[Snyk] Security upgrade gh-pages from 4.0.0 to 6.2.0

[gitafolabi]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gh-pages

The new version differs by 112 commits.

• 4b29930 6.2.0
• a3df19c Log changes
• 0b721f3 Merge pull request #581 from tschaub/updates
• 13b6efc Update globby
• 5a8c819 Merge pull request #578 from tschaub/dependabot/npm_and_yarn/sinon-19.0.2
• bf7ed42 Merge pull request #579 from tschaub/dependabot/npm_and_yarn/eslint-8.57.1
• e55b0dd Bump eslint from 8.57.0 to 8.57.1
• b525485 Bump sinon from 18.0.0 to 19.0.2
• fc668f2 Merge pull request #576 from tschaub/dependabot/npm_and_yarn/async-3.2.6
• d55ea9f Bump async from 3.2.5 to 3.2.6
• 202aa11 Merge pull request #573 from tschaub/dependabot/npm_and_yarn/mocha-10.7.3
• 1938ffc Bump mocha from 10.7.0 to 10.7.3
• bec3b5a Merge pull request #571 from tschaub/dependabot/npm_and_yarn/mocha-10.7.0
• 8c3f124 Bump mocha from 10.6.0 to 10.7.0
• bd04ece Merge pull request #569 from tschaub/dependabot/npm_and_yarn/mocha-10.6.0
• ee1139a Bump mocha from 10.4.0 to 10.6.0
• 7568804 Merge pull request #563 from tschaub/dependabot/npm_and_yarn/braces-3.0.3
• ea804b2 Bump braces from 3.0.2 to 3.0.3
• dd28911 Merge pull request #561 from tschaub/dependabot/npm_and_yarn/sinon-18.0.0
• 0912f47 Bump sinon from 17.0.2 to 18.0.0
• c9d7ef6 Merge pull request #557 from tschaub/dependabot/npm_and_yarn/sinon-17.0.2
• fc349cb Bump sinon from 17.0.1 to 17.0.2
• 985f370 Merge pull request #555 from tschaub/dependabot/npm_and_yarn/dir-compare-5.0.0
• d4f6bd1 Bump dir-compare from 4.2.0 to 5.0.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[dryrunsecurity]

DryRun Security Summary

This GitHub Pull Request updates the gh-pages dependency in the package.json file from version 4.0.0 to 6.2.0, a major version update that could introduce breaking changes or new features, but is generally not a security concern as it is a development dependency used for deploying the application to GitHub Pages.

Expand for full summary

Summary:

The changes in this GitHub Pull Request are focused on updating the gh-pages dependency in the package.json file. This is a major version update from 4.0.0 to 6.2.0, which could potentially introduce breaking changes or new features. From an application security perspective, this update is generally not a concern, as gh-pages is a development dependency used for deploying the application to GitHub Pages. However, it's always a good practice to review the release notes and change logs for any major version updates to ensure there are no known security vulnerabilities or breaking changes that could impact the application. Apart from the gh-pages version update, there are no other significant changes in the package.json file. Overall, the changes in this Pull Request appear to be routine and not introduce any immediate security concerns.

Files Changed:

• package.json: The gh-pages dependency has been updated from version 4.0.0 to version 6.2.0. This is a major version update, which could potentially introduce breaking changes or new features. Apart from this update, there are no other significant changes in the package.json file.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[dryrunsecurity]

DryRun Security Summary

The changes in this GitHub Pull Request focus on updating the gh-pages dependency in the package.json file from version 4.0.0 to 6.2.0, which is a major version update that could potentially introduce breaking changes or new features, but does not raise any immediate security concerns.

Expand for full summary

Summary:

The changes in this GitHub Pull Request are focused on updating the gh-pages dependency in the package.json file. This is a major version update from 4.0.0 to 6.2.0, which could potentially introduce breaking changes or new features. From an application security perspective, this update is generally not a concern, as gh-pages is a development dependency used for deploying the application to GitHub Pages. However, it's always a good practice to review the release notes and change logs for any major version updates to ensure there are no known security vulnerabilities or breaking changes that could impact the application. Apart from the gh-pages version update, there are no other significant changes in the package.json file. Overall, the changes in this Pull Request appear to be routine and not introduce any immediate security concerns.

Files Changed:

• package.json: The gh-pages dependency has been updated from version 4.0.0 to version 6.2.0. This is a major version update, which could potentially introduce breaking changes or new features. Apart from this update, there are no other significant changes in the package.json file.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.