[Snyk] Security upgrade vsce from 2.6.7 to 2.15.0

[badsyntax]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: vsce

The new version differs by 37 commits.

• ab8770c feat: allow publishing universal target alongside platform specific targets (#790)
• 8c1b1a0 chore: Spelling (#789)
• 9aa361e Merge pull request #787 from microsoft/lramos15/removePrChat-auto
• 2419f51 Remove PR Chat
• df59e0f build(deps): bump minimatch from 3.0.4 to 3.0.5 (#784)
• d608ecd feat: prompt for full name to confirm unpublish action (#782) (#783)
• 1dcedef feat: support pricing model in the manifest file (#749)
• 2589114 feat: allow to skip publishing duplicate package (#776)
• 8e193c9 feat: expose all options to packaging and publishing APIs (#759)
• 5110bcf fix: correct program path in `launch.json` (#771)
• 742720a chore: set up #codereview automation (#768)
• 3024d0f fix: clarify simultaneous use of packagePath and target in `vsce publish` (#765)
• 0940626 fix: list all valid targets in documentation for --target (#766)
• 27fad23 chore: add branch protection (#767)
• 9c50aa6 feat: github actions logging (#752)
• 7e16ed7 fix: support fragments in image URLs (#753)
• 955c760 build(deps): bump shell-quote from 1.7.2 to 1.7.3 (#746)
• 57112fd Merge pull request #745 from microsoft/fix-744
• d68e2f7 Remove check for yarn.lock
• b2288cd fix: ensure that we can define dependency argument in config (#743)
• 76b06f2 build(deps-dev): bump semantic-release from 19.0.2 to 19.0.3 (#741)
• 293f3d5 build(deps): bump semver-regex from 3.1.3 to 3.1.4 (#738)
• 9ef1cf0 build(deps): bump npm from 8.3.2 to 8.12.0 (#736)
• 95823b6 Merge pull request #735 from microsoft/sandy081/horrible-rat

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution