[Snyk] Fix for 19 vulnerabilities

[philsawicki]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-ECSTATIC-174543	No	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-eslint

The new version differs by 95 commits.

• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (#213)
• 35eae57 update devDependencies (#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option
• 286b0c4 remove unused fixtures
• e2723e1 Remove unnecessary `object-assign` dependency
• 82c1949 3.0.0
• 97d8638 Remove invalid options in example code
• 505779d Remove option aliases

See the full diff

Package name: gulp-uglify

The new version differs by 9 commits.

• e4f9045 2.0.0
• 566ec6a refactor(tests): write tests with mocha
• 5651111 refactor(tests): replace `cmem` with `testdouble`
• b82387b refactor(tests): compose streams with `mississippi` utilities
• 1232c3c fix(errors): emit errors of type `GulpUglifyError`
• 5632cee fix(minifer): use `gulplog` for the warning
• 8160697 feat(minifier): use UglifyJS 2.7.0's input map support
• 3ec8fc3 chore(package): update uglify-js to version 2.7.0
• a9c55b9 doc(README): spelling mistake in example

See the full diff

Package name: http-server

The new version differs by 214 commits.

• 77243e7 0.13.0
• a845834 Update dependency tree
• f2c0dfb update milestone
• aec3911 update security for release
• 1f994c0 Merge pull request #591 from http-party/no_server_headers
• c57654d Merge branch 'master' into no_server_headers
• a4ec10b Merge pull request #713 from http-party/codeql-bye-bye
• 6b87653 drop codeql
• a7fdf0f remove server header
• cd1afb7 Merge pull request #706 from zbynek/no-charset-binary
• 46c0ce7 Merge pull request #705 from zbynek/patch-1
• 9c51cb2 Merge branch 'master' into no_server_headers
• cd84a85 revert
• 7830ac2 Remove charset from header of binary files
• b4991b8 Remove line break from LICENSE
• fab3248 Merge pull request #704 from zbynek/patch-1
• e9716d1 Account for CRLF in a test
• 0f3e241 Merge pull request #642 from skyward-luke/master
• 33fe714 Merge pull request #702 from http-party/replace-travis
• e9ad269 Replace travis badge
• f09c821 Update node.js.yml
• 2c2ad02 Update node.js.yml
• dad375d Update node.js.yml
• 133a64c Update node.js.yml

See the full diff

Package name: karma

The new version differs by 250 commits.

• 42933c9 chore: release v4.2.0
• db1ea57 chore: update contributors
• a1049c6 chore: update eslint packages to latest and fix complaints (#3312)
• 70b72a9 fix(logging): Util inspect for logging the config. (#3332)
• 1087926 fix typo: (#3334)
• 182c04d fix(reporter): format stack with 1-based column (#3325)
• f0c4677 docs(travis): Correct the docs to also show how to do it on Xenial (#3316)
• 3aea7ec chore(deps): update core-js -> ^3.1.3 (#3321)
• 5e11340 chore: revert back to Mocha 4 (#3313)
• 1205bce chore(test): fix flaky test cases (#3314)
• 7f40349 Cleanup dependencies (#3309)
• 7828bea chore: update braces and chokidar to latest versions (#3307)
• fe9a1dd fix(server): Add error handler for webserver socket. (#3300)
• 13ed695 chore: release v4.1.0
• d844a48 chore: update contributors
• ce6825f fix(client): Only create the funky object if message is not a string (#3298)
• 7968db6 fix(client): Enable loading different file types when running in parent mode without iframe (#3289)
• 6556ab4 fix(launcher): Log state transitions in debug (#3294)
• 7eb48c5 fix(middleware): log invalid filetype (#3292)
• c7ebf0b chore: release v4.0.1
• c190c4a chore: update contributors
• 375bb5e fix(filelist): correct logger name. (#3262)
• c43f584 fix: remove vulnerable dependency combine-lists (#3273)
• 4ec4f6f fix: remove vulnerable dependency expand-braces (#3270)

See the full diff

Package name: karma-coverage

The new version differs by 48 commits.

• 32acafa chore(release): 2.0.2 [skip ci]
• bb8f9ee chore: add semantic-release for project - fix #408 (#413)
• 9c37de6 chore: add check commit message (#411)
• 27822c9 ci(test): use eslint as ci command and add all js files to check by eslint (#410)
• 1adb27a ci: drop node 8, adopt node 12 (#409)
• 4962a70 fix(reporter): update calls to match new API in istanbul-lib-report fix #398 (#403)
• fc6e289 refactor: remove isAbsolute and replace with path.isAbsolute (#405)
• 83bafc3 refactor: replace migrate coffee unit tests to modern JS (#407)
• 49f174d refactor: onRunComplete method to upgrade on new major version of Istanbul (#406)
• 4cfa697 chore: Update dev Dependencies eslint and load-grunt-tasks (#387)
• 5cf931a fix: remove information about old istanbul lib (#404)
• 352254a chore(deps): bump handlebars from 4.1.2 to 4.5.3 (#399)
• 0ee780c chore(deps): bump lodash.template from 4.4.0 to 4.5.0 (#392)
• d18cde4 chore(deps-dev): bump eslint from 2.13.1 to 4.18.2 (#397)
• 55aeead Update Source Map Handling (#394)
• b23664e Added debug msg whether coverage is in reporters (#396)
• d3f53e3 chore(all): Migrate to ES6 (#385)
• 9c8a222 Make travis file simpler (#386)
• b76db9e Remove unused dateformat dependency (#384)
• 075ece0 Remove unused istanbul dependency (#382)
• 9184fc0 chore: release v2.0.1
• 57d4bd3 chore(deps): npm audit fix --force; update travis.yml (#380)
• 0e2800b chore: release v2.0.0
• 99c0c35 chore: update contributors

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Remote Code Execution (RCE)
🦉 More lessons are available in Snyk Learn