[Snyk] Fix for 8 vulnerabilities

[one3chens]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: imagemin-mozjpeg

The new version differs by 14 commits.

• 6f609da 9.0.0
• 96e9427 Require Node.js 10 (#50)
• 03f1abd Tidelift tasks
• 86fd015 Use Travis to test on Windows (#38)
• 1974fd9 8.0.0
• dda0b01 Update .travis.yml (#34)
• 005b789 7.0.0
• 503ac59 Fix Travis
• 0a061a3 Add `sample` option
• d59069f Rename some options
• 722826f Meta tweaks
• eb01653 Bump dependencies
• 465b237 Use buffer directly ([Snyk] Security upgrade imagemin-mozjpeg from 6.0.0 to 7.0.0 #16)
• e82da89 Test on Node v6.x instead of v5.x

See the full diff

Package name: imagemin-pngquant

The new version differs by 22 commits.

• 0754402 9.0.0
• d285e92 Require Node.js 10 (#67)
• 61997a2 8.0.0
• 7049509 Require Node.js 8
• 6ce8a90 Use Travis to test on Windows (#57)
• 97c4d23 Fix the default documented value for the `speed` option (#55)
• cdf2f26 7.0.0
• b2ad077 Add TypeScript definition (#54)
• 0e0edd2 Fix the `quality` option
• fdac781 Update dependencies
• fd535b0 Change the `quality` option to be a float from 0 to 1
• 201aa20 Add strict options checks
• e6c1b97 Docs improvements
• 507d8ab Fix the documented `quality` option type
• b96f2ac Fix the default documented value for the `dithering` option
• 515fb7e Rename `floyd` option to `dithering` and drop the `nofs` option
• 479a3e8 6.0.1
• 6b0e2a6 Don't throw on inputs larger than 10 MB (#52)
• be923c2 6.0.0
• fcf28bb Update to pngquant 2.12.0
• ec458e9 Require Node.js 6
• 6b65fa9 Add `strip` option (#44)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)