SSCSCI: update suppressions

[KatKovacs1]

Change description

The deprecation message for glob: 8.1.0 got updated. Updating suppressions.

Testing done

Pipelines go green (preview and nightly-dev)

Security Vulnerability Assessment

CVE Suppression: Are there any CVEs present in the codebase (either newly introduced or pre-existing) that are being intentionally suppressed or ignored by this commit?

• Yes
• No

Package	Severity	Versions	Dependents	Issue
loader-utils	critical	0.2.17	nunjucks-loader@virtual:3***2#npm:3.0.0	[18]
cross-spawn	high	6.0.5, 7.0.3	cross-env@npm:5.2.1, cross-env@npm:7.0.3	[5], [6]
glob	high	10.4.5, 8.1.0	mocha@npm:11.7.5, cacache@npm:16.1.3	[10], [11]
hoek	high	5.0.4, 6.1.3	joi@npm:13.7.0, topo@npm:3.0.3	[12]
ip	high	2.0.0	socks@npm:2.7.1	[14], [15]
json5	high	0.5.1	loader-utils@npm:0.2.17	[17]
@npmcli/move-file	moderate	2.0.1	cacache@npm:16.1.3	[1]
acorn-import-assertions	moderate	1.9.0	import-in-the-middle@npm:1.4.2	[2]
are-we-there-yet	moderate	3.0.1	npmlog@npm:6.0.2	[3]
csurf	moderate	1.11.0	sya@workspace:.	[7]
gauge	moderate	4.0.4	npmlog@npm:6.0.2	[9]
inflight	moderate	1.0.6	glob@npm:7.1.7	[13]
joi	moderate	13.7.0	@hmcts/one-per-page@npm:5.4.0	[16]
mem	moderate	10.0.0	@hmcts/div-idam-express-middleware@npm:7.0.1	[19]
node-domexception	moderate	1.0.0	fetch-blob@npm:3.2.0	[20]
npmlog	moderate	6.0.2	node-gyp@npm:9.3.1	[21]
nunjucks	moderate	3.2.3	@hmcts/one-per-page@npm:5.4.0	[22]
rimraf	moderate	3.0.2	node-gyp@npm:9.3.1	[23]
stable	moderate	0.1.8	svgo@npm:2.7.0	[24]
topo	moderate	3.0.3	joi@npm:13.7.0	[25]
brace-expansion	low	2.0.1	minimatch@npm:9.0.5	[4]
diff	low	7.0.0	@hmcts/div-idam-express-middleware@npm:7.0.1	[8]

---

📝 Issue Notes

• [1] @npmcli/move-file — This functionality has been moved to @npmcli/fs
• [2] acorn-import-assertions — package has been renamed to acorn-import-attributes
• [3] are-we-there-yet — This package is no longer supported.
• [4] brace-expansion — brace-expansion Regular Expression Denial of Service vulnerability (GHSA-v6h2-p8h4-qcjw)
• [5] cross-spawn — Regular Expression Denial of Service (ReDoS) in cross-spawn (GHSA-3xgq-45jj-v275)
• [6] cross-spawn — Regular Expression Denial of Service (ReDoS) in cross-spawn (GHSA-3xgq-45jj-v275)
• [7] csurf — This package is archived and no longer maintained. For support, visit https://github.com/expressjs/express/discussions
• [8] diff — jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch (GHSA-73rr-hh4g-fpgx)
• [9] gauge — This package is no longer supported.
• [10] glob — glob CLI: Command injection via -c/--cmd executes matches with shell:true (GHSA-5j98-mcp5-4vw2)
• [11] glob — Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected] (This message got updated)
• [12] hoek — hoek subject to prototype pollution via the clone function. (GHSA-c429-5p7v-vgjp)
• [13] inflight — This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
• [14] ip — NPM IP package incorrectly identifies some private IP addresses as public (GHSA-78xj-cgh5-2h22)
• [15] ip — ip SSRF improper categorization in isPublic (GHSA-2p57-rm9w-gvfp)
• [16] joi — This version has been deprecated in accordance with the hapi support policy (hapi.im/support). Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at this time, paid support is available for older versions (hapi.im/commercial).
• [17] json5 — Prototype Pollution in JSON5 via Parse Method (GHSA-9c47-m6qq-7p4h)
• [18] loader-utils — Prototype pollution in webpack loader-utils (GHSA-76p3-8jx3-jpfq)
• [19] mem — Renamed to memoize: https://www.npmjs.com/package/memoize
• [20] node-domexception — Use your platform's native DOMException instead
• [21] npmlog — This package is no longer supported.
• [22] nunjucks — Nunjucks autoescape bypass leads to cross site scripting (GHSA-x77j-w7wf-fjmw)
• [23] rimraf — Rimraf versions prior to v4 are no longer supported
• [24] stable — Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility
• [25] topo — This module has moved and is now available at @hapi/topo. Please update your dependencies as this version is no longer maintained an may contain bugs and security issues.

Checklist

• commit messages are meaningful and follow good commit message guidelines
• README and other documentation has been updated / added (if needed)
• tests have been updated / new tests has been added (if needed)
• Does this PR introduce a breaking change