[Snyk] Fix for 25 vulnerabilities

[rsmarques]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	494/1000 Why? Has a fix available, CVSS 5.6	Command Injection SNYK-JS-NODENOTIFIER-1035794	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	354/1000 Why? Has a fix available, CVSS 2.8	Insecure use of /tmp folder npm:cli:20160615	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-if

The new version differs by 8 commits.

• 16b1aae update dependencies, bump version: major version because of minimatch@3 and duplexer moving to streams3
• c7f895e Tests that validate gulp-if works for 10, 100, 200, and 400 files. Does this solve #43?
• 3279207 update dependencies, bump version: major version because of minimatch@3 and duplexer moving to streams3
• 54550ad Support passing minimatch options through gulp-match
• 258e68d Merge pull request #54 from dkoleary88/patch-1
• 9b11a70 Fixed spelling error in README.md
• 543354f Merge pull request #50 from pgilad/patch-1
• 10493e9 update license attribute

See the full diff

Package name: gulp-jshint

The new version differs by 20 commits.

• c277434 2.0.3
• 711f3f0 test fix
• 0045278 dep updates
• bee3a83 [readme] spruce things up a bit
• 2cb429b 2.0.2
• f1f3fc2 Merge pull request #150 from VictorVation/master
• 4f1f1cb update minimatch
• 6c9cadd Merge pull request #140 from rtack/patch-1
• 6532823 fix typo
• 4a7f304 2.0.1
• 5c1d63f move to explicitly imported lodash functions
• 81c7498 Merge pull request #139 from rkurbatov/upgrade-lodash
• 631e7ed Update .gitignore
• 368f267 Upgrade lodash version, fix 'repository' field to correct form
• 0d91672 Create CHANGELOG.md
• d7cc9ea version 2.0.0
• 02c4053 added note about jshint peerDependency
• 226ea3b Merge pull request #120 from spalger/jshintAsPeer
• a1c0be4 [npm] install jshint on travis, for old npm and future npm
• 3e7ad84 [npm] move jshint to peerDependencies

See the full diff

Package name: gulp-notify

The new version differs by 18 commits.

• 658efc5 v3.0.0
• b1ba7a2 Adds changelog for bump with node-notifier
• 7d6944e Updates all dependencies
• 08244ea Adds log files to ignore
• 8df5320 Bumps node-notifier dependency to latest
• 507e21f Merge pull request #105 from queicherius/patch-1
• f32b692 Update node-notifier dependency
• f5d3f46 Merge pull request #103 from Toby-S/patch-1
• bbcc4d1 Correct indent_style in .editorconfig
• c0d7501 Update README.md
• 21eed88 Update README.md
• 084f6a1 Adds support for overriding host/port/appname onError. Fixes #91
• e45ef63 Merge pull request #85 from stevelacy/patch-1
• ef56795 Update license attribute
• 80a4c0d Merge pull request #72 from dhruska/master
• 0783a5c Typo fix in README
• b4e95ec Merge pull request #71 from Andorbal/master
• 0c4a168 Fix small typo in README.md

See the full diff

Package name: gulp-uglify

The new version differs by 37 commits.

• 76b5b3a fix(package): update files array
• 5d4c4c6 chore(all): refactor unit tests
• f2b779b feat(composer): implement new API for composing deps
• dbbba30 fix(minify): log warnings to gulplog
• 4cc8751 feat(uglify): add support for UglifyJS3
• ad73ab8 chore(pkg): update dependencies, run lint
• 4656fe5 2.1.2
• ba83a45 fix(package): move eslint dependencies to dev
• 3d0f155 2.1.1
• c722ab9 fix(errors): restore file and line info
• da3e18f chore(prettier): setup prettier
• ec8ba54 fix(tests): UglifyJS errors use "message" property
• 6c336ec v2.1.0
• 35c33f1 chore(uglifyjs): loosen uglify-js pin
• 74b6eff 2.0.1
• 832b427 chore(package): update uglify-js to version 2.7.5
• 1bf0f72 docs(README): link to Why Use Pump?
• ccdc482 docs(pump): fix typo
• 5ddafd2 chore(package): update uglify-js to version 2.7.4
• d5801ca chore(greenkeeper): ignore "gulp-sourcemaps" dependency
• 129df84 chore(package.json): update repository field
• 533ee01 fix(package): update uglify-js to version 2.7.3
• 1f2c508 docs(why-use-pump): fix plugin name
• 2829956 docs(README): fix typo

See the full diff

Package name: laravel-elixir

The new version differs by 68 commits.

• 2def8c9 v5.0.0
• b0bfaf6 Merge pull request #434 from SethTompkins/master
• 4442316 add cache and package cache browserify options keys by default
• cc5cab9 Remove some duplication
• f0491ba Remove gulp-phpspec plugin
• 5fa4b86 Remove gulp-phpunit - closes #418
• e2b2a0f Bump gulp-uglify
• 1a26399 Ignore bang when asserting files exist - closes #429
• 7881b51 Wrote a test for the scripts to test if my changes broke anything.
• 589f56c Moved Uglify Config to the Config.js
• a95c787 Add 4.2.1 notes
• 419232a v4.2.1
• 67a046c Merge branch 'parsnick-cssnano-safe'
• f60df88 Merge branch 'cssnano-safe' of https://github.com/parsnick/elixir into parsnick-cssnano-safe
• 857c338 Merge pull request #425 from hosmelq/master
• 6266453 Do not apply unsafe optimisations in cssnano
• ca8cff5 Only apply 'safe' optimisations in cssnano
• 5477baf Merge pull request #417 from gaomd/patch-1
• 9368b75 Fix section heading level in readme.md
• 05ec9d3 Reference config properly - closes #404
• 7e8b4c8 Fix comment
• 5962e2a Merge pull request #373 from peterfox/feature/dynamic-view-path
• 20c8527 Merge branch 'master' of github.com:laravel/elixir
• 122c92a Merge pull request #375 from odbayar/patch-1

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn