[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: mocha

The new version differs by 107 commits.

• e8cda73 Release v3.0.0
• 4944e31 rebuild mocha.js
• 16762d1 fix bad merge of karma.conf.js
• 2f9a409 add note about spec reporter to CHANGELOG.md [ci skip]
• 7c0284b fixed typo in mocha.css introduced by 185c0d902e272216232630fe4e2577268456dd9a [ci skip]
• 8741506 Remove carriage return before each test line in spec reporter. Served no purpose
• 309b8f2 add "logo" field to package.json [ci skip]
• 740a511 fix incorrect executable name with new version of commander
• 0e2e49b add bower.json to published package for npmcdn support [ci skip]
• d367bc7 fix broken/wrong URLs in CHANGELOG.md [ci skip]
• 6184529 Release v3.0.0-2
• 4b4009b rebuild mocha.js
• 15c344c add browser-stdout to dependencies
• e3ab4ec update CHANGELOG [ci skip]
• 0cd9dc9 let child suites run if parent is exclusive; closes #2378 (#2387)
• f0b184e Upgrade eslint package to 2.13 version (#2389)
• cab1e43 markdown fixes for CHANGELOG.md [ci skip]
• d0d5e50 fix bad reference to to-iso-string in test
• 517020b suppress warning about .eslintignore when running ESLint
• 08a6ccf copy to-iso-string; closes #2378
• 74940ef added changes to CHANGELOG.md [ci skip]
• bf216d5 tweak wording on "overspecification" exception
• 3a3a699 wip CHANGELOG update
• 5c34451 display executed commands in Makefile for debugging

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic