[Snyk] Upgrade: inquirer, node-emoji

[m-heyda]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

inquirer
from 1.0.2 to 1.2.3 | 8 versions ahead of your current version | 8 years ago
on 2016-11-13
node-emoji
from 1.3.0 to 1.11.0 | 15 versions ahead of your current version | 3 years ago
on 2021-08-11

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Code Injection SNYK-JS-LODASH-1040724	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-450202	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-6139239	586	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	586	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	586	Proof of Concept

Release notes

Package name: inquirer

• 1.2.3 - 2016-11-13
  
  • Fix bug with editor prompt #442
• 1.2.2 - 2016-10-11
  

  1.2.2

• 1.2.1 - 2016-09-30
  

  1.2.1

• 1.1.3 - 2016-09-02
  
  • Fix bug where options passed to Inquirer were mutated.
• 1.1.2 - 2016-07-07
  
  • Fix list prompts being re-render each time enter key was pressed. (#395)
• 1.1.1 - 2016-07-04
  
  • Correctly ignore validation on list prompts. (previously the function would be run and throw an exception)

  Instead of validation, you can:

  1. Pass a function as choices so you can filter out invalid choices
  2. If you want the end user to see all choices, then make the invalid choice Separators. That way, they'll be seen, but won't be selectable.
• 1.1.0 - 2016-06-25
  
  • Add a new editor prompt to launch an editor allowing to easily enter multiline content - or edit file content.
• 1.0.3 - 2016-05-30
  
  • Allow falsy values as option value in expand prompt.
• 1.0.2 - 2016-04-17

from inquirer GitHub release notes

Package name: node-emoji

• 1.11.0 - 2021-08-11
  
  • associate email with e-mail emoji rather than envelope emoji #82
  • update get() to handle emoji code arguments so that they aren't wrapped in colons #85
  • migrate to the main lodash package #88
  • add in unicode 13.1 emoji 🍱 and update dependencies to fix vulnerabilities 🔒 #110
• 1.10.0 - 2019-02-15
  
  • update emoji data to v4.0.4 (thanks to @ roopakv)
• 1.9.0 - 2019-02-15
  
  • update emoji data to v2.5.2 (thanks to @ sidbatra)
• 1.8.1 - 2017-07-23
  
  • implement Emoji.strip (removes all emoji from a string) #56 (thanks to @ smeijer)
  • implement Emoji.replace (replaces all emoji in a string) #56 (thanks to @ smeijer)
• 1.8.0 - 2017-07-21
  
  • refactor the whole code base -> performance improvements #52 (thanks to @ smeijer)
  • implement emoji.find() #53 (thanks to @ smeijer)
  • implement emoji.hasEmoji() #54 (thanks to @ smeijer)
• 1.7.0 - 2017-07-10
• 1.6.1 - 2017-07-07
• 1.6.0 - 2017-07-07
• 1.5.1 - 2017-01-15
• 1.5.0 - 2017-01-06
• 1.4.3 - 2016-12-02
• 1.4.2 - 2016-12-02
• 1.4.1 - 2016-09-08
• 1.4.0 - 2016-09-06
• 1.3.1 - 2016-06-20
• 1.3.0 - 2016-04-08

from node-emoji GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Description by Korbit AI

What change is being made?

Upgrade the inquirer dependency from version 1.0.2 to 1.2.3 and the node-emoji dependency from version 1.3.0 to 1.11.0 in the package.json file.

Why are these changes being made?

These upgrades address potential security vulnerabilities and improve compatibility with other packages by ensuring the use of more recent and stable versions of the dependencies. This change helps maintain the overall health and security of the project.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

[korbit-ai]

You've used up your 5 PR reviews for this month under the Korbit Starter Plan. You'll get 5 more reviews on October 9th, 2024 or you can upgrade to Pro for unlimited PR reviews and enhanced features in your Korbit Console.