[Snyk] Fix for 2 vulnerabilities

[abhijitkane]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	753/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jscs

The new version differs by 23 commits.

• 4d420d3 2.8.0
• 1dcc96d Misc: add 2.8.0 changelog
• d0fd51a Revert "New rule: requireObjectShorthand"
• 0e269c5 New rule: requireObjectShorthand
• defc537 maximumLineLength: improve `functionSignature` option
• 12a2206 `maximumLineLenght` - rewrite `allowFunctionSignature` handling
• 66f3f47 `maximumLineLength`: abstract common boilerplate into local `removeLoc` function
• a8517fe maximumLineLength spec: functions in variables should test all variations
• a2827a2 maximumLineLength spec: add `should report functions within comments`
• 4f12ed3 maximumLineLength spec change: should *not* report functions stored in variables
• d2d3bfe maximumLineLength spec: add `should not report functions within IIFE blocks`
• 04b3274 Internal: inline visitor-keys temporarily
• 1afee41 disallowNewlineBeforeBlockStatements: add `allExcept` option
• c1afd2e disallowAnonymousFunctions: Added explanations about the rule
• 1b693db Preset: Update airbnb preset braces/bracket spacing
• 95dc04b requirePaddingNewLinesAfterBlocks: Improve jsx logic
• b6dc5a3 Tests: make linters happy
• 15c2484 string-checker: clean max-error logic and tests
• bf6c882 Tests: do not break in .10 node
• 4158f1a disallowDanglingUnderscores: do not rewrite `__proto__` property
• 89b0440 Docs: add npm version badge
• 39f84cb requireCamelCaseOrUpperCaseIdentifiers: improve `ignoreProperties` opt
• f601bf5 Docs: move maxErrors example to the correct place

See the full diff

Package name: jshint

The new version differs by 250 commits.

• d5c1a00 v2.9.6
• ab3ab85 [[FIX]] Do not warn about non-ambiguous linebreaks
• eaca85b [[CHORE]] Improve test coverage for ASI warning
• 0a66710 [[FIX]] Relax restriction on asgnmnt to arguments
• 3aa02db [[FIX]] Tolerate division following closing brace
• 55aa54e [[FIX]] Correct restriction on function name
• ff71d3c [[FIX]] Remove warning W100
• bcb3b23 [[CHORE]] Complete Lodash update (#3283)
• 030713d [[DOCS]] Introduce administration e-mail address
• 7993101 [[FIX]] Fix "is is" message typos
• 578575d Merge pull request #3254 from mathiasbynens/unicode-10
• d763e70 Use old Unicode version for ES5 identifiers
• 77414e8 Update to Unicode v11
• 5995a9f [[FIX]] Restrict IdentifierNames in ES5 code
• f2ce8fe [[TEST]] Add regression test
• 8df4a32 [[FIX]] Correct spelling of Uint8ClampedArray
• 274d2be [[DOCS]] Add a code of conduct
• e0b4e91 [[CHORE]] Update to latest version of Lodash
• 6b7feae Merge branch 'master' into unicode-10
• 5276788 [[TEST]] Use `test262-stream`
• 98316fe [[TEST]] Extend Test262 "expectations" file
• 32aa96a [[TEST]] Reformat Test262 "expectations" file
• 3b125e5 Update identifier data to ES2015+ and Unicode 10
• 157a508 [[CHORE]] Correct linting violation

See the full diff

Package name: sails

The new version differs by 250 commits.

• 6e73a65 1.0.0
• 5f1d8b3 1.0.0-49
• 616e4e1 Insist on the latest sails-generate.
• 6ab0a5a 1.0.0-48
• 1e28823 Lifting with --redis now sets @ sailshq/connect-redis and @ sailshq/socket.io-redis.
• 9f29a03 Change approach from what was begun in 520a3c8cac5db1d9698c50efff82e476ec64fca8 so that we maintain the correct package name for the purpose of require().
• 520a3c8 Tolerate '@ sailshq/connect-redis' as session adapter.
• e2813f5 1.0.0-47
• 6768743 Tweak warning message.
• ce95c84 Update comments to reflect that req.setLocale() is fully supported as of Sails v1.0 and beyond.
• 0753a99 Trivial
• 3bdd786 Tweak troubleshooting tips.
• e8f9bee Check dev-dependencies for sails-hook-grunt
• e8493a6 1.0.0-46
• d1b6061 run tests on Node 9
• b3afed7 Fix issue with CSRF black/whitelists and routes containing optional params when the requested URL contains a querystring but NOT the optional param (whew!)
• 663527f Fix test error output
• 69ead96 Revert 35ae3ccba472bf4a8edb8ffd7d579d18391d1ba0 in favor of clarifying some of the wording.
• 35ae3cc Experiment with customizable www path
• a89d7a4 extrapolate www path
• a2a0789 Tolerate sails-hook-grunt specified in devDependencies when running sails www
• 0b42c59 Don't attempt to create a Redis connection if "client" is provided.
• 1700788 Update LICENSE.md
• 9c532dc Merge pull request #4267 from luislobo/patch-3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic