[Snyk] Fix for 8 vulnerabilities

[jhamot]

Snyk has created this PR to fix 8 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• script/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Code Injection SNYK-JS-LODASH-1040724	398
	Prototype Pollution SNYK-JS-LODASH-567746	317
	Prototype Pollution SNYK-JS-LODASH-6139239	267
	Prototype Pollution SNYK-JS-LODASH-450202	254
	Prototype Pollution SNYK-JS-LODASH-608086	250
	Directory Traversal SNYK-JS-TAR-15127355	129
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	104
	Prototype Pollution SNYK-JS-LODASH-15053838	87

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[jhamot]

The upgrade to npm v7 introduces significant breaking changes, while the babel-eslint update is minor but involves a deprecated package.

• npm 6.14.16 → 7.21.0 (High Risk): This major version upgrade automatically installs peer dependencies, which was not the default behavior in v6 and can break existing workflows. [1, 5] The package-lock.json format has been updated, npx was rewritten, and the output for npm audit has changed significantly. [1, 2] Projects relying on the old peer dependency behavior or scripts that parse npm audit output will require validation.

• babel-eslint 10.0.1 → 10.1.0 (Low Risk): This is a minor update with no breaking changes. However, the babel-eslint package is deprecated and has been replaced by @babel/eslint-parser. [10, 11] Future work should prioritize migrating to the new package to receive updates. [8]

Recommendation: Carefully validate the project's dependency installation and any scripts using npm audit after the npm upgrade. Plan to migrate from babel-eslint to @babel/eslint-parser.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.