[Snyk] Fix for 16 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	No Known Exploit
	566/1000 Why? Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) npm:react:20150318	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 250 commits.

• 5b5d543 v2.25.0
• 900e23e chore: package-lock files
• 92bf7d8 Merge branch '1431-fix-host-bind'
• 5ba14b2 v2.25.0-alpha.0
• 7c0ad4e lerna: initial version
• c108af8 lerna: more path updates
• 4ac3a49 lerna: updated more stuff since the move to lerna
• c2db878 Ensure 'build-all' works in all packages
• d6198f9 lerna: bring in server/client/ui
• 325c775 lerna: add browser-sync-ui
• 9cd5c2d adding lerna
• a0b2e56 adding 'listen' param
• d641916 feature: adding 'listen' option to restrict binding of interfaces
• ef12e9a chore: change API of option transforms
• cf0febd docs: emphasize a coupld of points - fixes #1461
• 16487ad docs: added additional note about httpModule option - fixes #1485
• b7f664e Merge pull request #1593 from raux/master
• 58240c6 Merge pull request #1602 from adamjaffeback/fix/localtunnelAudit#1587
• 27f2173 deps: npm audit for localtunnel - fixes #1587
• 8c28e8c 2.24.7
• 9e96603 fix: scroll - add missing init method for window.name method of scroll restoring - fixes #1586 #1457 #1457
• 48286e0 fix: proxy Port gets unnecesarily rewritten in Proxy - fixes #1577
• a6578a3 deps: easy-extender@2.3.4 cypress@3.1.0 supertest@3.1.0
• ef6bfa5 Merge pull request #1582 from strarsis/patch-1

See the full diff

Package name: gulp-lintspaces

The new version differs by 15 commits.

• b703581 Merge pull request [Snyk] Security upgrade browser-sync from 2.9.1 to 2.26.9 #14 from jared-thompson/master
• 8760d9e gulp-util to ansi-colors and plugin-error
• 37c39f5 Update gulpfile.js
• 439993c Update index.js
• 9f288db 0.5.0
• b2540da Merge pull request [Snyk] Fix for 1 vulnerabilities #12 from ferlores/patch-1
• 67e2a72 Fixes markdown
• 00d0718 Adds maintenance notice
• 83c16a4 Update lintspace dependency to latest
• 9b1bf75 0.4.1
• a6ddc4e Merge pull request [Snyk] Fix for 1 vulnerabilities #9 from evilebottnawi/patch-1
• 7aa7d5d bug with option
• 4242a40 0.4.0
• e1de1ff Merge pull request [Snyk] Fix for 1 vulnerabilities #8 from SparkartGroupInc/improve-reporter
• 22392b9 improve reporter

See the full diff

Package name: imagemin-cli

The new version differs by 28 commits.

• 975d133 6.0.0
• f7af461 Test on Node.js 14 ([Snyk] Fix for 1 vulnerabilities #27)
• fa6be3a Chore/tweaks ([Snyk] Fix for 1 vulnerabilities #26)
• 58c64b0 Update meow to 7.0.1 ([Snyk] Fix for 1 vulnerabilities #25)
• 21d7144 5.1.0
• a107004 Meta tweaks
• 615f664 Add plugin options handling ([Snyk] Security upgrade browser-sync from 2.9.1 to 2.26.14 #23)
• a353f45 Tidelift tasks
• e176546 Add Gumlet as sponsor
• 1ef4a26 5.0.0
• b6b5e1e Require Node.js 8
• 63d6ac3 4.0.1
• 9a65c71 Fix the flag handling
• 6cf0501 Update dev dependencies
• a8ac3e2 4.0.0
• d1c323c Require Node.js 6 ([Snyk] Fix for 1 vulnerabilities #18)
• 1f0fc11 Update imagemin deps and fix new linting errors ([Snyk] Security upgrade browser-sync from 2.9.1 to 2.25.0 #17)
• 9c31475 Fix failing tests and linting errors ([Snyk] Fix for 1 vulnerabilities #16)
• 2ad2365 Minor grammatical fix ([Snyk] Security upgrade browser-sync from 2.9.1 to 2.26.9 #14)
• c80160d Tweak tests
• 9300532 3.0.0
• f75b4c7 Add `process-exit-as-throw` rule ([Snyk] Fix for 1 vulnerabilities #8)
• 0483df1 Don't write to stdout if no files exists
• 09ccff7 Show error when trying to write multiple files to `stdout` ([Snyk] Fix for 1 vulnerabilities #9)

See the full diff

Package name: theo

The new version differs by 21 commits.

• 4e4d0bd 4.2.1
• 739f095 _.merge =>_.assign
• 9ac1e74 Merge pull request Rows in generic tile are misaligned if <p class="slds-truncate"> is empty salesforce-ux/design-system#51 from salesforce-ux/node42
• fdf22a2 Also test in earlier versions of node
• a9006e3 Test on Node 4.2
• 8cfe1d0 Specify the node engine
• a909b06 Merge pull request Grid manual sizing not working with slds-grid--vertical salesforce-ux/design-system#49 from salesforce-ux/feature/upgrade
• 5563d1c Fix dependency name on case sensitive systems
• de43f89 Run tests on node 6
• 195e423 Update dependencies
• 1c855f0 Fix whitespace, typos and markup
• b8106d4 Merge pull request Unable to show content just for x-small and small form factor salesforce-ux/design-system#48 from salesforce-ux/feature/spring-cleaning-and-upgrade
• 37d16f4 Fix whitespace, typos and markup
• d27430c Rename properties in tokens
• e99b778 Add editorconfig
• e214f8c Point to the latest version of the CLA
• 47f4324 Ignore log files
• 19e8714 Fixed URL to https://github.com/salesforce-ux/design-system/blob/winter-16/Salesforce_CLA.pdf
• e50ddf7 Adding contribution instruciton readme from legal.
• 31e7980 Remove "cssProperties" string parsing
• 8b60c29 Added "aura.tokens" format

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic