[Snyk] Security upgrade ink from 3.2.0 to 4.0.0

[jadoonf]

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Denial of Service (DoS) SNYK-JS-WS-7266574	768

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[github-actions]

listen.dev ∙ Security Report

critical 🚨 2

medium ⚠️ 4

low 🔷 43

🔍 The following behaviors have been detected in the dependency tree during installation

🚨 Critical severity

🔀	1 category

• 🔀 Typosquatting ∙ 2 packages

  
  

  • 📦 jq@1.7.2 ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗

    
    

    • The name of this package closely resembles other package names ("q") which are popular on NPM: it might be a typosquatting attempt ∙ 1 total occurrence

      
      

      Name	Version	Transitive Dependency	Occurrences	More
      jq	1.7.2		1	🔗

  • 📦 ink@4.4.1 ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗

    
    

    • The name of this package closely resembles other package names ("ini") which are popular on NPM: it might be a typosquatting attempt ∙ 1 total occurrence

      
      

      Name	Version	Transitive Dependency	Occurrences	More
      ink	4.4.1		1	🔗

---

⚠️ Medium severity

📡🔎	2 categories

• 📡 Dynamic instrumentation ∙ 1 package

  
  

  • 📦 jq@1.7.2 ∙ 3 occurrences ∙ 1 kind of issue ∙ open 🔗

    
    

    • unexpected outbound connection destination ∙ 3 total occurrences

      
      

      Name	Version	Transitive Dependency	Occurrences	More
      contextify	0.1.15	✔️	3	🔗

• 🔎 Static analysis ∙ 1 package

  
  

  • 📦 ink@4.4.1 ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗

    
    

    • install script detected in package.json ∙ 1 total occurrence

      
      

      Name	Version	Transitive Dependency	Occurrences	More
      ink	4.4.1		1	🔗

---

🔷 Low severity

📑	1 category

• 📑 Metadata ∙ 1 package

  
  

  • 📦 source-map-support@0.5.21 ∙ 1 occurrence ∙ 1 kind of issue ∙ open 🔗

    
    

    • This package version is 0.X.Y: the semver spec mandates those versions for initial development meaning that anything may change at any time and the public API of this package should not be considered stable. ∙ 1 total occurrence

      
      

      Name	Version	Transitive Dependency	Occurrences	More
      source-map-support	0.5.21		1	🔗

---

### 🚩 Some problems have been encountered

🔗 Package not analysed yet ∙ 2 occurrences ∙ Package not analysed yet

• tap-parser@11.0.2
• tcompare@5.0.7

See docs 🔗

---

Powered by listen.dev