[Snyk] Fix for 19 vulnerabilities

[Wullee]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babelify

The new version differs by 6 commits.

• b06b778 8.0.0
• ea73917 Remove path-is-absolute devDep
• 02f97ec drop node 0.10/0.12, add peerDep on babel-core instead of dep, drop object-assign, add package-lock
• 6d45fa8 Explicitly test Node 4, 5 and 6 in travis
• 9944a55 Explain the double negatives a bit better (Rewrite Paper Wallet (to not use jquery & use angular) MyEtherWallet/etherwallet#197)
• d9e3029 babelify in quotes in example (Update global ETH / ETC / Token balances MyEtherWallet/etherwallet#198)

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (Manual gas limits for upcoming _ token MyEtherWallet/etherwallet#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md ([Network] Add Musicoin support MyEtherWallet/etherwallet#1859)
• 723cbc4 Docs: Fix syntax in recipe example (merge previous work MyEtherWallet/etherwallet#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (I withdrew my POA from Binance on to myetherwallet because I thought it was a ERC20 Tooken MyEtherWallet/etherwallet#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (add LND token MyEtherWallet/etherwallet#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (problem claiming Callisto MyEtherWallet/etherwallet#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Updated Skraps contract ABI MyEtherWallet/etherwallet#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (ajaxReq is empty function MyEtherWallet/etherwallet#1609)

See the full diff

Package name: gulp-autoprefixer

The new version differs by 21 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (updated input width and removed watch-var from icon MyEtherWallet/etherwallet#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` (Rewriting the polish translation MyEtherWallet/etherwallet#92)
• 7828646 Upgrade to Autoprefixer 8 (When decrypting new JSON/Keystore file, the page doesn't update with new wallet's info or update existing wallet's info. MyEtherWallet/etherwallet#96)
• d008588 4.1.0
• 27816c3 Meta tweaks
• 94f3447 Drop dependency on deprecated gulp-util (Fix broken translate attributes MyEtherWallet/etherwallet#94)
• 60aead3 Test against Node.js v8 (Update de.js MyEtherWallet/etherwallet#90)

See the full diff

Package name: gulp-clean

The new version differs by 2 commits.

• 1b2503e Merge pull request [Snyk] Security upgrade npm from 4.6.1 to 5.10.0 #30 from kuangyeheng/pl
• d83c56a remove gulp-util

See the full diff

Package name: gulp-file-include

The new version differs by 12 commits.

• 5897e85 v2.0.1
• 07cc720 Replace hardcoded newline character in test
• c4b0bbf Drop dependency on deprecated `gulp-util`
• 9c84c87 v2.0.0
• 88853d1 lint
• 7f771cb lint
• a52b855 chore - use eslint, remove jscs
• 1510106 chore - update travis, add npmrc
• 5a5f9ca Update applyFilters method to look for filter handler options (Initial update ja.js MyEtherWallet/etherwallet#146)
• 6251797 v1.2.0
• 699a95e chore: add gitignore, bump deps, travis++
• 79b56f5 improved error messages for "for" and "if" statements (Missing translation summary MyEtherWallet/etherwallet#143)

See the full diff

Package name: gulp-less

The new version differs by 6 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support less@3.0.0 - closes Update params in keystore files to be more consistent with geth and parity and/or change to use pbkdf2 MyEtherWallet/etherwallet#269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (Create Embedded Send Page MyEtherWallet/etherwallet#281)
• 9f9e643 3.4.0
• f58e0f7 Remove gulp-util

See the full diff

Package name: gulp-notify

The new version differs by 7 commits.

• 398d0a4 v3.1.0
• fc51ff2 Merge pull request update consistancy MyEtherWallet/etherwallet#124 from ohbarye/replace-gulp-util
• 46efdc6 Move vinyl to devDependencies
• 173fcb0 Use ansi-colors instead of chalk due to node version compatibility
• 1e8c372 Remove unused through import
• 3284a51 Drop dependency on deprecated gulp-util
• 455250c npm install chalk fancy-log plugin-error lodash.template vinyl

See the full diff

Package name: gulp-plumber

The new version differs by 4 commits.

• b91f934 1.2.0
• c80d68e Merge pull request [Snyk] Fix for 18 vulnerabilities #54 from demurgos/issue-53
• 310cd31 Drop dependency on deprecated gulp-util
• ba3d6e4 improve errorHandler docs

See the full diff

Package name: gulp-template

The new version differs by 3 commits.

• 55805ee 5.0.0
• 229b21c Require Node.js 4
• 4939d79 Drop dependency on deprecated `gulp-util` ([Snyk] Security upgrade gulp-clean from 0.3.2 to 0.4.0 #42)

See the full diff

Package name: gulp-zip

The new version differs by 4 commits.

• d4d4931 4.1.0
• cef68d8 Meta tweaks
• 3cb988d Remove gulp-utils module dependency (Update tr.js MyEtherWallet/etherwallet#100)
• ba39ef6 Remove moot eslint-disable comment

See the full diff

Package name: npm

The new version differs by 250 commits.

• 3b4ba65 7.0.0
• bbfc75d chore: fix weird .gitignore thing that happened somehow
• 8a2d375 docs: changelog for v7.0.0
• 365f2e7 read-package-json@3.0.0
• fafb348 npm-package-arg@8.1.0
• 9306c68 libnpmfund@1.0.1
• 569cd64 libnpmfund@1.0.0
• ac9fde7 Integration code for @ npmcli/arborist@1.0.0
• 704b9cd @ npmcli/arborist@1.0.0
• 3955bb9 hosted-git-info@3.0.6
• da240ef fix: patch config.js to remove duplicate values
• 9ae45a8 init-package-json@2.0.0
• 41ab36d eslint@7.11.0
• c474a15 npm-registry-fetch@8.1.5
• efc6786 fix: make sure publishConfig is passed through
• 1e4e6e9 docs: v7 using npm config refresh
• 5c1c2da fix: init config aliases
• 5bc7eb2 docs: v7 npm-install refresh
• 1a35d87 7.0.0-rc.4
• 7a5a557 docs: changelog for v7.0.0-rc.4
• f0cf859 chore: dedupe deps
• 0273745 make-fetch-happen@8.0.10
• 7bd47ca @ npmcli/arborist@0.0.33
• 9320b8e only escape arguments, not the command name

See the full diff

Package name: run-sequence

The new version differs by 15 commits.

• 31103da 2.2.1
• 209e46c Drop dependency on deprecated `gulp-util` (Update tr.js MyEtherWallet/etherwallet#100)
• 37e17be 2.2.0
• c450122 Changelog, cleanup for orchestration events change
• 2155560 handle orchestration aborted events (Update no.js MyEtherWallet/etherwallet#97)
• 066b8c6 2.1.0
• dada3f4 Added date to v1 in changelog
• f2b1635 Added options, code cleanup
• 578d017 Added a changelog, Closes Update 1 - Navigation & General MyEtherWallet/etherwallet#82
• 9fd7783 2.0.0
• d80ddf5 Specify chalk version (Polish Patch  MyEtherWallet/etherwallet#89)
• 59515cf Fixed typo
• 7e263af Ignore yarn lock when publishing
• b83cc34 Adding Yarn lockfile
• ee04d48 Added modern node versions to travis ci (Translated some lines into German MyEtherWallet/etherwallet#73)

See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn