[Snyk] Fix for 5 vulnerabilities

[jhamot]

Snyk has created this PR to fix 5 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	266
	Symlink Attack SNYK-JS-TARFS-9535930	231
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	170
	Improper Link Resolution Before File Access ('Link Following') SNYK-JS-TARFS-10293725	124
	Symlink Following SNYK-JS-TARFS-13045213	58

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Link Resolution Before File Access ('Link Following')

[jhamot]

This release includes several major version upgrades that introduce significant breaking changes, requiring code and configuration modifications.

Top 3 Most Impactful Upgrades

• babel-core 5.8.38 → 6.2.0 (High Risk): This is a major architectural overhaul. Babel 6 transitioned to a plugin-based system and no longer performs any transformations by default. You must now explicitly install and configure presets (e.g., babel-preset-es2015) and plugins in a .babelrc file to process your code. The main babel package is deprecated, and API usage like require("babel/register") must be changed to require("babel-core/register").

  • Recommendation: This upgrade requires a complete reconfiguration of your Babel setup. Follow a migration guide to install the necessary presets and update your build scripts.

• glob 7.2.3 → 12.0.0 (High Risk): This upgrade spans multiple major versions with critical breaking changes. The API is now Promise-based instead of using callbacks, which will break all existing calls. Furthermore, starting in v8, backslashes (\) are treated exclusively as escape characters, not path separators; all patterns must use forward slashes (/), a significant change for Windows environments. Support for Node.js versions below 16 has also been dropped.

  • Recommendation: Refactor all glob calls to use the new Promise-based API (await glob(...)) and ensure all glob patterns use forward slashes as path separators.

• minimatch 3.1.2 → 10.2.1 (High Risk): This large version jump introduces a critical breaking change by adopting ES Modules (ESM). Projects using require('minimatch') will fail with an ERR_REQUIRE_ESM error and must be updated to use dynamic import() or be converted to ESM. This is a fundamental change that will break CommonJS-based projects.

  • Recommendation: Convert your usage of minimatch from require() to dynamic import() or migrate the consuming file to an ES module.

Other Upgrades

• prebuild-install 6.0.0 → 7.1.3 (Low Risk): No major API breaking changes were identified, though the ecosystem is shifting towards prebuildify as a recommended alternative.
• **fs-admin 0.15.0 →

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.