[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change
	Regular Expression Denial of Service (ReDoS) SNYK-JS-STYLELINT-460283	Yes
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes
	Cross-site Scripting (XSS) npm:preact-render-to-string:20180802	No

Commit messages

Package name: preact-render-to-string

The new version differs by 14 commits.

• 1a30900 3.7.2
• 49d46dd Add tests for element name protection
• 5964a5c Also sanitize nodeName.
• 725f9e4 3.7.1
• cc4fa60 Patch attribute name vulnerability.
• 8ac9a63 ignore package-lock
• 106325d 3.7.0
• 2828f24 Fix {nodeName:undefined} rendering [object Object] (fixes #38) (#47)
• aa18e65 Fix dangerouslySetInnerHTML in JSX mode (Fixes #42) (#46)
• 3177a48 Skip `true` values as Preact does (#48)
• 6ce1519 Correct & simplify component name detection (Fixes #44) (#45)
• ae045b0 Fix babel presets (fixes #35)
• 393c799 New: add TypeScript definitions (#39)
• 0b50eaa Fix jsx renderer double closing elements (#36)

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 15d2082 11.0.0
• 2415b00 Prepare 11.0.0
• 946ecca Prepare changelog
• 0e3f4e2 Enable strict warnings count check for tests (#4231)
• 9707b64 Update CHANGELOG.md
• 94b1f05 Deprecate createRuleTester API (#4279)
• d252da5 Update CHANGELOG.md
• 3a2bc4b Add ignoreSelectors option to property-no-unknown (#4275)
• d09a1c0 Update CHANGELOG.md
• cf87467 Evaluated logical combinations pseudo-classes in selector-max-universal separately (#4263)
• 152b470 Update CHANGELOG.md
• 0858782 Fix *-max-empty-lines to only report one violation per function, selector, value list (#4260)
• 2c5bcb6 Small package loading improvements (#4278)
• bd51e6e Improve property-no-unknown performance (#4277)
• 32d8325 Add v8-compile-cache to improve load times (#4272)
• 1d6e2a9 Add SECURITY.md (#4222)
• 53be672 Explicitly specify syntax module name (#4268)
• 7ec1952 Update CHANGELOG.md
• 862b44f Add --reportInvalidScopeDisables CLI flag (#4181)
• eedb076 Lazy load table dependency (#4266)
• 37081c2 Update CHANGELOG.md
• cb7649b Add autofix to selector-pseudo-element-case (#3672)
• d8759af Add missing configuration to Dependabot config (#4258)
• 60a4b8c Check all reported warnings in tests (#4256)

See the full diff

With a Snyk patch:

Severity	Issue
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[coveralls]

Coverage remained the same at 100.0% when pulling 74c8d35 on snyk-fix-cda0036e283863ade8e8632237ce2d59 into e8a04b2 on master.