This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **658/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: ava
The new version differs by 154 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/averissimo/project/c0e58fb6-7084-49b4-9b48-1ba2b82456cb?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/averissimo/project/c0e58fb6-7084-49b4-9b48-1ba2b82456cb?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"7322b7cb-61ad-458e-8443-c21c66614480","prPublicId":"7322b7cb-61ad-458e-8443-c21c66614480","dependencies":[{"name":"ava","from":"3.12.1","to":"4.0.0"},{"name":"xo","from":"0.33.1","to":"0.53.0"}],"packageManager":"npm","projectPublicId":"c0e58fb6-7084-49b4-9b48-1ba2b82456cb","projectUrl":"https://app.snyk.io/org/averissimo/project/c0e58fb6-7084-49b4-9b48-1ba2b82456cb?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **658/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: ava
The new version differs by 154 commits.- 9bc615e 4.0.0
- f09742f Clean up documentation in preparation for AVA 4
- 0187779 Dependency updates
- 29024af Test compatibility with TypeScript 4.5
- 8df118b Use AVA 4 for the self-hosted tests
- bedd1d0 Remove dependency on `equal-length`
- d4ec097 Improve wording in TypeScript recipe
- b3a1b72 Mention experimental specifier resolution in TypeScript recipe
- 77623a5 Handle path sources
- 5cdeb9d 4.0.0-rc.1
- 88e7680 Final ESM tweaks
- 60b7cf8 Align shared worker protocol identifier with provider protocols
- ad521af Graduate shared workers to be non-experimental
- 0edfd00 Skip flaky tests in CI
- c4f6723 Use thread IDs
- af30e73 Remove dead code and obsolete TODOs
- 6ed3ad1 Reduce XO exceptions
- 5a48893 Update XO and fix problems
- a7737cd Update dependencies
- dc405ef Fix Mongoose recipe
- c214512 Find ava.config.* files outside of project directory
- 44aebd9 Exclude more files from code coverage
- def2885 Improve handling of temporary file changes in watch mode
- 1a62f15 Switch to .xo-config.cjs
See the full diffPackage name: xo
The new version differs by 145 commits.- 100dc9b 0.53.0
- 91d10d1 Require Node.js 14
- e678209 Update link to `n` ESLint plugin (#696)
- db6e207 0.52.4
- e69a192 Fix a bug with relative `extends` (#686)
- f9c7db9 Update XO badge (#692)
- 92b3a3d Replace link to `node` ESLint plugin with `n` in readme (#690)
- 35645f6 0.52.3
- a608bf1 Fix compatibility problem with Windows (#687)
- bbf323b 0.52.2
- 4cf8b05 Fix tsconfig resolution quirks (#683)
- c8ec522 0.52.1
- de5f878 Ensure tsconfig lookups work as expected (#680)
- a152e1b 0.52.0
- b6fea12 Update dependencies
- b661eb8 Implement full tsconfig resolution (#677)
- 7fe3b48 0.51.0
- cd86133 Include `rulesMeta` in linting results (#674)
- 9ac43fd 0.50.0
- 00d51de Update dependencies
- 3a4c9c9 Switch to eslint-plugin-node's maintained fork (#660)
- ce76e49 Fix link
- eb65ea4 0.49.0
- 5f0e53d Update dependencies
See the full diff