[Snyk] Security upgrade @wordpress/nux from 4.1.10 to 7.0.0

[b1pb1p]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @wordpress/nux

The new version differs by 250 commits.

• e086b2b chore(release): publish
• b860b47 Restore `@ wordpress/nux` to WP 6.2 branch (#52452)
• 843a305 chore(release): publish
• 635d836 Process template part shortcodes before blocks (#50801)
• 6cf78ae chore(release): publish
• 9e7bbd6 Release: Fix CI checks on the 'wp/6.2' branch (#50464)
• 7eb2a4e [Inserter]: Fix `onHover` error on patterns tab in mobile (#49450)
• 2bb4988 Fix site editor redirection after creating new template or template part (#49364)
• 799fc32 Only show alignment info when parent layout is constrained. (#49703)
• 1413816 Firefox: fix input rules (React async state issue) (#48210)
• 2e1825b Site Editor: Decode the site title properly (#49685)
• 1f39704 Fix quick inserter going off-screen in some situations (#49881)
• a3358b2 Fix the site editor loading in multi-site installs (#49861)
• 5384ee8 sprintf requires more than 1 params (#49054)
• 6d1b11e i18n: Add context to labels related to CSS position properties (#49135)
• 811da1a chore(release): publish
• b4631a9 Revert "Make sure the Nav block's directly inserted block is a Page variation (#48740)" (#49126)
• 66c1adc Show close button in List View on mobile (#49200)
• 6f05e23 Add missing pseudo-selectors to theme.json schema and documentation (#49202)
• dcfb709 Theme JSON schema: Add defaultPresets property to shadow (#49204)
• 356298f chore(release): publish
• 9d3071a Navigation Link: Don't remove 'block_core_navigation_link_build_css_colors' (#49064)
• 4486a6b Revert "sprintf requires more than 1 params (#49054)"
• f22a3cb chore(release): publish

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Regular Expression Denial of Service (ReDoS)