[meta] package.json - Update Jest & jscodeshift

[lb-]

• Resolves multiple npm audit issues - 11 vulnerabilities (9 moderate, 2 high)
• Manually ran tests locally while updating each version of babel-jest progressively and no issues found
• Ran the npm run create commands as documented after jscodeshift update and no issues found

After this update, as of today, there are now 0 vulnerabilities.

These are only development dependencies, nonetheless it's better to try to update these where possible as they still run on contributor machines.

Full audit report as per main branch at 4925ba8

➜ npm audit # npm audit report braces <3.0.3 Severity: high Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg fix available via `npm audit fix --force` Will install jscodeshift@17.0.0, which is a breaking change node_modules/@jest/transform/node_modules/braces node_modules/jest-haste-map/node_modules/braces node_modules/jest-message-util/node_modules/braces node_modules/jscodeshift/node_modules/braces node_modules/sane/node_modules/braces micromatch <=4.0.7 Depends on vulnerable versions of braces node_modules/@jest/transform/node_modules/micromatch node_modules/jest-haste-map/node_modules/micromatch node_modules/jest-message-util/node_modules/micromatch node_modules/jscodeshift/node_modules/micromatch node_modules/sane/node_modules/micromatch @jest/transform <=24.9.0 Depends on vulnerable versions of jest-haste-map Depends on vulnerable versions of jest-util Depends on vulnerable versions of micromatch node_modules/@jest/transform babel-jest 24.2.0-alpha.0 - 24.9.0 Depends on vulnerable versions of @jest/transform node_modules/babel-jest anymatch 1.2.0 - 2.0.0 Depends on vulnerable versions of micromatch node_modules/jest-haste-map/node_modules/anymatch node_modules/sane/node_modules/anymatch jest-haste-map 18.1.0 - 26.6.2 Depends on vulnerable versions of anymatch Depends on vulnerable versions of jest-util Depends on vulnerable versions of micromatch Depends on vulnerable versions of sane node_modules/jest-haste-map sane 1.5.0 - 4.1.0 Depends on vulnerable versions of anymatch Depends on vulnerable versions of micromatch node_modules/sane jest-message-util 18.5.0-alpha.7da3df39 - 24.9.0 Depends on vulnerable versions of micromatch node_modules/jest-message-util @jest/fake-timers <=24.9.0 Depends on vulnerable versions of jest-message-util node_modules/@jest/fake-timers jest-util 24.2.0-alpha.0 - 24.9.0 Depends on vulnerable versions of @jest/fake-timers node_modules/jest-util jscodeshift 0.3.20 - 0.13.1 Depends on vulnerable versions of micromatch node_modules/jscodeshift 11 vulnerabilities (9 moderate, 2 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force 

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/jscodeshift@17.0.0	Transitive: environment, filesystem, shell, unsafe	+164	23.8 MB	daniel15

🚮 Removed packages: npm/jscodeshift@0.7.1

View full report↗︎

[ljharb]

Most audit warnings are false positives; having zero is nice but not a goal to optimize for.

That said, what are the breaking changes in jscodeshift? Tests don’t exercise it - it’s used to generate scaffolding for a new rule.

[lb-]

Thanks @ljharb

I have confirmed I can run the two following scripts before and after the jscodeshift update without triggering any diffs in my local changes.

npm run create -- rule-name --author="Your name" --description="Description of rule" npm run create -- no-marquee --author="Ethan Cohen <@evcohen>" --description="Enforce <marquee> elements are not used." 

Example screenshot of files added

[lb-]

Thanks @ljharb