[Snyk] Fix for 8 vulnerabilities

[jhamot]

Snyk has created this PR to fix 8 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• script/package.json
• script/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Code Injection SNYK-JS-LODASH-1040724	398
	Prototype Pollution SNYK-JS-LODASH-567746	319
	Prototype Pollution SNYK-JS-LODASH-6139239	267
	Prototype Pollution SNYK-JS-LODASH-450202	254
	Prototype Pollution SNYK-JS-LODASH-608086	250
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AJV-15274295	157
	Prototype Pollution SNYK-JS-LODASH-15053838	144
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	104

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 Prototype Pollution

[jhamot]

This release includes several major version upgrades with significant breaking changes. The upgrades for eslint and npm are high-risk and require immediate developer action to migrate configuration files and adapt to new behaviors. The webdriverio upgrade is medium-risk, primarily due to a dropped Node.js version.

Top 3 Most Impactful Upgrades

1. eslint 5.16.0 → 9.0.0 (HIGH RISK)

This is a substantial upgrade across four major versions (v6, v7, v8, v9), introducing numerous breaking changes that will require significant migration effort.

Key Breaking Changes:

• New Config File Format (v9): ESLint v9 introduces eslint.config.js (flat config) as the new default and deprecates the traditional .eslintrc.* format. Existing configurations must be migrated to the new format.
• CLIEngine Removed (v8): The CLIEngine class, deprecated in v7, was completely removed in v8. Any custom scripts or integrations using CLIEngine must be updated to use the new asynchronous ESLint class.
• Node.js Version Support: Support for older Node.js versions has been progressively dropped. v9 requires Node.js v18.18.0 or newer.
• Rule and Formatter Changes: Core rules have been moved to plugins (e.g., Node.js rules in v7), and several formatters have been removed and must be installed as separate packages (e.g., codeframe and table in v8).

Recommendation: This upgrade requires a dedicated migration effort. Developers must rewrite ESLint configurations to the new flat config format and update any scripts that relied on the old CLIEngine API. Start by following the official ESLint migration guides for v6, v7, v8, and finally v9.

Source: ESLint Migration Guides

2. npm 6.14.16 → 7.0.0 (HIGH RISK)

This major version introduces fundamental changes to dependency management and command-line behavior.

Key Breaking Changes:

• Automatic Peer Dependency Installation: npm v7 automatically installs peerDependencies, whereas v6 only showed a warning. This is a major behavioral change that can alter your node_modules tree and potentially break builds if peer dependency conflicts exist.
• New package-lock.json v2 Format: The lockfile format has been updated and is not backward-compatible with npm v6.
• Workspaces: Introduces native support for monorepos via workspaces.
• npx and npm audit Changes: npx has been rewritten and now prompts before executing a command for a package that is not already installed. The output format for npm audit has also changed significantly, which may break CI/CD scripts that parse its output.

Recommendation: Carefully review your project's peer dependencies before merging. The automatic installation may introduce unexpected packages. Ensure your deployment and CI/CD environments are updated to handle the new lockfile format and npm audit output.

Source: npm v7 Release Blog

3. webdriverio 5.9.2 → 6.0.0 (MEDIUM RISK)

This upgrade is less disruptive than the previous major version but contains an important environment change.

Key Breaking Changes:

• **Node

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.