[Snyk] Security upgrade jscodeshift from 0.14.0 to 17.0.0

[jaclynjessup]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• modules/codemod/package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Infinite loop SNYK-JS-BRACEEXPANSION-15789759	641

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[jaclynjessup]

This is a very large major version upgrade from v0.14.0 to v17.0.0. The version number was intentionally jumped from v0.x to v17.0.0 to signify a major release after a long period of development.

Breaking Changes:

• Node.js Requirement: Support for Node.js versions below 16 is dropped. Version 17.0.0 now explicitly requires Node.js 16 or higher.
• Parser Defaults: There have been significant discussions and changes around the default parser (recast). While older versions defaulted to a Babel 5 compatible mode, newer versions have more modern parser configurations. Developers may need to explicitly set the parser (--parser=...) to ensure compatibility with modern JavaScript/TypeScript syntax.
• Internal Dependencies: Many outdated and unused dependencies have been removed or replaced. While this is generally a positive change, it could have subtle effects on how transforms are executed.

Action Required:

• Verify Node.js Version: Ensure your runtime environment and CI/CD pipelines are using Node.js v16 or newer.
• Test Codemods: Due to the large version gap and internal changes to the parser and its dependencies, it is crucial to test all existing jscodeshift scripts thoroughly. Pay close attention to how modern syntax features are handled.
• Review Parser Configuration: If you rely on specific language features (e.g., advanced TypeScript or experimental JS), you may need to explicitly configure the parser in your scripts or CLI commands.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cypress]

Workday/canvas-kit    Run #10519

Run Properties:   Passed #10519  •  abb9919a35 ℹ️: Merge 4aa83a1b587654ea15d9768caff1730c3db7bcc0 into 7235a397c9f49a8ef929c793b232...

Project	Workday/canvas-kit
Branch Review	snyk-fix-253b3b4e95e24ff0b9d5fb8315190f60
Run status	Passed #10519
Run duration	02m 25s
Commit	abb9919a35 ℹ️: Merge 4aa83a1b587654ea15d9768caff1730c3db7bcc0 into 7235a397c9f49a8ef929c793b232...
Committer	Jaclyn
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	86
Skipped	0
Passing	850
View all changes introduced in this branch ↗︎

UI Coverage  19.36%
Untested elements	1539
Tested elements	367

Accessibility  99.33%
Failed rules	6 critical   5 serious   0 moderate   2 minor
Failed elements	77