[Snyk] Fix for 8 vulnerabilities

[jhamot]

Snyk has created this PR to fix 8 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• script/package.json
• script/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Code Injection SNYK-JS-LODASH-1040724	398
	Prototype Pollution SNYK-JS-LODASH-567746	319
	Prototype Pollution SNYK-JS-LODASH-6139239	267
	Prototype Pollution SNYK-JS-LODASH-450202	254
	Prototype Pollution SNYK-JS-LODASH-608086	250
	Prototype Pollution SNYK-JS-LODASH-15053838	144
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	104
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-15268416	62

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

[jhamot]

This release includes a major upgrade to npm from v6 to v7, which introduces significant breaking changes. Upgrades for webdriverio and babel-eslint are also included with medium and low risk, respectively.

Top 3 Most Impactful Upgrades

• npm@6.14.16 → npm@7.0.0 (High Risk)
  This is a major update to the Node.js package manager with several breaking changes. The most critical change is the automatic installation of peer dependencies. Previously, missing peer dependencies would only cause a warning; in npm 7, it will attempt to install them, which can lead to conflicts and failed installations.

  Other breaking changes include:

  • A new package-lock.json v2 format.
  • A complete rewrite of npx, which now prompts before installing missing packages.
  • Changes to the output of npm audit.

  Recommendation: Developers must verify their project's peer dependency resolution. If conflicts arise, they may need to be resolved manually or by using the --legacy-peer-deps flag as a temporary workaround.
  Source: The GitHub Blog, npm v7 Beta Release Notes

• webdriverio@5.9.2 → webdriverio@6.0.0 (Medium Risk)
  This major version upgrade drops support for Node.js v8, which reached its end-of-life in early 2020. The default automation protocol has been changed to devtools (with Puppeteer as a fallback), which may remove the need for a separate browser driver for local testing. Some command parameters and service configurations were also changed.

  Recommendation: Ensure your environment is running Node.js v12 or newer. The WebdriverIO team has provided a codemod script to help automate the migration of configuration and test files, which should be run to handle the API changes.
  Source: WebdriverIO v6 Release Blog, Migration Guide

• babel-eslint@10.0.1 → babel-eslint@10.1.0 (Low Risk)
  This is a minor update whose primary purpose is to inform users that the package has been deprecated and replaced by @babel/eslint-parser. This version will no longer receive updates. The upgrade itself introduces no breaking changes, but a warning will now appear upon installation.

  Recommendation: Plan a future migration from babel-eslint to @babel/eslint-parser to continue receiving updates and support.
  Source: npm Package Page

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.