[Snyk] Fix for 1 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 43 commits.

• 0f20099 5.0.0
• 278579f Update README.md
• 11c2f03 Merge pull request Validate status fields mozilla/platform-status#255 from deepsweet/npm-ignore
• 3b5f8f4 include only `index.js` in npm package
• c0f1110 delete `.npmignore`
• f399c89 Merge pull request Automatically check validity of *_ref fields when building mozilla/platform-status#250 from danez/patch-1
• c71392e adjust test to also cover issue Make resolved count reflect the status of the tracking bug mozilla/platform-status#239
• 413b80e 5.0.0-beta10
• 7a038d5 Merge pull request Show 'Complete' if the tracking bug is resolved mozilla/platform-status#246 from babel/escope-patterns
• c80a386 fixup tests
• 36f6638 fix typo
• bd4eee9 check using `__esModule`
• b26bc58 Prevent escope referencer from traversing into param pattern type annotations
• 0d30882 5.0.0-beta9
• 71fadf0 Merge pull request Add Web Speech Synthesis API. Fixes #243 mozilla/platform-status#244 from christophehurpeau/patch-1
• d8ac8f9 fix Add Web Speech Synthesis API to Firefox status mozilla/platform-status#243
• 3dcb32c 5.0.0-beta8
• ac4d3f0 Add a test for use strict and directive ast change
• 937eceb 5.0.0-beta7
• 880dc03 Merge pull request Add Shared Worker API mozilla/platform-status#241 from jmm/rule-strict
• 80f7a48 temporarily remove test
• 04838a2 Add tests for `strict` rule.
• 4a3a35d Merge pull request [email protected] breaks build 🚨 mozilla/platform-status#232 from vaibhavmule/patch-1
• 0cf92d3 update Licenses date

See the full diff

Package name: css-mqpacker

The new version differs by 51 commits.

• a8a67a5 7.0.0
• 78bc71d Update dependencies
• 93ef2ef Merge pull request Link to issues page from frontend for feedback/bug report mozilla/platform-status#63 from jiaming10/fix-spelling
• ff9727e Fix spelling
• 4d8b710 Remove engines field
• 8cb3a32 Cover with istanbul
• 2d31024 Merge pull request Select default platform for color coding (Desktop/FxOS/Android) mozilla/platform-status#59 from subtronic/patch-1
• 8560f9a Update README.md
• 2e73471 Lint
• 686f27c 6.0.2
• 6ff963e Update dependencies
• 9c4a9d5 Pretty
• 2e4e4b5 Merge pull request Subscribe to feature and receive updates mozilla/platform-status#58 from hail2u/sort_zero
• 3b2cbf7 Treat 0 as correct CSS length
• bb449f0 Update dependencies
• 516b5aa Merge pull request Use firefox version to track if something is shipped. mozilla/platform-status#52 from hail2u/nested-media
• 1fc4ffd Test 3 level nesting
• 5f6fe56 Support nested queries
• 8a4b488 Version 6.0.1
• d811f26 Merge pull request show status of tracked bugs, not status of tracker bug mozilla/platform-status#51 from hail2u/issue50
• 47a3b2c Process only direct child of root
• 7b11b59 Version 6.0.0
• 2e67b98 Don’t use deprecated method
• 5acecc9 Update dependencies

See the full diff

Package name: eslint

The new version differs by 250 commits.

• b7d79b1 7.3.0
• bf98627 Build: changelog update for 7.3.0
• 638a6d6 Update: add missing `additionalProperties: false` to some rules' schema (#13198)
• 949a5cd Update: fix operator-linebreak overrides schema (#13199)
• 9e1414e New: Add no-promise-executor-return rule (fixes #12640) (#12648)
• 09cc0a2 Update: max-lines reporting loc improvement (refs #12334) (#13318)
• ee2fc2e Update: object-property-newline end location (refs #12334) (#13399)
• d98152a Update: added empty error array check for false negative (#13200)
• 7fb45cf Fix: clone config before validating (fixes #12592) (#13034)
• aed46f6 Sponsors: Sync README with website
• 7686d7f Update: semi-spacing should check do-while statements (#13358)
• cbd0d00 Update: disallow multiple options in comma-dangle schema (fixes #13165) (#13166)
• b550330 New: Add no-unreachable-loop rule (fixes #12381) (#12660)
• 13999d2 Update: curly should check consequent `if` statements (#12947)
• c42e548 Chore: enable exceptRange option in the yoda rule (#12857)
• 6cfbd03 Update: Drop @ typescript-eslint/eslint-recommended from `eslint --init` (#13340)
• 796f269 Chore: update eslint-config-eslint's required node version (#13379)
• 9d0186e Docs: Fix changelog versions (#13410)
• 1ee3c42 Docs: On maxEOF with eol-last (fixes #12742) (#13374)
• 2a21049 Update: key-spacing loc changes for extra space (refs #12334) (#13362)
• 7ce7988 Chore: Replace the inquirer dependency with enquirer (#13254)
• 0f1f5ed Docs: Add security policy link to README (#13403)
• 9e9ba89 Sponsors: Sync README with website
• ca59fb9 Sponsors: Sync README with website

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-eslint

The new version differs by 60 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (Pluralize header copy text mozilla/platform-status#224)
• a58a58d 4.0.2
• 0880d1a update plugin-error and mocha
• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (fix unbalanced tags in header mozilla/platform-status#213)
• 35eae57 update devDependencies (Remove standardization as a required field. mozilla/platform-status#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (Update eslint-config-airbnb mozilla/platform-status#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (Update eslint-config-airbnb to version 1.0.2 🚀 mozilla/platform-status#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option

See the full diff

Package name: gulp-postcss

The new version differs by 21 commits.

• d1197f8 Release 8.0.0
• 5a70984 Bump the dependencies
• 71265a8 Merge pull request Fix the browser functional test. Update IndexPage mozilla/platform-status#145 from gisu/master
• 31de6e9 Dropped Node 4 Support
• d4f2398 Updated Dependencies
• 3a87a1c Update README.md
• 9166fdb Release 7.0.1
• 0af46f5 Merge pull request Features description cleanup mozilla/platform-status#137 from ohbarye/drop-dependency-on-gulp-util
• 6f15b51 Drop dependency on gulp-util
• 3a1d0df Merge pull request Responsive design for TV mozilla/platform-status#126 from gucong3000/coverage
• 2748681 fix eslint error, add test case
• 355d90b add coverage report
• 2cb352f Release 7.0.0
• 8dd0235 Merge pull request Update babel-core to version 6.1.4 🚀 mozilla/platform-status#116 from postcss/postcss60
• 18e31d8 Use PostCSS 6.0 and drop node 0.12
• 96f6d24 Merge pull request Cache bugzilla queries. mozilla/platform-status#113 from gucong3000/eslint
• 7c5e513 npm install --save-dev [email protected] [email protected]
• 2b319cb fix broke tests for node 0.12
• 4201543 add `eslint`
• dd03625 Merge pull request add Device Orientation mozilla/platform-status#112 from jorrit/patch-1
• 28e20ef Cleanup NPM package

See the full diff

Package name: postcss-cssnext

The new version differs by 11 commits.

• 03b6017 3.0.0
• cf9fb19 Docs: fix chalk update issue
• b7d6ffd Merge pull request [email protected] breaks build ⚠️ mozilla/platform-status#400 from MoOx/postcss6-upgrade
• 1781dc7 Docs: Fix id of overflow wrap property in index (Build on heroku fails with "max number of clients reached" for redis mozilla/platform-status#393)
• 8b99180 Ensure a version of caniuse-db that includes css-image-set (More info in "embedded" feature pages mozilla/platform-status#380)
• db0f0fa Add a warning for custom property sets that are going to be removed + an option to hide the warning
• cc7c864 Change: support node4+ up to 8
• 7bb55c1 chore: add package-lock.json and yarn.lock files
• 20ae74d Change: upgrade to PostCSS 6
• af5f9c1 Change link to custom media queries specification
• 974e40b Fix PR link

See the full diff

Package name: postcss-import

The new version differs by 74 commits.

• aae7db3 12.0.0
• d9bc09f Update eslint-config-i-am-meticulous to version 11.0.0 (Failed to load external module babel-register mozilla/platform-status#371)
• 3868ce2 Update postcss-scss to version 2.0.0 (Fix lint warnings in tests/browserFunctional.js mozilla/platform-status#370)
• 1c40a5f Update prettier to version 1.14.0 (Fix build validation warnings mozilla/platform-status#373)
• 8c8c7ec Update eslint to version 5.0.0 (Run build only once mozilla/platform-status#364)
• 92e38d7 Drop Node 4 from AppVeyor
• 9cd2953 Use PostCSS 7 & drop support for Node.js 4 (redisUnit slightly refactored mozilla/platform-status#372)
• 84d35e2 Update prettier to version 1.13.5 (We're running the build task three times on Travis mozilla/platform-status#363)
• 7127b77 Update eslint-config-i-am-meticulous to version 10.0.0 (current status API mozilla/platform-status#362)
• fcc31b1 Update npmpub to version 4.0.0 (Revert "Add API" mozilla/platform-status#360)
• c62200b Update eslint-config-i-am-meticulous to version 9.0.0 (Update lunr to version 0.7.0 🚀 mozilla/platform-status#361)
• 3d9dc49 Update prettier to version 1.13.0 (Pin to Eslint 2.2.0 until 'estraverse-fb' bug is fixed mozilla/platform-status#357)
• f72bdc2 Update prettier to version 1.12.1 ([email protected] breaks build 🚨 mozilla/platform-status#353)
• 64ffaa2 Update prettier to version 1.12.0 ([email protected] breaks build 🚨 mozilla/platform-status#352)
• af2747d Update prettier to version 1.11.0 (Handle deactivation from server side mozilla/platform-status#346)
• a941757 11.1.0
• 5a99783 Add Filter Parameter (Add support for Firefox footnotes (and add a footnote to OffscreenCanvas) mozilla/platform-status#327)
• 7c863ea Update eslint-config-i-am-meticulous to version 8.0.0 (Frontend for subscribe/unsubscribe mozilla/platform-status#344)
• 78c0832 Update ava to version 0.25.0 (Update Permissions.revoke status mozilla/platform-status#343)
• 2949578 Silence postcss warnings in tests
• d5e0f10 Update .gitignore
• 7ab52b7 Add tests for importing sub-files/directories from npm packages (Use gulp-htmlmin instead of gulp-minify-html (which is deprecated) mozilla/platform-status#337)
• df611c2 Update eslint to version 4.16.0 (Update eslint-related dependencies mozilla/platform-status#336)
• b53e7f5 Update prettier to version 1.10.2 (Consider using the Webkit logo mozilla/platform-status#333)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.