chore: upgrade @snyk/snyk-hex-plugin to 2.2.1

[37IulianPopovici]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages are release-note ready, emphasizing what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable) — none
• Links to automated tests covering new functionality — N/A (dependency bump, no new functionality)
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___) — N/A
• Includes product update to be announced in the next stable release notes — N/A

What does this PR do?

Upgrades the @snyk/snyk-hex-plugin dependency from 2.1.0 to 2.2.1 (latest), keeping package-lock.json in sync with a minimal update.

• package.json: @snyk/snyk-hex-plugin 2.1.0 → 2.2.1
• package-lock.json: updated version / resolved / integrity for the plugin; its tmp dependency declaration moves to ^0.2.7, which is satisfied by the already-hoisted tmp@0.2.7 — so no new packages are added. The lockfile update is idempotent (re-running npm install --package-lock-only produces no further changes).

Where should the reviewer start?

The package.json change (around line 74) and the corresponding package-lock.json diff — both are scoped entirely to @snyk/snyk-hex-plugin.

How should this be manually tested?

Take a look at the unit tests.

What's the product update that needs to be communicated to CLI users?

Fixes scan issues for hex > 1.19.

Risk assessment (Low | Medium | High)

Low — a single pinned dependency minor/patch bump with a minimal, idempotent lockfile change and no source-code changes.

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[37IulianPopovici]

closed as it was bumped in 3094112

^ false information above;
reopening this as previously I was blinded by all the context switches

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

📚 Repository Context Analyzed This review considered 4 relevant code sections from 2 files (average relevance: 0.55) package-lock.json (3 segments, lines 3707-3979) package.json (lines 1-229)

🤖 Repository instructions applied (from AGENTS.md)