[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 123 commits.

• 156c4e4 2.14.0
• b4db6f9 feat: Added --localOnly flag
• 21edcc1 deps: Bump resp-modifier to inherit updated minimatch - closes #1135
• b7825d9 Add script.domain property - re: #1128
• b72455d Update .travis.yml
• 1ba5230 Update .travis.yml
• e7ced1b 2.13.0
• d9063d6 deps: update eazy-logger micromatch serve-static
• dcba582 docs: remove ref to anymatch. re: https://github.com/Chokidar or Anymatch for glob patterns? BrowserSync/browser-sync#1122#issuecomment-224199203
• a3e115d remove invalid invocation ofl enableDestroy;
• 4b17d60 fix(socket/server): Allow .exit() to immediately shut down all servers as expected
• 2282cad fix(files): implement a more robust (correct) debounce, along with throttle & delay - re: #982 #1121
• 66be45c dev-deps: update bs-html-injector
• 4467e87 2.12.12
• 38ce6ba Add legacy property to plugins options - fix #1120
• 3b7ea77 2.12.11
• 400f10f Add legacy `moduleName` property to plugins options - fix #1120
• 1159244 deps: Add bs-latency for dev
• 5a0ed9d 2.12.10
• cbcb642 Merge branch '1109-directory'
• d0d0c3d test: allow all
• c771362 Merge pull request #1110 from donaldpipowitch/patch-1
• c62cd55 support falsey values for directory setting
• 379b7fc 2.12.9

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-load-plugins

The new version differs by 52 commits.

• bca084b 1.2.3
• 1c080cd Update dependencies to match gulp 4 (#108)
• 229d574 Update package.json
• c54c5ee Update package.json
• 3403a15 Create LICENSE
• a9dd268 1.2.2
• 8a4e1ae Merge pull request [Snyk] Security upgrade del from 2.0.2 to 8.0.0 #105 from jackfranklin/revert-104-'configObject'-initialization
• 95a4b19 Revert "Changed 'configObject' initilization statement to call 'requireFn()' …"
• 59bb7e4 Release 1.2.1
• 420bd67 Merge pull request [Snyk] Security upgrade browser-sync from 2.9.12 to 2.19.0 #104 from mwessner/'configObject'-initialization
• 338852a Update package.json
• 2313d07 Changed 'configObject' initilization statement to call 'requireFn()' function (instead of 'require()') when the 'config' option is provided as a string.
• 440ca65 Merge pull request [Snyk] Fix for 1 vulnerabilities #103 from Trial-In-Error/patch-1
• d981708 Update README
• 672e085 Merge pull request [Snyk] Security upgrade http-proxy-middleware from 0.9.1 to 0.20.0 #101 from iamfrontender/master
• 60fb3e9 addition to contributors list
• fe89f33 Added `enumerable:true` for lazy loaded plugin props
• f302ea5 Add explicit lint task
• c6eb39d Remove Makefile
• dd60b88 Update CONTRIBUTING with eslint info
• 7ac1fd0 Merge pull request [Snyk] Security upgrade browser-sync from 2.9.12 to 2.19.0 #97 from ryan-codingintrigue/master
• 2b894f5 Run Travis on 4.1 and 0.12
• b615316 Added spacing to .eslintrc arrays
• ef63905 Replace jshint with eslint

See the full diff

Package name: gulp-protractor

The new version differs by 37 commits.

• 78cff27 2.5.0
• 54ba2aa Add protractor v4 support
• e66db95 Update changelog for 2.4.0 release
• af9069f 2.4.0
• 2750b17 Merge pull request #109 from manoj9788/master
• c00992b upgrade protractor to 3.3.0
• fc79938 Merge branch 'manoj9788-master'
• d80c203 Update changelog for 2.3.0 release
• 21329d8 2.3.0
• 67c8906 2.3.0
• 15ac0ff Merge pull request [Snyk] Security upgrade del from 2.0.2 to 8.0.0 #105 from manoj9788/patch-1
• 6783aa0 updating to latest protractor version
• 2cb9f60 2.2.0
• 4dd54c6 Upgrade package deps
• 059859b Fix indentation and spelling errors
• b2c5c20 Merge pull request [Snyk] Security upgrade gulp from 3.9.1 to 5.0.0 #98 from pedrro/master
• 053d666 Merge pull request [Snyk] Security upgrade browser-sync from 2.9.12 to 2.26.9 #92 from barroudjo/patch-1
• d48a8d7 Merge pull request [Snyk] Security upgrade browser-sync from 2.9.12 to 2.26.9 #95 from simison/patch-1
• 127da8f updating protractor version
• e629a80 Update deprecated license(s) field
• a8f1b38 Update package.json
• 4bf6e2f 2.1.0
• 459ccb9 Update changelog for 2.1.0 release
• 966f30c Merge pull request [Snyk] Fix for 1 vulnerabilities #89 from mllrsohn/revert-80-master

See the full diff

Package name: gulp-useref

The new version differs by 12 commits.

• b2358b8 Update .npmignore.
• 79c2a0e 2.0.0
• 8d6e5eb Fix failing tests.
• cbc0716 Merge branch 'hadrienk-master'
• 0937855 Merge branch 'master' of https://github.com/hadrienk/gulp-useref into hadrienk-master
• 2858b57 Update README.
• 1360869 Fix issue with files being lost.
• b15579d Update vinyl-fs.
• 3b9c0fe Update dependencies.
• 8bb699c Update gulp and jscs packages.
• d9acf23 Add the mustexist option to make the stream emit and error if a file is missing
• 0b64feb Add tests for the pull request

See the full diff

Package name: main-bower-files

The new version differs by 25 commits.

• 3e72915 Merge branch 'nathanaelnsmith-master'
• c10c547 Updated README.md and added unit test for exclude group feature
• 7597ec7 2.12.0
• 795e59b Finished implementing excluding group from bower file list.
• ff9ae8a Fixed issue with variable referenced out of order
• fa9b96d Exclude group from dependencies
• 8f4bb2c updated vinyl-fs
• 8ef5cf6 version 2.11.1
• 74c146e Merge branch 'pwang2-fix-bower-main-slash'
• d49d53d Merge branch 'fix-bower-main-slash' of https://github.com/pwang2/main-bower-files into pwang2-fix-bower-main-slash
• 78e91cd updated tern config file
• 580e540 add test for slash path deny
• 4e2a320 Deny absolute bower main file,
• b9cb4fc prove giving wrong message when main path start with /
• 5eb5072 version 2.11.0
• 75d0445 Merge pull request #123 from ball6847/feature-deps-group
• 73faa81 add semicolon to the missing line
• 39524a7 add more test and document about group option
• 09e230e add tests for group options
• e918565 make it supports node v0.10, as travis-ci run on this version
• d9dff42 add dependency group options
• bafd804 Merge pull request #120 from red2678/patch-1
• f2f53e1 Fix Typos
• 22db94e Fixed readme linebreaks

See the full diff

Package name: wiredep

The new version differs by 32 commits.

• e44d2c9 3.0.1
• 505fbcd update safe main deps
• eab46b8 3.0.0
• 0f5e9b4 Merge pull request #223 from danielsiwiec/master
• c84c057 Fix a problem with CLI -b argument misbehaving
• 5339a49 Merge pull request #206 from ahmednuaman/patch-1
• 1dde839 updated readme to make it clearer than an override can be an array
• de70dc7 create empty dir
• 4192963 3.0.0-beta
• 6fb88e0 continue processing if main file not found - thanks @george-aprozeanu
• 02b7410 remove eliteDependencies & magic path detection behavior
• 571d469 Merge pull request #147 from surgeforward/default-html-type
• 52bfcab Merge pull request #174 from tubia/patch-1
• 4091161 Update readme.md
• 958bccd Merge pull request #188 from rogerbraun/patch-1
• 3d69ea1 Make it explicit what wiredep does.
• 5240d50 Merge pull request #186 from pgilad/patch-1
• b3ac023 update license attribute
• a1a63ad Update Bower Overrides explanation
• db78c86 Dealing with Bower package shortcomings
• 5792887 Restore permissions.
• 4d8a6a3 Merge branch 'master' into default-html-type
• 48fb10d Undo tests.
• f3dacdc Fix borked test.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic