[Snyk] Upgrade rewire from 2.5.2 to 6.0.0

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade rewire from 2.5.2 to 6.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2021-12-19.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: rewire

• 6.0.0 - 2021-12-19
  
  • Breaking: Remove Node v8 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v8 as well.
  • Update dependencies #193
  • Fix Modifying globals within module leaks to global with Node >=10 #167
  • Fixed import errors on modules with shebang declarations #179
• 5.0.0 - 2020-03-11
  
  • Breaking: Remove Node v6 support. We had to do this because one of our dependencies had security issues and the version with the fix dropped Node v6 as well.
  • Update dependencies #159 #172 #154 #166
• 4.0.1 - 2018-04-24
  
  • Fix a bug where const was not properly detected #139
• 4.0.0 - 2018-04-09
  
  • Breaking: Remove official node v4 support. It probably still works with node v4, but no guarantees anymore.
  • Potentially breaking: Replace babel with regex-based transformation 9b77ed9a293c538ec3eb5160bcb933e012ce517f.
    This should not break, but it has been flagged as major version bump as the regex might not catch all cases reliably and thus fail for some users.
  • Improve runtime performance #132
  • Use coffeescript package in favor of deprecated coffee-script #134
• 3.0.2 - 2017-11-20
  
  • Fix a bug where rewire used the project's .babelrc #119 #123
• 3.0.1 - 2017-11-15
  
  • Fix Unknown Plugin "transform-es2015-block-scoping" #121 #122
• 3.0.0 - 2017-11-11
  
  • Breaking: Remove support for node versions below 4
  • Add support for const #79 #95 #117 #118
• 2.5.2 - 2016-07-01
  
  • Fix cluttering of require.extensions even if CoffeeScript is not installed #98

from rewire GitHub release notes

Commit messages

Package name: rewire

• 9e7f846 v6.0.0
• 39fe8e2 Update CHANGELOG.md
• daaba26 Update package-lock.json
• 4e5abba Replace istanbul with nyc
• a511f92 Replace Travis with GitHub action
• 22572ac Merge pull request Handle missing env vars when detecting profile jasongin/nvs#168 from rensbaardman/fix-167-global-var-leakage
• 9dba017 Replace several push calls with a single one
• 0b6d85a Re-add test case for globals
• 92d9a33 Merge branch 'master' into fix-167-global-var-leakage
• d1474b3 Merge pull request shell aliases conflict with nvs.sh jasongin/nvs#171 from rensbaardman/stack-trace-test-firefox
• b70fdc0 Improve shebang test
• 9f194a7 Merge branch 'master' into stack-trace-test-firefox
• 0584c53 Merge pull request Edge case platforms jasongin/nvs#169 from rensbaardman/change-carriage-returns
• ae4bd02 Improve shebang test
• 54440b6 Merge pull request Warning: NVS cannot update PATH unless sourced from the shell jasongin/nvs#179 from breautek/shebang-fix
• 869fb2c 5.0.0
• 9ec9276 Merge pull request Bump y18n from 4.0.0 to 4.0.1 jasongin/nvs#193 from tsekityam/tsekityam/patch-1
• 70c0c07 Add missing dev dependency istanbul
• 342487f Bump eslint to v7
• 30b8eef Bump mocha to v9
• 0244069 fix: Unable to use in Powershell due to absence of digital signature jasongin/nvs#178 import error on shebang modules
• dea7b22 test: Unable to use in Powershell due to absence of digital signature jasongin/nvs#178 Unit tests for importing shebang modules
• 90e781f Update CHANGELOG
• 287e645 Remove node 6 support

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: 56124f2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR