[Snyk] Fix for 8 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:bson:20180225	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:validator:20180218	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-tape

The new version differs by 14 commits.

• 7754fb0 0.0.10
• 0f1292a Edit README.md
• 83ffefd Remove `peerDependencies
• b651741 Freshen `yarn.lock`
• deca92b Edit README.md
• 593026c Add `fancy-log`, `standard`
• e2e8e6f Refactor
• 0dc3824 Lint
• 81870a2 Add `bail`
• 5b85266 Run `tape` in a child process
• 4584b98 Reorganise tests
• 21b87d4 Refactor
• 9eab436 Add `plugin-error`
• 0a33604 Clean up

See the full diff

Package name: joi

The new version differs by 250 commits.

• b3833c4 17.1.1
• ed5990a Fix domain validation in relative uri. Closes #2316
• 1d1fd3f Merge pull request #2314 from jsoref/api-schema-object-foo-number-min-error
• c4d072b Update API.md - correct sample - fails because is gone
• b0ab57c Merge pull request #2305 from cbebry/patch-1
• d9738fb Update API.md - valid() no longer takes arrays
• 6ec7131 Merge pull request #2293 from hapijs/consider-changeless-forks
• e9f1865 Fix error on changeless forks. Fixes #2292.
• a9b5c3c Merge pull request #2281 from moonthug/patch-1
• 17118ce Fix example joi extension
• 48a3006 17.1.0
• 2417a42 Better annotate handling. isError. Closes #2279. Closes #2280
• 26206ed Merge pull request #2278 from Bjorn248/master
• 9768802 fix typo in LICENSE
• 8d72fac 17.0.2
• 038854b Consistent keys term. Closes #2269
• a7102c6 17.0.1
• 90a2b19 Move flag back to proto. Closes #2268
• 86636f3 17.0.0
• 9acff1d Update deps. Closes #2263
• 3bcab3a Move annotate() our of browser. Closes #2261
• c75a8f0 Merge branch 'master' of github.com:hapijs/joi
• 057248b Clarify rename(). For #2216
• fa9dd37 Merge pull request #2259 from nwhitmont/master

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 76fae6d chore: release 5.3.9
• 40d4177 Merge pull request #7213 from NewEraCracker/master
• 751397c fix(document): run setter only once when doing `.set()` underneath a single nested subdoc
• 10837d4 test(document): repro #7196
• 10a63a9 Bump version of bson dependency to match mongodb-core
• d10274e docs(transactions): add example of aborting a transaction
• d245847 Merge branch 'master' of github.com:Automattic/mongoose
• 551a75b chore: add cpc to some pages that were missing it
• 1ca3514 Merge pull request #7210 from gfranco93/patch-1
• c1606b6 Merge pull request #7207 from lineus/fix-7098
• e9d538e Merge pull request #7203 from lineus/fix-7202
• 8f16b67 fix(document): surface errors in subdoc pre validate
• 87005a1 test(document): repro #7187
• 5b1d81c Documentation fix: fixed anchor link
• eebfb36 docs(query): add note re: cursor()
• c1e2617 docs(query): improve find() docs re: #7188
• 526f82d fix(query): run default functions after hydrating the loaded document
• 320d5f8 test(query): repro #7182
• 64c6d15 if our update schema path is a nested array do not skip query casting.
• 5d122e8 test for #7098
• 5ba13a7 refactor(test): move strictQuery tests to query.test.js since they do not use findOneAndUpdate()
• 4121629 chore: refer to correct issue #7178
• 22ed5d2 fix(query): handle strictQuery: 'throw' with nested path correctly
• 8c16354 test(query): repro #7152

See the full diff

Package name: mrhorse

The new version differs by 27 commits.

• 2b57dbf 4.0.0
• 760d453 readability
• fc8015d typo in docs
• a7eaa8d clarify policy run order in docs
• ff5b307 Update dependencies to latest
• 8dfd32c Fix security issues in dependencies
• 62793f3 pick Merge branch 'robmcguinness-upgrade-hapi-libs'
• 3d26118 Fix code coverage by removing unused code paths
• ec3e5af add package-lock.json
• 02a14f7 build: upgrade hapi deps to scoped packages
• b0cc09f 3.0.1
• 8ebc3c7 Add watchApplyPoints hint for dynamic only policies
• b14ab2f Merge pull request [Snyk] Fix for 3 vulnerabilities #37 from microcipcip/master
• 6a81e07 Updated docs to reflect Hapi 17 syntax
• 28a2d20 Updated docs to reflect Hapi 17 syntax
• 940603d Merge branch 'master' of github.com:mark-bradshaw/mrhorse
• d2ed9af Fix code style
• 673f7d4 Adding Aleksi to the list. This is late. Apologies.
• 903a0fb Remove dependency badge
• 50be779 Merge branch 'R3PI-master'
• 0f72491 Fix examples
• c30619d Polish
• 45cd2c8 Exposed parallel() via server.plugins.parallel
• d16f0a1 HAPI 17 support

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution
🦉 Prototype Pollution