[Snyk] Fix for 46 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	599/1000 Why? Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	490/1000 Why? CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	365/1000 Why? CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	220/1000 Why? CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	550/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-535499	Yes	No Known Exploit
	665/1000 Why? Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	Yes	No Known Exploit
	600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	Yes	No Known Exploit
	550/1000 Why? Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	Yes	No Known Exploit
	665/1000 Why? Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540960	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540962	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540966	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540968	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540970	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540972	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-540984	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540986	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODESASS-540988	Yes	No Known Exploit
	295/1000 Why? CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-OPEN-174041	Yes	No Known Exploit
	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	No Known Exploit
	292/1000 Why? Proof of Concept exploit, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:jasmine-core:20180216	Yes	Proof of Concept
	315/1000 Why? CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Arbitrary Command Injection npm:open:20180512	Yes	Proof of Concept
	375/1000 Why? CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: connect

The new version differs by 59 commits.

• e96d53a 3.6.5
• 9c5e609 deps: [email protected]
• 32da5af deps: [email protected]
• 5689353 3.6.4
• 8878b59 docs: add security policy
• 61b8084 docs: add expanded People section to README
• 5fc91dd docs: remove trailing whitespace in README
• dc861fc deps: [email protected]
• 1ba8fab deps: [email protected]
• a63e416 build: [email protected]
• a971f2a build: [email protected]
• 863b9d7 lint: add editorconfig and eslint to enforce
• 5010822 deps: parseurl@~1.3.2
• f686ab2 build: [email protected]
• 777b09a 3.6.3
• b800916 build: [email protected]
• 0b6279d deps: [email protected]
• ad2c288 docs: fix typo in app.use example text
• b15a29c build: [email protected]
• d0aa681 build: use nyc for coverage
• 8311a45 build: support Node.js 8.x
• adcafdf build: simplify gitignore to minimum
• 8ceedaa build: [email protected]
• 89f3058 build: [email protected]

See the full diff

Package name: dgeni-packages

The new version differs by 12 commits.

• 344cfb0 chore: release 0.28.0
• 18a1c0b fix(*): remove `shelljs` dependency
• 16ceb9c fix(nunjucks): upgrade `marked` to avoid vulnerability
• 5de821c chore: release 0.27.5
• 15ecab0 chore(post-process-html): ensure built files are published to npm
• 647ada0 chore: release 0.27.4
• aac5e8e refactor(post-process-html): rewrite in TypeScript
• 9798f22 feat(post-process-html): add initial package
• 8e8a6a8 chore: release 0.27.3
• d6c288d chore: update dependencies
• 14063a1 chore(*): release 0.27.2
• a3ef5ff chore(*): update dependencies

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-clean-css

The new version differs by 23 commits.

• f2bca8c fix travis targets with node 4 requirement
• 92bfb8d upgrade to clean-css 4.x
• a29376f Fixes syntax error in example ([Snyk] Security upgrade gulp-sass from 2.3.2 to 5.0.0 #28)
• 83f6395 clean-css dep update
• 6714b78 merge test files, 2.3.1
• 09805e3 Rebasing fix and test set ([Snyk] Security upgrade karma from 3.1.4 to 5.0.8 #24)
• 06c1706 [Snyk] Fix for 1 vulnerabilities #21
• c575a8b cleancss dep update, test cleanup
• 4f71536 devdep update
• 966bfa8 CI node versions
• 219622c remove es6 syntax for CI
• 73ee63b [Snyk] Security upgrade karma-coverage from 1.1.1 to 1.1.2 #18
• d23d5ac changelog
• a184c00 remove vinyl-sourcemaps-apply, [Snyk] Upgrade typescript from 2.4.2 to 2.9.2 #1 [Snyk] Fix for 45 vulnerabilities #7 [Snyk] Fix for 46 vulnerabilities #9
• 0b6914e [Snyk] Security upgrade @angular/core from 4.4.6 to 11.0.5 #17
• dd8e420 Merge pull request [Snyk] Security upgrade karma from 3.1.4 to 4.2.0 #20 from hownowbrowncow/fix/dependency-type
• 98700d4 Move gulp-concat from devDependencies to dependencies
• 3104238 [Snyk] Fix for 1 vulnerabilities #8
• a285188 changelog
• cff04c6 [Snyk] Security upgrade @angular/core from 4.4.6 to 11.0.5 #17
• f2f7574 changelog
• dc72a93 2.1.0
• 478edf8 dep updates

See the full diff

Package name: gulp-connect

The new version differs by 37 commits.

• aa10ee3 5.6.1
• a80e3e5 Merge pull request Slides instance is undefined after ngAfterViewInit ionic-team/ionic-v3#257 from rejas/update_dependencies
• c6034b8 Cleanup test file
• edcfba8 Update ansi-colors package
• 429068d Only test supported node versions
• 2055d29 Undo typescript update to avoid breaking tests
• 4e3c831 Update all dependencies
• 7192d9e bump 5.5.0
• 13db10c Merge pull request White bar at bottom of my WEB-APP ionic-team/ionic-v3#250 from nickpape-msft/nickpape/lazy-load-http2
• 0c7270c Only load http2 if preferHttp1 is false
• d103fd6 5.4.0
• 8fa06cf add package-lock.json
• 7265554 Merge pull request ion-input with FormControl doesn't enable/disable ionic-team/ionic-v3#247 from nickpape-msft/master
• df25440 bump 5.3.0
• 8869a6d Add a config option for preferring HTTP2
• 0cf6a67 Merge pull request Segment confusion (Same segment name different path) ionic-team/ionic-v3#245 from zbennett10/master
• 6dfe3ca Update README.md
• 3020dc3 Add files via upload
• f9eca17 Upgrade connect package and add needed dependencies for upgrade
• 58abff2 5.2.0 Fixes Highlight every valid/invalid input ionic-team/ionic-v3#241
• 336f5fa Merge pull request ion-navbar take not into account with $navbar-ios-height ionic-team/ionic-v3#243 from Kyrodan/patch-2
• 951ff57 Merge pull request <ion-input> as readonly does not prevent keyboard's accessory bar to show and prevent use of (click) ionic-team/ionic-v3#244 from Kyrodan/patch-3
• 535132e Merge pull request Toasts should raise a FAB ionic-team/ionic-v3#242 from Kyrodan/patch-1
• 9b2591b Fixes Deeplinker breaks on refresh when param is added (browser) ionic-team/ionic-v3#236 https does not work with node 8.8

See the full diff

Package name: gulp-open

The new version differs by 6 commits.

• 6535d07 Add note for node v4
• e3d2a38 3.0.0
• 802496f Switch to `opn` ([Snyk] Security upgrade gulp-sass from 2.3.2 to 5.0.0 #32)
• cda4c7f 2.1.0
• 582f888 Allow for file streams with `read:false` - closes [Snyk] Security upgrade gulp-sass from 2.3.2 to 5.0.0 #31
• c93c0f6 update licenses

See the full diff

Package name: gulp-sass

The new version differs by 2 commits.

• 0d2a2bf 3.0.0
• 251fbc8 Bump [email protected]

See the full diff

Package name: jasmine-core

The new version differs by 250 commits.

• 557fb4e proper links in release notes
• ee52023 Bump version to 3.1
• 91296a4 Remove Safari 7 from Travis matrix
• 1923461 Ignore more browser fields when formatting Errors
• 71116d3 don't lock to 2.99 in dev
• 63cc7ca Use Jasmine's arrayContains, instead of includes for better support
• fdecf02 Merge branch 'print_exception_properties' of https://github.com/jbunton-atlassian/jasmine into jbunton-atlassian-print_exception_properties
• 11f4d89 Merge branch 'node-load-errors'
• 1149d4e Use j$.pp instead of JSON.stringify() for pretty printing
• 9ee85c3 Remove duplicate ignored property
• 0367ca5 Merge branch 'patch-closing-statement' of https://github.com/Sylhare/jasmine
• 763a83c Display error properties for failed specs
• 7fb53dc Fixing missing semi-colons
• a9a112e Fixed release notes link
• 0184808 Updated README for 3.0
• 1ac2a6f Allow node to report load time errors
• 785f62c Fix naming and check functions for empty/notEmpty specs
• d8c154a Update empty and notEmpty specs for better IE11 support
• c974c47 Merge branch 'master' of https://github.com/sjolicoeur/jasmine into sjolicoeur-master
• 2b27bd3 Add API docs for async reporters
• 3b77f38 Return <anonymous> for functions that have no actual words between keyword and (
• 1182757 Moved toHaveClass matcher into core so that it can be used in Karma
• 8326ecf Merge branch 'deprecation-object' of https://github.com/UziTech/jasmine into UziTech-deprecation-object
• cd6a0de Merge pull request #1505 from codetriage-readme-bot/codetriage-badge

See the full diff

Package name: karma-coverage

The new version differs by 12 commits.

• 070bba3 chore: release v1.1.2
• 9319dfb chore: update contributors
• 9433b24 Merge pull request Click Issue with ICON on navbar in iPhone.  ionic-team/ionic-v3#339 from johnjbarton/fix-242
• bf599db Merge pull request Latency issues when using audio plugin ionic-team/ionic-v3#344 from AndrewLane/AndrewLane-patch-1
• 595ab98 Fix exclude typo on the check object
• d6d21d2 fix(build): Update to lodash 4
• 954a555 Merge pull request search bar cancel clear the search text ionic-team/ionic-v3#345 from johnjbarton/engines
• d4695cf Update travis to match parent karma project
• 54737bf chore: add grunt-cli `npm test` works out of the box
• 2bc4aa5 docs: add `json-summary` report type
• 3b2bffa fix(reporter): replace colons in the output path
• 1a876d5 docs: Added none as possible value for type

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: remap-istanbul

The new version differs by 13 commits.

• 72ddb4b Add dependency status to README (ionic 3 slides unstablity issue ionic-team/ionic-v3#91)
• 10804e1 fixed: "code" property in coverage.json Slow loading of the page at the first transition. ionic-team/ionic-v3#79 (Delay to show ion-header on ios-transition with “back” direction ionic-team/ionic-v3#82)
• ff0bc8d Fixed issue where basePath option was ignored in case of inline sourc… ([datetime] month days not updating after onth change ionic-team/ionic-v3#80)
• ce92faf Add 'exclude' option for grunt (Long press on ion-textarea to show "paste" menu does not work (android) ionic-team/ionic-v3#72)
• 8d6b5a1 fix relative paths handling in sourcemaps (issue Setting min/max on datetime component does not work with 12-hour clock; am/pm column. ionic-team/ionic-v3#70) (Split Pane Bug?! ionic-team/ionic-v3#71)
• 24eb7b2 stop using WeakMap when not available (issue(toggle): tapping the label should activate the toggle action. ionic-team/ionic-v3#64)
• 32fbb65 Update code to match coding styles (Custom Value Accessors with ion-input (Ionic 2) ionic-team/ionic-v3#90)
• c6a9d48 fix(remap) Added source code as an array to fileCoverage object. (bug: ion-toggle ngModel doesn't trigger checked ionic-team/ionic-v3#73)
• 92d8dc0 Clarify exclude patterns in README (Accessibility - Input fields not functioning with Android TalkBack ionic-team/ionic-v3#69)
• fc6daf2 Update dependencies. (bug: Ionic2 ion-slides not properly working with *ngFor ionic-team/ionic-v3#89)
• 6608623 Graceful handling of invalid/non-existent sourceMappingURL (ionViewWillEnter not fire (push page out of popover and go back) ionic-team/ionic-v3#62)
• 58e0e69 fixed: Missing folder structure in html output Feature: Add Progress bars ionic-team/ionic-v3#50 ([BUG] Can't open side menu while scrolling on page with virtual scroll ionic-team/ionic-v3#65)
• 659f449 Update package metadata

See the full diff

Package name: request

The new version differs by 130 commits.

• 0ab5c36 2.82.0
• ffdf0d3 Updating deps.
• 4386836 Merge branch 'master' of github.com:request/request
• 1527407 Merge pull request #2703 from ryysud/add-nodejs-v8-to-travis
• 3afcbf8 Merge branch 'master' of github.com:request/request
• 479143d Update of hawk and qs to latest version (#2751)
• 169be11 Add Node.js v8 to Travis CI
• 643c43a Fixed some text in README.md (#2658)
• e8fca51 chore(package): update aws-sign2 to version 0.7.0 (#2635)
• e999203 Update README to simplify & update convenience methods (#2641)
• 6f286c8 lint fix, PR from pre-standard was merged with passing tests
• a765593 Add convenience method for HTTP OPTIONS (#2541)
• 52d6945 Add promise support section to README (#2605)
• b12a624 refactor(lint): replace eslint with standard (#2579)
• 29a0b17 Merge pull request #2598 from request/greenkeeper-codecov-2.0.2
• e7b4a88 Merge pull request #2590 from nicjansma/timings-tests
• dd5c02c Updated comment
• 087de94 Merge pull request #2589 from odykyi/fix-tabulation
• 3d5e50d Merge pull request #2594 from ahmadnassri/patch-1
• 0951f47 chore(package): update codecov to version 2.0.2
• baf9c1f chore(dependencies): har-validator -> 5.0.2
• 21b1112 chore(dependencies): har-validator -> 5.0.1
• 51806f8 chore(dependencies): har-validator to 5.x [removes babel dep]
• c57fb72 2.81.1

See the full diff

Package name: serve-static

The new version differs by 52 commits.

• 1c58cfd 1.13.0
• d9c5e27 deps: [email protected]
• 843d1ea 1.12.6
• 54c27ab perf: improve slash collapsing
• 6159b4b deps: [email protected]
• afd17c3 1.12.5
• 0c4ea33 deps: [email protected]
• c859544 deps: parseurl@~1.3.2
• 2700095 build: [email protected]
• f9be141 build: [email protected]
• f79acf0 build: [email protected]
• 7bf8e67 build: [email protected]
• c16b4d1 1.12.4
• 52c2ece deps: [email protected]
• ba7c65b build: support Node.js 8.x
• 93a7d2c build: [email protected]
• c36df59 build: [email protected]
• c3e33f5 build: [email protected]
• 281475f 1.12.3
• b39c5c8 deps: [email protected]
• b28d2b0 build: [email protected]
• cb296b7 1.12.2
• 5dae11e deps: [email protected]
• 546cf80 build: [email protected]

See the full diff

Package name: yargs

The new version differs by 250 commits.

• 706fc7a chore(release): 13.1.0
• 95700d6 test: add tests for alias behavior, based on conversations today (#1291)
• f45a817 chore: slight refactor of approach being used, add support for per-command
• 5be206a feat: add applyBeforeValidation, for applying sync middleware before validation
• cc8af76 chore(release): 13.0.0
• e9dc3aa feat: options/positionals with leading '+' and '0' no longer parse as numbers (#1286)
• ef16792 chore: drop Node 6 from testing matrix (#1287)
• f25de4f chore: update dependencies (#1284)
• 6916ce9 feat: adds config option for sorting command output (#1256)
• 7b200d2 chore: increase test timeout for windows
• 64af518 fix: middleware added multiple times due to reference bug (#1282)
• 61f1b25 doc: update docs to reflect new parserConfiguration method (#1280)
• 3c6869a feat: Add `.parserConfiguration()` method, deprecating package.json config (#1262)
• da75ea2 fix: better bash path completion (#1272)
• e0c62c8 doc: edit help example to align with actual output (#1271)
• bc0ee40 chore: address @aorinevo's code review so that we can land
• f3a4e4f feat: support promises in middleware
• 64a0d7e docs: Testing command modules (#1267)
• 0510fe6 fix(validation): Use the error as a message when none exists otherwise (#1268)
• 27bf739 fix(deps): Update os-locale to avoid security vulnerability (#1270)
• 54e165d docs(advanced): document non-singleton use, .exit() and parsed (#1251)
• 8789bf4 chore(release): 12.0.5
• dc8d63f chore: explicit update to yargs-parser
• eacc035 fix: allows camel-case, variadic arguments, and strict mode to be combined (#1247)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.

[rtd-helper]

The rtd-bot is activated, but no .github/config.yml found in this repository.
Make sure that you have it in your default branch.