From 348c38f2ae405e99388af08dbcb1c647919944a4 Mon Sep 17 00:00:00 2001
From: casalino <casalino@adobe.com>
Date: Fri, 15 May 2026 13:55:42 -0400
Subject: [PATCH] fix: upgrade @inquirer/prompts to ^8 to resolve
 CVE-2025-54798

Bumps @inquirer/prompts from ^5 to ^8, removing the tmp <=0.2.3
transitive dependency chain that carries CVE-2025-54798 (arbitrary
temp file/dir write via symlink). Adds a moduleNameMapper mock for
@oclif/table to fix list.test.js suite failure caused by string-width
8.x using the /v regex flag, which Jest 29 VM modules cannot parse.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 package.json                  | 5 ++++-
 test/__mocks__/oclif-table.js | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 test/__mocks__/oclif-table.js

diff --git a/package.json b/package.json
index 9725138..a951183 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
     "@adobe/aio-lib-env": "^3.0.1",
     "@adobe/aio-lib-ims": "^8.0.0",
     "@adobe/aio-lib-state": "^5.3.0",
-    "@inquirer/prompts": "^5",
+    "@inquirer/prompts": "^8",
     "@oclif/core": "^4",
     "@oclif/plugin-help": "^6",
     "@oclif/table": "^0.5.0",
@@ -86,6 +86,9 @@
     "e2e": "node --experimental-vm-modules node_modules/jest/bin/jest.js --collectCoverage=false --testRegex 'e2e/e2e.js'"
   },
   "jest": {
+    "moduleNameMapper": {
+      "^@oclif/table$": "<rootDir>/test/__mocks__/oclif-table.js"
+    },
     "collectCoverage": true,
     "coverageThreshold": {
       "global": {
diff --git a/test/__mocks__/oclif-table.js b/test/__mocks__/oclif-table.js
new file mode 100644
index 0000000..7312a13
--- /dev/null
+++ b/test/__mocks__/oclif-table.js
@@ -0,0 +1 @@
+export const makeTable = ({ data }) => data.map(row => Object.entries(row).map(([k, v]) => `${k}: ${v}`).join('\n')).join('\n')