[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• 879c373 6.6.0
• c8ba30a Build: changelog update for 6.6.0
• 39dfe08 Update: false positives in function-call-argument-newline (fixes #12123) (#12280)
• 4d84210 Update: improve report location for no-trailing-spaces (fixes #12315) (#12477)
• c6a7745 Update: no-trailing-spaces false negatives after comments (fixes #12479) (#12480)
• 0bffe95 Fix: no-misleading-character-class crash on invalid regex (fixes #12169) (#12347)
• c6a9a3b Update: Add enforceForIndexOf option to use-isnan (fixes #12207) (#12379)
• 364877b Update: measure plugin loading time and output in debug message (#12395)
• 1744fab Fix: operator-assignment removes and duplicates comments (#12485)
• 52ca11a Fix: operator-assignment invalid autofix with adjacent tokens (#12483)
• 0f6d0dc Fix: CLIEngine#addPlugin reset lastConfigArrays (fixes #12425) (#12468)
• 923a8cb Chore: Fix lint failure in JSDoc comment (#12489)
• aac3be4 Update: Add ignored prop regex no-param-reassign (#11275)
• e5382d6 Chore: Remove unused parameter in dot-location (#12464)
• 49faefb Fix: no-obj-calls false positive (fixes #12437) (#12467)
• b3dbd96 Fix: problematic installation issue (fixes #11018) (#12309)
• cd7c29b Sponsors: Sync README with website
• 8233873 Docs: Add note about Node.js requiring SSL support (fixes #11413) (#12475)
• 89e8aaf Fix: improve report location for no-tabs (#12471)
• 7dffe48 Update: Enable function string option in comma-dangle (fixes #12058) (#12462)
• e15e1f9 Docs: fix doc for no-unneeded-ternary rule (fixes #12098) (#12410)
• b1dc58f Sponsors: Sync README with website
• 61749c9 Chore: Provide debug log for parser errors (#12474)
• 7c8bbe0 Update: enforceForOrderingRelations no-unsafe-negation (fixes #12163) (#12414)

See the full diff

Package name: gravatar

The new version differs by 19 commits.

• 792cc1c Added contributor to version changelog
• 95717c0 Merge pull request [Snyk] Fix for 1 vulnerabilities #53 from dscalzi/hotfix/patch-vulns
• b429438 Fix Node version on readme.
• 6a56c4e Patch vulns, drop support for EOL Node versions.
• dd76e57 Version 1.8.0
• 8398bb9 Merge pull request [Snyk] Security upgrade nconf from 0.8.4 to 0.11.4 #39 from sqlwwx/master
• b238884 test for cdn options
• f4b0526 fix should generate uri with user passed parameters and protocol in options
• 6697b78 Version 1.7.0
• 77a5d8d Adding Node LTS and stable versions to travis
• 63791b9 Fixed vulnerability and also added package-lock to git repo
• 2dd3e95 Merge pull request [Snyk] Fix for 1 vulnerabilities #42 from actano/master
• 3936334 Upgrade node js version in travis test matrix
• df9f5ff v1.7.0
• eece2c3 Upgrade dependencies
• 8f6ddd8 Use yarn
• 8c543a0 Fix test
• 9eb825d Update gravatar.js
• 988b196 Update gravatar.js

See the full diff

Package name: gulp-eslint

The new version differs by 21 commits.

• 5dd78fa 6.0.0
• a35a203 Upgrade to ESLint 6 (Consider React Reusable Component Factory este/este#235)
• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (Consider moving editable.react to lib este/este#224)
• a58a58d 4.0.2
• 0880d1a update plugin-error and mocha
• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (Buttons are not a page este/este#213)
• 35eae57 update devDependencies (Observables as state instead of Flux este/este#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (Add inline edit component este/este#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (Purification of the whole application este/este#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README

See the full diff

Package name: nconf

The new version differs by 34 commits.

• 85229df chore: enable circleci
• 91e9106 chore: update changelog
• 4122731 0.11.0
• 56794d1 chore: upgrade deps to fix security vulns
• 1392ac4 0.10.0
• 01f25fa Regex as env separator (brittleness -- the me page and other stuff este/este#288)
• 16667be Argv store separator (Add service worker example este/este#291)
• bac910a 0.9.1
• 2bdf7e1 Clean Argv Store options (Localhost replaced by 0.0.0.0, then the dev mode works even from remote machines. este/este#290)
• b9321b2 transformer can now return an undefined key (Asserts este/este#289)
• 81ce0be Update changelog
• b1ee63c fix error in transform function when dealing with dropped entries (CDN este/este#287)
• 9f70ba1 [doc] Update changelog
• 8afcf99 [dist] Version bump. 0.9.0
• b41c505 Save conf to dedicated file (Strange validation bug when navigating to Me page este/este#283)
• 52e0a35 Update changelog
• fa215a4 add tests for the normal configuration of yargs via argv
• 802a8d6 test for yargs custom instance (more flexible check isYargs)
• 3e26bb2 Add posibility to pass a yargs instance to argv() method
• 856fdf8 First pass at transform functions (Wait for new react-router api, consider putting router state into global app state este/este#279)
• b9c345b Fix `parseValues` option name
• 35088a3 Added nconf.any method (REPL for Este in developer toolbar este/este#278)
• ca10d0e Add basic linting rules
• bfb0220 Remove unused module (Use destructuring assignment for props in render methods este/este#277)

See the full diff

Package name: react-native-vector-icons

The new version differs by 213 commits.

• b4fdc6b Release 6.7.0
• 459abaf Upgrade IonIcons to v5.0.1. (ChatX este/este#1176)
• 39e0276 Update MaterialCommunityIcons to 5.3.45 (Update eslint-plugin-jsx-a11y to version 3.0.0 🚀 este/este#1184)
• 9e9bae9 Add Fontisto to README ([email protected] breaks build 🚨 este/este#1161)
• 2093210 Support autolinking when downloading FontAwesome5 Pro fonts (Update validator to version 6.0.0 🚀 este/este#1166)
• b4fb744 Update FontAwesome 5 to 5.13.0 (PR for eslint-plugin-flowtype-errors este/este#1165)
• 14bbe2a docs: update document url (Persist browser scroll position for React Router 4 este/este#1146)
• bfe8c9d Update BUILDING_FEATHER.md (Minimize react-router-scroll footprint este/este#1152)
• f6f3c38 remove `rnpm` instructions from README (gulp favicon generates eslint-incompatible file este/este#1130)
• 2176214 Fix wrong link in CONTRIBUTING.md (Universal routing este/este#1143)
• 7e77b89 Add getImageSourceSync method (Small refactorings here and there este/este#1138)
• d0d6fbd Load Android Gradle Plugin conditionally (npm este este/este#1129)
• 4f976d9 Toolbar android import from react-native-community/toolbar-android (Using react-with-styles? este/este#1133)
• 33c6539 Removed depcreated rnpm (New inline login form doesn't remember email and name este/este#1122)
• 1a02aa4 Enable sponsor button
• 6c3bc80 Bump dependencies
• c1638d4 Bump IconExplorer to RN 0.61.5
• 272625b Use object destructuring in Icon templates ([email protected] breaks build 🚨 este/este#1049)
• 49a6704 Generate font directory from source files (Traditional build: is it possible? este/este#1101)
• 73f9b17 Directory design (firebase auth not working in react-native when remote debugging is on este/este#1059)
• a1f4244 Update README.md (Update flow-bin to version 0.31.0 🚀 este/este#1093)
• ac77dd0 Bump IconExplorer to RN 0.60
• fd40b6e Bump babel and preset
• 196369c Bump eslint and plugins

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request #6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request #6452 from webpack/update_acorn
• 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request #6561 from joshunger/patch-1
• 6e175bc Merge pull request #6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request #6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Package name: webpack-hot-middleware

The new version differs by 154 commits.

• e140693 2.25.1
• 3d5018a Merge pull request Tests should be side by files este/este#413 from nttibbetts/replace-ansi-html
• 90551e5 use public npm registry, not private one
• adeeade fix: replace ansi-html with ansi-html-community to fix vulnerability
• f0ffa4c Resolve weird desync in package lock
• 0f5e3e9 Use old-style require syntax to keep the linter happy
• aa38d42 Bump ansi/html encoding deps
• 2c31df1 Bump example dependencies
• d156bbc Simplify CI setup
• 0635d00 Replace istanbul with nyc
• 04fa8c8 Apply prettier formatting updates
• b81cfd5 Update eslint and prettier
• c98216a Upgrade test dependencies
• cb29abb 2.25.0
• bbffbe6 Merge branch 'master' of github.com:webpack-contrib/webpack-hot-middleware
• 82dd483 Merge pull request Rename Flux decorator to flux este/este#360 from jimblue/master
• e2b49ff improved client overlay style
• c430265 2.24.4
• fe33d59 Merge pull request este-bare este/este#355 from okcoker/ansi-color-fix
• 331ad96 Merge branch 'master' into ansi-color-fix
• f6609e4 Bump deps to sort audit out
• e605d10 Fix ansi colors
• 036bf30 Merge pull request Describe workflow needed to create new feature este/este#354 from Hacksign/master
• f2b477d Resolve Code under example folder do not work. webpack-contrib/webpack-hot-middleware#353

See the full diff

Package name: yargs

The new version differs by 250 commits.

• aa09faf chore: release 15.0.1 (Watchman was not found in PATH este/este#1480)
• 6a9ebe2 fix(deps): cliui, find-up, and string-width, all drop Node 6 support (rework intl este/este#1479)
• 5cc2b5e chore: release 15.0.0 (Deployment este/este#1462)
• 62a114a force build
• 1840ba2 feat: expose `Parser` from `require('yargs/yargs')` (Put back React Native este/este#1477)
• afd5b48 fix(docs): update boolean description and examples in docs (6s or 7s time offset for createdAt and updatedAt  este/este#1474)
• c10c38c feat(deps)!: yargs-parser now throws on invalid combinations of config (Relay 1.5 este/este#1470)
• 0cba424 build: switch to release-please for releases (Remove Relay libdefs workaround este/este#1471)
• 445bc58 chore: update engines to note Node 6 is dropped (Remove graphql dependency fix este/este#1469)
• 52d875a test: add additional test for 1459
• 12c82e6 fix: stop-parse was not being respected by commands (Track client / server errors este/este#1459)
• b4812ac test: add tests for argsert warning to display positional information (Next.js 5 este/este#1468)
• 10f10ee test: cover missing filter arg in obj-filter (Transpile server or not este/este#1467)
• cb0396f build: switch to c8 for coverage (Fok of use own DB in readme este/este#1464)
• ebee59d fix!: update to yargs-parser with fix for array default values (Use new React Context este/este#1463)
• 5120aec test: adds missing array choice regression test (Rethink /graphcool dir structure este/este#1447)
• 2ba8ce0 chore!: drop Node 6 support (prisma dev, stage, production este/este#1461)
• cb64329 build: configure release-please
• 0d3642b refactor!: remove package.json-based parserConfiguration (Add "Donate in Bitcoin, just write me an email..." in readme este/este#1460)
• 9adf22e doc(webpack): webpack example (Validate json schemas este/este#1436)
• 7e1c8fc Add missing french translation (relay:watch este/este#1456)
• b1b156a fix(docs): TypeScript import to prevent a future major release warning (Please change your repo description este/este#1441)
• bc3c4d1 chore(release): 14.2.0
• 4d21520 feat(deps): introduce yargs-parser with support for unknown-options-as-args (graph.cool RC1 este/este#1440)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic