[Snyk] Fix for 2 vulnerabilities

[benweizhu]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	No Known Exploit
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 250 commits.

• 2b55728 v2.26.9
• 2bf8812 v2.26.8
• 0f3cc0b fix: npm audit fixes (root)
• ba1f09f fix: npm audit fixes
• d89252a Merge pull request #1749 from ProLoser/securityFix
• df81272 Merge pull request #1771 from tolulawson/master
• 64f87b9 Merge pull request #1768 from fozzleberry/bump-http-proxy-1.18.1
• 43dc459 Merge pull request #1725 from nitinbansal1989/master
• 894d031 -- Corrected codesync tagline
• 0667104 used correct syntax on bump
• 938e611 bumped node engines to >= 8.0.0
• 20a0334 bumped http proxy to >=1.18.1
• c103029 Security fix for #1649
• 864c9f1 upgrade chokidar version
• 2191369 v2.26.7
• 53f9b36 docs: readme
• 0b3d98b v2.26.6
• fdfc681 tests: add e2e tests to package.json
• c56cfd9 Merge pull request #1698 from emeitch/fix_deprecated_header
• 2fd598f Merge pull request #1690 from XhmikosR/xmr-ci
• 841ccd5 Merge pull request #1694 from coliff/patch-1
• 209c9c1 Merge pull request #1697 from gaards/update-localtunnel
• 87bee4b Use getHeaders or _headers
• 77abfd3 Update localtunnel

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: karma

The new version differs by 250 commits.

• 42933c9 chore: release v4.2.0
• db1ea57 chore: update contributors
• a1049c6 chore: update eslint packages to latest and fix complaints (#3312)
• 70b72a9 fix(logging): Util inspect for logging the config. (#3332)
• 1087926 fix typo: (#3334)
• 182c04d fix(reporter): format stack with 1-based column (#3325)
• f0c4677 docs(travis): Correct the docs to also show how to do it on Xenial (#3316)
• 3aea7ec chore(deps): update core-js -> ^3.1.3 (#3321)
• 5e11340 chore: revert back to Mocha 4 (#3313)
• 1205bce chore(test): fix flaky test cases (#3314)
• 7f40349 Cleanup dependencies (#3309)
• 7828bea chore: update braces and chokidar to latest versions (#3307)
• fe9a1dd fix(server): Add error handler for webserver socket. (#3300)
• 13ed695 chore: release v4.1.0
• d844a48 chore: update contributors
• ce6825f fix(client): Only create the funky object if message is not a string (#3298)
• 7968db6 fix(client): Enable loading different file types when running in parent mode without iframe (#3289)
• 6556ab4 fix(launcher): Log state transitions in debug (#3294)
• 7eb48c5 fix(middleware): log invalid filetype (#3292)
• c7ebf0b chore: release v4.0.1
• c190c4a chore: update contributors
• 375bb5e fix(filelist): correct logger name. (#3262)
• c43f584 fix: remove vulnerable dependency combine-lists (#3273)
• 4ec4f6f fix: remove vulnerable dependency expand-braces (#3270)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption