[Snyk] Security upgrade braces from 3.0.2 to 3.0.3

[snyk-io]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
• package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 9, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: braces

The new version differs by 12 commits.

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (Bump prettier from 2.6.0 to 2.6.1 google/wireit#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request Bump @types/node from 17.0.21 to 17.0.22 google/wireit#37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/Braces is marked as DoS vulnerable via Memory Exhaustion by Blackduck micromatch/braces#36#issuecomment-2110820796)
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (Automatically treat package-lock.json as input files google/wireit#27)
• 3f8e7ff Failing test cases for issue \Don't start new scripts after one has failed google/wireit#29 (Actively kill running scripts when wireit receives kill signal google/wireit#30)
• 0c04d6f Create FUNDING.yml

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@web/dev-server@0.4.5	Transitive: environment, eval, filesystem, network, shell, unsafe	+152	53.5 MB	modern-web
npm/markdown-it@14.1.0	None	+4	907 kB	vitaly

🚮 Removed packages: npm/@web/dev-server@0.4.3, npm/braces@3.0.2, npm/markdown-it@14.0.0

View full report↗︎