[Snyk] Security upgrade @pnp/cli-microsoft365 from 3.7.0-beta.b01397d to 4.4.0

[estruyf]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	No	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NORMALIZEURL-1296539	No	No Known Exploit
	524/1000 Why? Has a fix available, CVSS 6.2	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @pnp/cli-microsoft365

The new version differs by 250 commits.

• d4af108 Updates release notes
• 461d0e6 Adds the 'List all large files within a SharePoint Site' sample. Closes #2772
• 6f7ecbf Fixes unhandled exception for spo group user add. Closes #2935
• 7a38149 Adds support for upgrading SPFx projects to v1.14.0-beta.5. Closes #2983
• 3913c30 Updates release notes
• 2d271d3 Adds 'planner task set' command. Closes #2824
• 23194d7 Updates release notes
• ba3d1d0 Adds docs explaining app commands. Closes #2888
• 95fdd4b Adds the 'spo site recyclebinitem list' command. Closes #2875
• f62c5d1 Fixes 'app permission list' command name in the TOC
• 18b02d9 Updates release notes
• 7f6f11b Adds 'teams chat message list' command. Closes #2860
• 5d209e2 Updates release notes
• fcc616c Extends 'spo group user add' with groupName and email. Closes #2831
• 476d8ef Fixes 'teams tab get' and 'teams app list' commands. Closes #2930
• ffe290f Updates release notes
• 7742440 Adds the 'aad user hibp' command. Closes #2476
• 1f56870 Adds 'teams chat list' command. Closes #2893
• f2c9817 Updates list of contributors
• 3be804f Updates release notes
• d8726fe Adds 'teams chat member list' command. Closes #2896
• 52457bb Extends 'cli config set' with support for csv output. Closes #2901
• 1bd9aa9 Updates list of contributors
• 6c25059 Updates release notes

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
doctor	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 5, 2023 5:20pm