[Snyk] Security upgrade snyk-nuget-plugin from 1.22.1 to 1.25.1

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: snyk-nuget-plugin

The new version differs by 28 commits.

• 9e042e1 Create pr-housekeeping.yml ([Snyk] Upgrade p-map from 4.0.0 to 7.0.0 #137)
• ebcfc70 fix: package.json to reduce vulnerabilities ([Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.1 #136)
• 44cdf56 feat: add broken link github action ([Snyk] Upgrade typescript from 4.3.2 to 5.3.2 #133)
• 3c90f9d fix: stringify-range-error ([Snyk] Upgrade @octokit/rest from 18.5.4 to 20.0.2 #131)
• 4931e94 docs: update badge ([Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.1 #130)
• a68d283 fix: fix ci ([Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.1 #129)
• 0b60f3a feat: fix ci ([Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.1 #128)
• a0a10b9 fix: code owners ([Snyk] Security upgrade python from 3.6-slim to 3.13.0a2-slim #127)
• 75b5d2d fix: code owners ([Snyk] Security upgrade python from 3.6-slim to 3.13.0a2-slim #126)
• e0df00f fix: upgrade typescript ([Snyk] Upgrade @octokit/rest from 18.5.4 to 20.0.2 #124)
• 201af77 Merge pull request [Snyk] Upgrade @octokit/rest from 18.5.4 to 20.0.2 #118 from snyk/fix/better-logging-defensive-code
• 00df874 fix: add diagnostic code for edge-case
• d406b07 Merge pull request [Snyk] Upgrade @slack/webhook from 5.0.4 to 7.0.0 #114 from snyk/chore/dummy-nop-commit-to-trigger-ci
• ebdcaa7 fix: dummy NOP commit to trigger a new version
• 4b4a287 Merge pull request chore(deps): bump aiohttp from 2.2.2 to 3.8.6 in /test/acceptance/workspaces/pip-app-license-issue #113 from snyk/chore/remove-unnecessary-error-throwing
• 2c2f146 fix:remove unnecessary error throw
• 9757b41 Merge pull request chore(deps): bump aiohttp from 2.2.2 to 3.8.6 in /test/acceptance/workspaces/mono-repo-project #112 from snyk/fix/support-utf16le-nuspecs
• 4334a40 fix: support utf-16 nuspecs
• cbf29a6 Merge pull request chore(deps): bump yiisoft/yii from 1.1.14 to 1.1.29 in /test/acceptance/workspaces/composer-app #111 from snyk/fix/handle-utf8-bom-nuspec
• eb4bac8 fix: formatting
• 0c53230 fix: handle nuspec files with utf8 with BOM
• 23d9d78 Merge pull request chore(deps): bump axios from 0.18.0 to 1.6.0 in /test/acceptance/workspaces/npm-out-of-sync-graph #105 from Havunen/bugfix
• f14ec29 Merge branch 'master' into bugfix
• 2680c2e Merge pull request chore(deps): bump aiohttp from 2.2.2 to 3.8.5 in /test/acceptance/workspaces/pip-app-license-issue #110 from snyk/feat/empty-commit-to-push-parseNuspec

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Pages

Latest commit:	4d8f53d
Status:	🚫  Build failed.

View logs

[secure-code-warrior-for-github]

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior