chore: Security resolution for minimatch which is transitive dependency for jscodeshift

[mannycarrera4]

Summary

Fixes: SNYK-JS-MINIMATCH-15309438

Regular Expression Denial of Service (ReDoS)

Release Category

Dependencies

---

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• modules/codemod/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-15309438

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[mannycarrera4]

This is a significant major version upgrade from a pre-1.0 version to v17.1.0, introducing substantial breaking changes.

Key Breaking Changes:

• Node.js Version Requirement: Support for older Node.js versions has been dropped. Version 17.0.0 and later explicitly require Node.js v16 or newer. [1]
• Major Version Jump: The jump from v0.x to v17.0.0 was a deliberate decision to signify a major release, similar to how React jumped from v0.14 to v15. This implies significant internal changes. [1]
• Internal and Dependency Updates: The new versions include numerous updates to underlying dependencies, such as the AST parser, and enable modern TypeScript features. [1] These changes can alter how source code is parsed and how transforms must be written, potentially breaking existing codemods.

Recommendation: Due to the new Node.js requirement and fundamental changes to the library's internals, all existing codemods written for v0.14.0 must be thoroughly re-tested for compatibility with v17.1.0 before use in production.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cypress]

Workday/canvas-kit    Run #10396

Run Properties:   Passed #10396  •  c776a913fb ℹ️: Merge 79c59ebd9de2f6e0c15aad39ce70f4b398a236bd into 505d33afede2ffb76b2001b6575a...

Project	Workday/canvas-kit
Branch Review	snyk-fix-6096d65c6ec0a51b55a2cfc9cbc10a7c
Run status	Passed #10396
Run duration	02m 24s
Commit	c776a913fb ℹ️: Merge 79c59ebd9de2f6e0c15aad39ce70f4b398a236bd into 505d33afede2ffb76b2001b6575a...
Committer	Manuel Carrera
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	86
Skipped	0
Passing	850
View all changes introduced in this branch ↗︎

UI Coverage  19.53%
Untested elements	1523
Tested elements	367

Accessibility  99.33%
Failed rules	6 critical   5 serious   0 moderate   2 minor
Failed elements	77

[mannycarrera4]

This is an issue with the transitive dependency

[mannycarrera4]

latest update here: lerna/lerna#4277

[mannycarrera4]

This is in a bad state and it's a transitive dependency, will revisit later