[Snyk] Fix for 4 vulnerabilities

[rvu-snyk]

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	HTTP Header Injection SNYK-JS-KOA-15353398	828
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438	828
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15353387	828
	Inefficient Algorithmic Complexity SNYK-JS-MINIMATCH-15353389	828

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[rvu-snyk]

This release includes major version upgrades for del and lerna which introduce significant breaking changes, and a patch upgrade for koa.

del: 3.0.0 → 8.0.0 (HIGH RISK)

This upgrade spans multiple major versions and introduces several critical breaking changes. Action will be required to migrate.

• ESM Only: Starting from v6.0.0, del is a pure ESM package. You must switch from require('del') to import {deleteAsync} from 'del'.
• API Renaming: The main function has been renamed from del to deleteAsync, and the synchronous version is now a separate deleteSync export as of v6.0.0.
• Node.js Requirement: Support for older Node.js versions has been dropped incrementally. Version 5.0.0 requires Node.js 8, v6.0.0 requires Node.js 12.20, and v8.0.0 requires Node.js 18.
• Path Handling: As of v5.0.0, backward-slashes in glob patterns are no longer supported. Use path.posix.join() or a similar method to ensure forward-slashes.

Recommendation: Due to the switch to ESM and API renaming, you will need to refactor how you import and call the del function. Ensure your project's Node.js version meets the new requirements.

lerna: 8.2.4 → 9.0.4 (HIGH RISK)

This major version upgrade introduces breaking changes related to Node.js support and legacy commands.

• Dropped Node.js Support: Lerna v9 drops support for Node.js 18. Supported versions are now ^20.19.0 || ^22.12.0 || >=24.0.0.
• Legacy Command Removal: The deprecated commands lerna add, lerna bootstrap, and lerna link have been formally removed. Developers must now use their package manager's native workspace features.

Recommendation: Before upgrading, ensure your environment is running a supported version of Node.js. If you are using the removed legacy commands, you must migrate to your package manager's workspace commands (e.g., npm install, yarn install). It is also recommended to run lerna repair after upgrading to migrate your lerna.json configuration.

koa: 2.16.3 → 2.16.4 (LOW RISK)

This is a patch release that addresses a security vulnerability. No breaking changes are expected.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.