[Snyk] Fix for 1 vulnerabilities

[philsawicki]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-eslint

The new version differs by 55 commits.

• 639e388 2.0.0
• 55f0c29 Update ESLint dependency;
• c11bba6 Remove rules that have been removed in ESLint@2.0.0-rc.0;
• 7f01da7 2.0.0-rc-3
• 5851668 Rename .eslintrc to .eslintrc.yml;
• e7ba0f2 2.0.0-rc-2
• 90841cb Tighten various test case configs;
• 3536eeb Update changeling;
• cbe6731 2.0.0-rc-1
• dcdfff7 Update to ESLint next/2.0.0-rc-* dependency;
• 7f190a6 Fix listing error;
• adf2180 Fix path in comment
• 9378eef Simplify the cached-lint watch.js example;
• 6def722 Merge pull request #121 from 5im0n/update-readme
• 67fcd75 Update eslint.results in README.md
• 328cba9 1.1.1
• ce6125b Migrate baseConfig options before others options;
• e3b7d1e Merge pull request #119 from ReadmeCritic/master
• 7146108 Missing anchor
• 3894f01 Update README URLs based on HTTP redirects
• b00c579 1.1.0
• 005862d 1.0.0
• 4cb6145 Update tests to avoid a regression in ESLint's source-fixer;
• 7e8c826 Update README to include API updates;

See the full diff

Package name: karma

The new version differs by 73 commits.

• db41e8e chore: release v2.0.0
• 0a1a8ef chore: update contributors
• 1afcb09 chore: add yarn.lock
• f64e1e0 Merge pull request #2899 from outsideris/fix-bad-url-in-stacktrace
• 78ad12f refactor(server): move compile step to first run
• 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
• b53929a Merge pull request #2712 from macjohnny/patch-1
• c9e1ca9 feat: better string representation of errors
• 10fac07 Merge pull request #2885 from karma-runner/prep-2
• 00e3f88 chore: remove yarn.lock for now
• 60dfc5c feat: drop core-js and babel where possible
• 0e1907d test: improve linting and fix test on node 4
• af0efda test(e2e): update cucumber step definitions
• c3ccc5d chore(ci): focus on even node versions
• bf25094 chore(deps): update to latest
• d93cc5f docs(config): Document port collision scenario.
• 871d46f feat(launcher): trim whitespace in browser name
• 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 7bd54ed Merge pull request #2890 from reda-alaoui/patch-1
• 91e916a docs(config): Document port collision scenario.
• 334f9fb feat(launcher): trim whitespace in browser name
• e23c0d4 Merge pull request #2837 from JakeChampion/logs
• a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 6d353dc docs: improve comments in config.tpl.*

See the full diff

Package name: karma-coverage

The new version differs by 12 commits.

• 070bba3 chore: release v1.1.2
• 9319dfb chore: update contributors
• 9433b24 Merge pull request #339 from johnjbarton/fix-242
• bf599db Merge pull request #344 from AndrewLane/AndrewLane-patch-1
• 595ab98 Fix exclude typo on the check object
• d6d21d2 fix(build): Update to lodash 4
• 954a555 Merge pull request #345 from johnjbarton/engines
• d4695cf Update travis to match parent karma project
• 54737bf chore: add grunt-cli `npm test` works out of the box
• 2bc4aa5 docs: add `json-summary` report type
• 3b2bffa fix(reporter): replace colons in the output path
• 1a876d5 docs: Added none as possible value for type

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution