[Snyk] Fix for 53 vulnerabilities

[benweizhu]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-CONNECT-5846225	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	No	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Denial of Service (DoS) npm:connect:20120107	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:connect:20130701	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:express:20140912	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:qs:20140806	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 250 commits.

• 52ab250 v2.28.0
• 019f8ea fix: remove document.write (#2019)
• 3b0581e browser-sync-2017 use chalk everywhere (#2018)
• c1db647 v2.27.12
• 6a8133d build(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 (#2011)
• 61bfdd9 build(deps): bump cookiejar in /packages/browser-sync (#2006)
• 9d71626 build(deps): bump cookiejar in /packages/browser-sync-ui (#2005)
• f5fd00f build(deps): bump parse-url and lerna (#2000)
• 54d16e4 build(deps): bump minimist in /packages/browser-sync-ui (#1998)
• 98ae491 build(deps): bump minimist from 1.2.5 to 1.2.7 (#1997)
• 423d137 build(deps): bump socket.io-parser in /packages/browser-sync-ui (#1996)
• 9b46af3 build(deps): bump moment in /packages/browser-sync-ui (#1973)
• 769c4df build(deps): bump ua-parser-js in /packages/browser-sync (#2007)
• 01caeb3 v2.27.11
• 74873cc updated deps (#1995)
• 88527a8 Add CodeSee architecture diagram workflow to repository (#1972)
• f6965a6 v2.27.10
• e6c7bed Updated portscanner to 2.2.0 (#1960)
• 6a587ec fix readme's
• 91258ae Merge branch 'browser-sync-1946-esbuild'
• f48d6b4 👋 app veyor
• 30c24dc Merge pull request #1947
• 9d24de5 drop webpack from UI
• 7a00341 build client with esbuild

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-angular-filesort

The new version differs by 8 commits.

• f63f018 chore(release): version 1.2.0
• 1f03068 chore(dependencies): update dependencies
• 526a078 chore(dependencies): drop dependency on deprecated `gulp-util` ([Snyk] Security upgrade browser-sync from 2.9.12 to 2.25.0 #56)
• 6c23f65 Initial Alphabetic Sorting ([Snyk] Security upgrade gulp-autoprefixer from 3.0.2 to 8.0.0 #50)
• adb2679 Adding recommendation about Browserify/Webpack
• 1eb07a5 Merge pull request [Snyk] Security upgrade gulp-sass from 2.0.4 to 3.0.0 #40 from mgcrea/patch
• 2446f35 refactor(plugin): use through2
• f1c766a chore(npm): update deps

See the full diff

Package name: gulp-autoprefixer

The new version differs by 33 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` ([Snyk] Security upgrade browser-sync from 2.9.12 to 2.26.9 #92)
• 7828646 Upgrade to Autoprefixer 8 ([Snyk] Security upgrade gulp-sass from 2.0.4 to 5.0.0 #96)
• d008588 4.1.0
• 27816c3 Meta tweaks
• 94f3447 Drop dependency on deprecated gulp-util ([Snyk] Fix for 10 vulnerabilities #94)
• 60aead3 Test against Node.js v8 ([Snyk] Security upgrade browser-sync from 2.9.12 to 2.26.9 #90)
• 5188604 4.0.0
• 04814b7 Rewrite tests to use AVA
• 7df69ba ES2015ify, bump postcss, require Node.js 4

See the full diff

Package name: gulp-eslint

The new version differs by 3 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (#224)

See the full diff

Package name: gulp-filter

The new version differs by 18 commits.

• 845b913 5.1.0
• b00bb32 Meta tweaks
• 52df753 Remove deprecated gulp-util dependency ([Snyk] Fix for 1 vulnerabilities #86)
• b9fb0bc 5.0.1
• b40dd36 Meta tweaks
• d7cf3d4 Support Windows for resolve path ([Snyk] Security upgrade gulp-sass from 2.0.4 to 5.0.0 #80)
• f27adc6 Fix testcase for Windows ([Snyk] Fix for 1 vulnerabilities #81)
• 7276430 5.0.0
• 835efdf ES2015ify and require Node.js 4
• f148c7b Add support for relative parent paths ([Snyk] Security upgrade wiredep from 2.2.2 to 3.0.1 #78)
• 2e3dd05 Fix option typo
• f1dbe11 meta tweaks
• a551307 Merge pull request [Snyk] Security upgrade gulp-uglify from 1.4.2 to 3.0.0 #60 from leocaseiro/patch-1
• 922496e Fix documents with references from [Snyk] Security upgrade gulp-sass from 2.0.4 to 5.0.0 #55
• 317ec39 4.0.0
• b0728ab Merge pull request [Snyk] Security upgrade browser-sync from 2.9.12 to 2.26.9 #59 from cb1kenobi/relative-fix
• 5fd40bc Fixed code to use the correct relative path wrt the current working directory.
• 3310ca3 improve readme

See the full diff

Package name: gulp-flatten

The new version differs by 12 commits.

• 0119b8c new verstion with dropped deprecated deps
• 14b1908 tests now passes on node 9.x.x
• fc2e3f9 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #15 from TheDancingCode/issue-14
• bff1212 Drop dependency on deprecated `gulp-util`
• 8a83216 exapmple output fix
• 04c2b46 v0.3.1
• 7fc66c4 refactor: nested functions was defined on each call
• 2229a21 bump v0.3.0
• 48a1557 update deps
• ce64bc0 Merge pull request [Snyk] Fix for 2 vulnerable dependencies #11 from fkammer/new-subpath-option
• 0b24d9c Updated Readme
• a5c26a7 Adds option subPath

See the full diff

Package name: gulp-inject

The new version differs by 38 commits.

• 3a3b465 fix: drop dependency on deprecated `gulp-util` (#236)
• cf66da0 chore: upgrade semantic-release
• 390979d chore: fix whitespace
• 424556f chore: only run release script on the "master" branch
• b50afff docs: readd HELP WANTED to README
• 8f2d6e5 docs: readd info on options.quiet (#187)
• e845894 chore: add commitlint with corresponding git hook [ci skip]
• b37939e feat: add semantic-release
• 3a6748b docs: add HELP WANTED to README
• 4ddfcf4 chore(release): 4.2.1
• 00c43dc docs: add info on options.quiet (#187)
• e64a6b6 chore: Log the correct plural state of the number of injected files (#193)
• 687bfdf fix(endtag): use correct default for endtag (#228)
• 43de8c2 docs: improve table of contents
• c978fd7 chore(release): 4.2.0
• a67a38b docs: add table of contents
• 503b77e feat(tags): add {{path}} parsing to 'start-' and 'endtag' (#175)
• f979e04 docs: add definitions of "gulp-concat" and "gulp-uglify" (#208)
• 00808c5 docs: gulp-inject does not require NodeJS v4 anymore
• c3cea60 chore(release): 4.1.0
• 7649b38 fix: making it possible to inject source map files into html (closes #176)
• 8078cd9 fix: don't remove wanted whitespace when removing tags (closes #177)
• b4fd0d6 fix: only log file count for files actually injected (closes #184)
• 68add8a fix: don't use ES2015 syntax (closes #171)

See the full diff

Package name: gulp-ng-annotate

The new version differs by 9 commits.

• 18ba641 2.1.0
• 998fbc9 Disable package lock
• 002e043 Migrate away from deprecated gulp-util
• edeac0f Fix travis build
• 9ce0ed8 Merge pull request [Snyk] Security upgrade gulp-sass from 2.0.4 to 3.0.0 #43 from suvjunmd/options
• 5ded9c5 Fixed options link
• 3e8d504 2.0.0
• c92de58 Update deps
• 3a42189 Remove [Snyk] Security upgrade phantomjs from 1.9.20 to 2.1.1 #26 workaround

See the full diff

Package name: gulp-protractor

The new version differs by 72 commits.

• 64aefe4 Release 4.1.1
• c082531 Merge pull request #140 from PWKad/master
• c454f45 Peg event-stream at 3.3.4
• 3e8810f Merge pull request #136 from TheDancingCode/issue-135
• dbaeeef Drop dependency on deprecated `gulp-util`
• 9254186 README updated
• 714f642 Merge pull request #127 from mllrsohn/spawn_to_fork
• 8fe9ebd bump to 4.1.0
• 8e773b1 Resolve build issue windows path with spaces
• 0f4055e Merge remote-tracking branch 'remotes/origin/master' into spawn_to_fork
• b3ccbc2 Merge pull request #107 from shanegarner/master
• 14af957 Delete selenium-server-standalone-3.2.0.jar
• 49590b7 More changes with formatting.
• 2cdf8f6 Formatting done for index.js and spawn changed to fork for protractor.
• aae9220 Example 2 updated
• 2a6be47 #126 allScriptsTimeout added in example
• 70d4061 #126 selenium-stanalone jar added
• 4d54b8f #126 Stupid solution
• eb6f52e Fixed examples for gulp protractor
• ffb1070 Updated version to v4.0.0
• 4a97325 version updated to v4.0.0
• 6b79a46 Merge pull request #124 from rahulmr/protractor_update
• 884ac5a Update README.md
• 099729d Revert "Updated readme to include travis"

See the full diff

Package name: gulp-rev

The new version differs by 44 commits.

• bb3a3fd 8.1.1
• e46406b Replace gulp-util with smaller modules (#237)
• 6c9bcac Remove Code Sponsor
• fe0c551 8.1.0
• 47ffbe0 Bump `rev-path`
• fc74b5b Try out Code Sponsor
• cdf63fa Pass resolved, absolute paths to relPath() (#220) (#222)
• 567c340 Update readme.md (#224)
• 898dffc 8.0.0
• d290ff8 Meta tweaks
• a89f0df Make tests independent of platform specific path separator (#219) (#221)
• 71a0377 Add a note about non-deterministic streams order (#213)
• f5ee9ee Meta tweaks
• 731be70 Move list of maintainers into the readme for visibility
• 192a075 Meta tweaks
• 7acdb13 Move tests from Mocha to AVA (#212)
• 82c185c More realistic example (#203)
• 02fbeba add XO badge
• 8686e62 [breaking] ES2015ify and require Node.js 4
• ed53cef meta tweaks
• 17d6bb4 docs: change number of approaches (#196)
• e895123 7.1.2
• c9ba5b2 7.1.1
• f16a865 trying out something new

See the full diff

Package name: gulp-sass

The new version differs by 106 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options
• 0b3c7e7 4.0.1
• daca90d Merge pull request #681 from DKvistgaard/master
• 71471c2 Declaring logError as function instead of arrow function.
• 450a7b8 4.0.0
• e9b1fe8 Fix node versions in appveyor.yml
• 44be409 Merge pull request #667 from dlmanning/next
• 7656eff Adopt airbnb eslint preset
• 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
• 9fa817b Bump gulp-sourcemaps@^2.6.4

See the full diff

Package name: gulp-size

The new version differs by 6 commits.

• 0c46c56 3.0.0
• a6b2e9c Meta tweaks
• 1064ce9 Drop dependency on deprecated gulp-util, ES2015ify, require Node.js 4 ([Snyk] Security upgrade gulp-sass from 2.0.4 to 3.0.0 #40)
• 1303830 2.1.0
• 21a5c38 tweaks
• 17fa6a5 Close [Snyk] Security upgrade browser-sync from 2.9.12 to 2.25.0 #34 PR: Allow supress 'all files' output. Fixes [Snyk] Fix for 1 vulnerable dependencies #5

See the full diff

Package name: gulp-uglify

The new version differs by 49 commits.

• e4f9045 2.0.0
• 566ec6a refactor(tests): write tests with mocha
• 5651111 refactor(tests): replace `cmem` with `testdouble`
• b82387b refactor(tests): compose streams with `mississippi` utilities
• 1232c3c fix(errors): emit errors of type `GulpUglifyError`
• 5632cee fix(minifer): use `gulplog` for the warning
• 8160697 feat(minifier): use UglifyJS 2.7.0's input map support
• 3ec8fc3 chore(package): update uglify-js to version 2.7.0
• a9c55b9 doc(README): spelling mistake in example
• 80da765 chore(release): 1.5.4
• 01fb8ca chore(package): update uglify-js to version 2.6.4
• 8aa877e chore(package): update uglify-js to version 2.6.3
• 0027093 chore(lint): resolve lint failures
• fe2158a chore(package): update xo to version 0.16.0
• a03b663 docs(README): document how to minify (some) ES6
• 1eb00a8 chore(xo): resolve lint failures
• a4376ad chore(package): update xo to version 0.15.0
• c9d11a1 docs(pump): correct error handler example
• b446cf7 docs(README): clean up badges
• c3f6005 docs(README): suggest using `pump` to capture errors
• eb9893e chore(line): resolve [email protected] lint failures
• ...