[Snyk] Fix for 1 vulnerabilities

[jhamot]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Inefficient Algorithmic Complexity SNYK-JS-MINIMATCH-15353389	170

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[jhamot]

This release includes three high-risk major version upgrades for babel-core, glob, and mocha, which require significant code and configuration changes. A fourth upgrade to minimatch is a low-risk patch.

Highlights

• babel-core@5.8.38 → babel-core@6.10.4 (HIGH RISK)
  This is a foundational upgrade that changes how Babel is configured. Babel 6 introduced a plugin-based architecture, moving away from the previous "batteries-included" approach. All transpilation features now require explicit installation and configuration of presets (e.g., babel-preset-es2015) and plugins in a .babelrc file.

  Recommendation: This is a major refactoring effort that will cause build failures until the Babel configuration is completely rewritten. This should be addressed in a separate, dedicated effort before merging.

• glob@7.2.3 → glob@12.0.0 (HIGH RISK)
  This upgrade spans multiple major versions and introduces several critical breaking changes. The API has been completely rewritten.

  • API Changes: The library now uses a Promise-based API instead of callbacks and no longer provides a default export (named exports must be used). The Glob class is no longer an event emitter.
  • Path Separators: Backslashes (\) are no longer treated as path separators on any platform, including Windows. All glob patterns must use forward slashes (/).
  • Node.js Support: Support for Node.js versions below 16 has been dropped.

  Recommendation: All calls to glob must be updated to use the new Promise-based API with named imports. File paths, especially on Windows, must be verified to use forward slashes.

• mocha@6.2.3 → mocha@10.6.0 (HIGH RISK)
  This upgrade introduces breaking changes related to configuration, command-line options, and module loading.

  • Configuration: Support for mocha.opts is deprecated and has been removed in later versions. Configuration should be moved to a dedicated file (e.g., .mocharc.js).
  • Node.js Support: Support for Node.js versions below 12 has been dropped.
  • Module Loading: Mocha v10 is ESM-first, meaning it attempts to load test files with import() before falling back to require(), which could impact CommonJS projects.
  • CLI Changes: Several command-line flags have been removed or replaced (e.g., --reporters is now --list-reporters).

• Additional Upgrades: The upgrade for minimatch (3.1.2 → 3.1.3) is a patch release with no documented breaking changes and is considered low risk.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.