[Snyk] Fix for 23 vulnerabilities

[Jankyboy]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	265/1000 Why? CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	No Known Exploit
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	715/1000 Why? Has a fix available, CVSS 9.8	Use After Free SNYK-JS-NODESASS-535497	No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	No	No Known Exploit
	600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	No	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	No	No Known Exploit
	665/1000 Why? Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	No	No Known Exploit
	654/1000 Why? Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-540974	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:deep-extend:20180409	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	No Known Exploit
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: github

The new version differs by 113 commits.

• e6a0950 docs(CONTRIBUTING): Merging the Pull Request & releasing a new version
• bc32299 chore: remove CHANGELOG.md - moved to GitHub releases
• 1f9216c chore(travis): semantic-release setup
• 68e5367 chore(package): semantic-release setup
• 493473c chore(gitignore): package-lock.json
• 2abb33f chore(package): remove package-lock.json
• f74b2f8 docs(readme): add Greenkeeper badge
• cab5531 chore(package): update dependencies
• f4845cf chore(package): nyc & coveralls
• 4bcc50b docs(README): add coverage badge
• 70ed5de chore(travis): upload coverage after success
• c088e0f chore(gitignore): .nyc_output, coverage
• 887a8ab chore(package): add @ gr2m to contributors
• a2738dc chore(examples): rename repo owner to octokit
• ad9907b chore(CONTRIBUTING): rename repo owner to octokit
• c74aac5 style: standard
• f67b1d3 style(scripts): remove trailing spaces in comments
• 439bf32 docs(examples): adapt for standard linter
• 04661e6 docs(README): adapt examples to standard linter
• d106fd8 chore(package): standard, standard-markdown
• e8bcb8f chore(package): @ octokit/fixtures@^2.4.0
• 106b422 test: lock/unlock issue
• 1ade57a chore: remove obsolete comments
• 155a211 test: branch protection

See the full diff

Package name: node-sass

The new version differs by 130 commits.

• b54053a Update changelog
• 01db051 4.13.1
• 338fd7a Merge pull request from GHSA-f6rp-gv58-9cw3
• c6f2e5a doc: README example fix (#2787)
• fbc9ff5 Merge pull request #2754 from saper/no-map-if-not-requested
• 60fad5f 4.13.0
• 43db915 Merge pull request #2768 from sass/release-4-13
• 0c8d308 Update references for v4.13 release
• f1cc0d3 Use GCC 6 for Node 12 binaries (#2767)
• 3838eae Use GCC 6 for Node 12 binaries
• e84c6a9 Merge pull request #2766 from saper/node-modules-79
• 64b6f32 Node 13 support
• 8498f70 Fix #2394: sourceMap option should have consistent behaviour
• 8d0acca Merge pull request #2753 from schwigri/master
• b0d4d85 Fix broken link to NodeJS docs in README.md
• 887199a Merge pull request #2730 from kessenich/master
• b1f54d7 Fix #2614 - Update lodash version
• 96aa279 Merge pull request #2726 from XhmikosR/master-xmr-typos
• 8421979 Assorted typo fixes.
• 2513e6a chore: Remove PR template
• 7ab387c Merge pull request #2673 from abetomo/remove_sudo_setting_from_travis
• 15355dd Remove sudo settings from .travis.yml
• 0c1a49e chore: Add not in PR template about node-gyp 4.0
• e59f5ba chore: Change note about Node 12 support

See the full diff

Package name: nodemon

The new version differs by 83 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of chokidar@2.1.5

See the full diff

Package name: postcss-cli

The new version differs by 103 commits.

• 745ad2c 7.0.0
• cf6ea09 Update eslint config
• ea1cec4 Update eslint-config-problems to version 3.1.0 (Update github to version 2.0.0 🚀 alanshaw/david-www#306)
• 1519430 Update globby to version 10.0.1 (?path= no longer working alanshaw/david-www#303)
• 5b47456 Update eslint to version 6.8.0 (npm@3.10.2 breaks build 🚨 alanshaw/david-www#305)
• e241672 Update nyc to version 15.0.0 (npm@3.9.6 breaks build 🚨 alanshaw/david-www#297)
• 4a87ff1 Update chalk to version 3.0.0 (Update github to version 1.1.2 🚀 alanshaw/david-www#294)
• e666505 Update prettier to version 1.19.1 (semver@5.1.1 breaks build 🚨 alanshaw/david-www#304)
• 0d3591a Update ava to version 2.4.0 (Update github to version 1.4.0 🚀 alanshaw/david-www#302)
• cb9f451 Update fs-extra to version 8.1.0 (Update github to version 1.3.0 🚀 alanshaw/david-www#301)
• 4f68a46 Update chokidar to version 3.3.0 (Update github to version 1.2.1 🚀 alanshaw/david-www#300)
• 5c22ddb Update yargs to version 15.0.2 (Update github to version 1.2.0 🚀 alanshaw/david-www#298)
• 79eb0ac Update get-stdin to version 7.0.0 (Update grunt-cli to version 1.1.0 🚀 alanshaw/david-www#273)
• 71384c6 Update Travis config; remove AppVeyor
• 6b92df3 BREAKING: Drop Node 6 & 8; test on new Node versions
• 7091819 6.1.3
• 0de7ccf Fix map file path creation ([WIP] [Question] Add a token to badges for private repos alanshaw/david-www#286)
• f1c7352 Update prettier to version 1.18.0 (ecstatic version 1.4 is classified as insecure alanshaw/david-www#281)
• 035bab8 Update nyc to version 14.0.0 (Upload package.json file to test dependencies alanshaw/david-www#274)
• 541048e Update prettier to version 1.17.0 (Update grunt-cli to version 1.0.1 🚀 alanshaw/david-www#272)
• 8fd79b0 6.1.2
• 72376fc Upgrade prettier to ~1.16.4
• 87a7286 Update globby to v9.0.0 (Bypass cache for logged in status alanshaw/david-www#270)
• c079cff Test Node 10 & 11

See the full diff

Package name: rc

The new version differs by 6 commits.

• 9d21a3f 1.2.7
• b633779 update deep-extend
• 4c5afda 1.2.6
• 3e1a5c6 Merge pull request Improve comment alanshaw/david-www#109 from anselanza/master
• a8ee451 docs: string representations
• 6c0e1aa note on using parse-strings-in-object

See the full diff

Package name: request

The new version differs by 41 commits.

• 6420240 2.88.0
• bd22e21 fix: massive dependency upgrade, fixes all production vulnerabilities
• 925849a Merge pull request #2996 from kwonoj/fix-uuid
• 7b68551 fix(uuid): import versioned uuid
• 5797963 Merge pull request #2994 from dlecocq/oauth-sign-0.9.0
• 628ff5e Update to oauth-sign 0.9.0
• 10987ef Merge pull request #2993 from simov/fix-header-tests
• cd848af These are not going to fail if there is a server listening on those ports
• a92e138 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904)
• 45ffc4b Improve AWS SigV4 support. (#2791)
• a121270 Merge pull request #2977 from simov/update-cert
• bd16414 Update test certificates
• 536f0e7 2.87.1
• 02fc5b1 Update changelog
• de1ed5a 2.87.0
• a6741d4 Replace hawk dependency with a local implemenation (#2943)
• a7f0a36 2.86.1
• 8f2fd4d Update changelog
• 386c7d8 2.86.0
• 76a6e5b Merge pull request #2885 from ChALkeR/patch-1
• db76838 Merge branch 'patch-1' of github.com:ChALkeR/request
• fb7aeb3 Merge pull request #2942 from simov/fix-tests
• e47ce95 Add Node v10 build target explicitly
• 0c5db42 Skip status code 105 on Node > v10

See the full diff

Package name: standard

The new version differs by 111 commits.

• ff1a156 authors
• 17727fc 12.0.0
• bdbd248 changelog
• 3db3a62 https
• cf1802c eslint-plugin-standard ~4.0.0
• 7d779b8 eslint-plugin-import ~2.14.0
• 66f676b eslint ~5.4.0
• 3933c6b Use npm versions of eslint shared configs
• c00dc66 Use ~ for eslint dep
• 588d5ab Add links to French README translation!
• aee57b4 ESLint 5
• c89d5c7 Merge pull request #1145 from theo4u/patch-1
• 6477dbf Merge pull request #1184 from standard/greenkeeper/babel-eslint-9.0.0
• 8792b9b Merge pull request #1180 from standard/greenkeeper/eslint-plugin-promise-4.0.0
• ff070b8 Merge branch 'master' into greenkeeper/eslint-plugin-promise-4.0.0
• df1b7c4 Merge pull request #1187 from standard/greenkeeper/eslint-plugin-react-7.11.1
• 3e65b08 Merge pull request #1164 from standard/greenkeeper/eslint-plugin-node-7.0.0
• b340216 Merge pull request #1162 from charliegerard/master
• cb2de87 Update package.json
• 2f36650 chore(package): update babel-eslint to version 9.0.0
• 82780e5 fix(package): update eslint-plugin-promise to version 4.0.0
• 506ac11 fix(package): update eslint-plugin-react to version 7.11.1
• b6919b4 Merge pull request #1178 from brodybits/patch-1
• 4db4dbf README.md add standardx

See the full diff

Package name: uglifyify

The new version differs by 9 commits.

• 73e72d8 5.0.2
• 662f60a Fix github security warning (Updates alanshaw/david-www#93)
• 496d3ca 5.0.1
• 10d02cc Switch to uglify-es fork (Update Font Awesome alanshaw/david-www#86)
• 43967dd 5.0.0
• 9eed149 Merge pull request various alanshaw/david-www#62 from casr/Improve Expires headers alanshaw/david-www#61
• 8662585 Default debug to false and simplify logic
• e84c056 Maintain opts._flags for different transform runs
• e2a4105 Add a failing test case

See the full diff

Package name: watchify

The new version differs by 22 commits.

• 7b27a3c 4.0.0
• 5d4842a bump deps (key was changed to get login information alanshaw/david-www#380)
• b840f29 disable package-lock.json
• bae5e02 update chokidar and anymatch (Status always pending alanshaw/david-www#378)
• 3445775 ci: use github actions (Adds GitHub API CA configuration option alanshaw/david-www#379)
• f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (Additional custom enterprise GIT hosting instance alanshaw/david-www#369)
• bd2f677 ci: run on more node versions
• 563a90d Merge pull request Dependencies still showing out of date for gulp-protractor alanshaw/david-www#367 from Trott/update-readme-badge
• bb2b429 chore: Fix Travis-CI badge in readme.markdown
• c3fe218 3.11.1
• e90101b Merge pull request Adds auto-detect badges and deep links alanshaw/david-www#362 from digipost/upgrade-deps
• d163b4f upgrade dependencies: fix errors from npm audit
• 1917270 Merge pull request 504 gateway timeout alanshaw/david-www#351 from menzow/feature/update-docs
• d232754 Merge pull request Service unstable? alanshaw/david-www#357 from Kamil93/patch-1
• d924e9b Update readme.markdown
• 9ea8a65 Support for working with transforms
• 11989b2 3.11.0
• 82669ad Merge pull request Update npm to version 4.0.2 🚀 alanshaw/david-www#355 from browserify/browserify-16
• 495b6f2 Update to browserify@16
• 2bc76db Merge pull request Typo fix. alanshaw/david-www#353 from BridgeAR/master
• b2a2ab1 test: add callbacks
• 8147bc5 Add troubleshooting information for silenced errors

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.