 664.147338999901 670.9050269997679 671.122868000064 672.7720229998231 676.1752450000495 680.3696170002222 683.0637469999492 690.4117339998484 692.4056950001977 705.9933039997704 715.8913039998151 Current Mean: 659.982 ms Stdev: 31.521 ms (4.8%) Runs: 599.3663989999332 604.2833589999937 618.35006600013 622.7409649998881 626.8371729999781 627.1197620001622 630.8234930001199 631.6348339999095 632.7969450000674 637.2417219998315 638.5776740000583 643.3994499999098 646.7354549998417 651.890103999991 657.3217380000278 658.3984289998189 660.0812610001303 664.1398519999348 668.0810270002112 672.2990480000153 678.6964349998161 679.7670379998162 681.7863260000013 684.2775519997813 687.9165659998544 691.0041780001484 693.0892190001905 699.9385899999179 702.2001379998401 703.6313260002062 704.0254080002196 720.9745590002276
App start runJsBundle	Baseline Mean: 179.903 ms Stdev: 19.286 ms (10.7%) Runs: 151 153 155 157 159 162 163 163 164 164 166 167 170 173 175 182 183 183 186 186 188 189 192 195 199 200 200 201 213 213 225 Current Mean: 181.844 ms Stdev: 19.108 ms (10.5%) Runs: 154 156 158 161 162 163 164 164 171 173 173 174 174 174 176 176 177 178 179 180 182 185 185 195 197 206 206 209 213 214 216 224
Open Search Page TTI	Baseline Mean: 601.460 ms Stdev: 24.024 ms (4.0%) Runs: 556.466065000277 565.7038169996813 572.1431889999658 572.7518309997395 572.9634199999273 578.957438999787 581.9707450000569 584.1168619999662 585.1207679999061 588.6910810000263 588.7984219999053 590.4847409999929 591.510050999932 592.160279000178 594.9338380000554 594.9697270002216 596.8554290002212 598.4552409998141 598.8572599999607 602.7192799998447 608.1552740000188 610.8528249999508 610.9948330000043 613.6928710001521 619.9918209998868 621.7423100001179 622.560099999886 625.956298999954 629.4572760001756 630.6279710000381 632.9803869999014 645.4833180001006 667.0464679999277 Current Mean: 602.860 ms Stdev: 25.255 ms (4.2%) Runs: 562.8328860001639 568.1204840000719 568.5058599999174 572.6751299998723 575.8291420000605 578.3887129998766 580.3161629997194 583.2635909998789 585.5281980000436 586.7306730002165 587.7455649999902 592.7826750003733 592.8096110001206 594.2083330000751 595.0450440002605 599.071858999785 599.7838950003497 599.7884120000526 599.9979659998789 600.3596189999953 602.9996750000864 603.5371909998357 613.0725499996915 616.6370439999737 618.7978509999812 620.0765789998695 629.0843100002967 632.9905199999921 633.6618249998428 638.7539059999399 638.8396809999831 660.366578000132 661.772054000292
App start regularAppStart	Baseline Mean: 0.014 ms Stdev: 0.002 ms (11.4%) Runs: 0.012165999971330166 0.01220700005069375 0.012246999889612198 0.01228900020942092 0.012370000127702951 0.012736000120639801 0.01281800027936697 0.012898999731987715 0.012899000197649002 0.01293900003656745 0.012980000115931034 0.013143000192940235 0.013305999804288149 0.013386999722570181 0.013427999801933765 0.013591000344604254 0.013753000181168318 0.013956000097095966 0.014444999862462282 0.014485999941825867 0.014810999855399132 0.015137000009417534 0.015178000088781118 0.015463000163435936 0.016112999990582466 0.016112999990582466 0.016316999681293964 0.016398000065237284 0.016642000060528517 0.016764000058174133 0.018025999888777733 Current Mean: 0.020 ms Stdev: 0.002 ms (8.4%) Runs: 0.017456000205129385 0.0176189998164773 0.017821999732404947 0.017862999811768532 0.01822899980470538 0.0185139998793602 0.018554999958723783 0.0186769999563694 0.018718000035732985 0.019082999788224697 0.01920600002631545 0.0194089999422431 0.019449000246822834 0.01949099963530898 0.019491000100970268 0.019816000014543533 0.02010100008919835 0.0204670000821352 0.020589000079780817 0.020711000077426434 0.020752000156790018 0.02119999984279275 0.021484999917447567 0.021525000222027302 0.021566000301390886 0.02217600028961897 0.022664000280201435 0.023477999959141016 0.023478999733924866

[OSBotify]

🚀 Deployed to staging by @sketchydroide in version: 1.2.52-1 🚀

platform	result
🤖 android 🤖	failure ❌
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅

[OSBotify]

🚀 Deployed to production by @Julesssss in version: 1.2.52-4 🚀

platform	result
🤖 android 🤖	success ✅
🖥 desktop 🖥	success ✅
🍎 iOS 🍎	success ✅
🕸 web 🕸	success ✅