[Snyk] Fix for 1 vulnerabilities

[lcwj3]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: del

The new version differs by 38 commits.

• cd0543e 6.0.0
• 6c99805 Require Node.js 10
• 1df5280 Readme tweaks
• 4acd962 Add tip about deleting subdirectories (CPD-1653: Added f-logger changes to GBF, Updated unit tests to cover … justeat/gulp-build-fozzie#116)
• 1a0c36c Add mention of GitHub Sponsors
• 1e0d705 Tidelift tasks
• 892ce2a Make it clear that it recursively deletes directories (SVGO needs adjusting so that it doesn't remove Viewbox property when minified justeat/gulp-build-fozzie#113)
• 728cb7c Fix benchmark
• 557c1fa 5.1.0
• 12c443d Meta tweaks
• 01da91f Allow non-glob patterns with backslash on Windows (Images are not being copied to the docs/dist directory when running gulp docs justeat/gulp-build-fozzie#100)
• 9c72270 Add benchmarks (v6.4.0 - Apply revision identifier to CSS filename justeat/gulp-build-fozzie#101)
• 1299747 Use graceful-fs (v7.5.0 — Fix the way that arguments are combined when calling jestTestRun. justeat/gulp-build-fozzie#108)
• f509a89 Update dependencies (v7.6.0 — Updated f-copy-assets module. justeat/gulp-build-fozzie#109)
• ca05c65 Sort removed files (v6.5.0 - output unhashed, minified JS file justeat/gulp-build-fozzie#102)
• 51662ac Reverse order back for the returned paths (minified css file name - always hash value appended justeat/gulp-build-fozzie#99)
• 902b594 Meta tweaks
• ffbf4c4 Fix the `cwd` option (v6.2.0 justeat/gulp-build-fozzie#96)
• 8efdbcd Prevent race condition on macOS when deleting files (Browsersync not correctly reloading files justeat/gulp-build-fozzie#95)
• 9e7550b Add note about backward-slashes
• c071180 5.0.0
• a73462c Meta tweaks
• 6f96d2d Update globby to version 10 (Add node v8 to Travis config. justeat/gulp-build-fozzie#64)
• 6e23f6a Tidelift tasks

See the full diff

Package name: eslint

The new version differs by 250 commits.

• a7985a6 6.0.0
• be74dd9 Build: changelog update for 6.0.0
• 81aa06b Upgrade: espree@6.0.0 (#11869)
• 5f022bc Fix: no-else-return autofix produces name collisions (fixes #11069) (#11867)
• ded9548 Fix: multiline-comment-style incorrect message (#11864)
• cad074d Docs: Add JSHint W047 compat to no-floating-decimal (#11861)
• 41f6304 Upgrade: sinon (#11855)
• 167ce87 Chore: remove unuseable profile command (#11854)
• c844c6f Fix: max-len properly ignore trailing comments (fixes #11838) (#11841)
• 1b5661a Fix: no-var should not fix variables named 'let' (fixes #11830) (#11832)
• 4d75956 Build: CI with Azure Pipelines (#11845)
• 1db3462 Chore: rm superfluous argument & fix perf-multifiles-targets (#11834)
• c57a4a4 Upgrade: @ babel/polyfill => core-js v3 (#11833)
• 65faa04 Docs: Clarify prefer-destructuring array/object difference (fixes #9970) (#11851)
• 81c3823 Fix: require-atomic-updates reports parameters (fixes #11723) (#11774)
• aef8ea1 Sponsors: Sync README with website
• 4f48f5a 6.0.0-rc.0
• 6bad650 Build: changelog update for 6.0.0-rc.0
• f403b07 Update: introduce minKeys option to sort-keys rule (fixes #11624) (#11625)
• 87451f4 Fix: no-octal should report NonOctalDecimalIntegerLiteral (fixes #11794) (#11805)
• e4ab053 Update: support "bigint" in valid-typeof rule (#11802)
• e0fafc8 Chore: removes unnecessary assignment in loop (#11780)
• 20908a3 Docs: removed '>' prefix from from docs/working-with-rules (#11818)
• 1c43eef Sponsors: Sync README with website

See the full diff

Package name: eyeglass

The new version differs by 250 commits.

• 6b06179 Publish
• 77b3f43 Add yarn back to the package dev dependencies.
• 9ee991e Updates to broccoli-eyeglass to support dart-sass.
• c07029d Update CHANGELOG files for broccoli and ember-cli.
• 9617614 README updates for 2.5 and 3.0.
• 6e1d933 dart-sass support ([Snyk] Security upgrade gulp from 4.0.2 to 5.0.0 justeat/gulp-build-fozzie#247)
• d9b1844 Don't test against node 8 anymore.
• 228b167 chore: Refactor eyeglass version lookup to a utility.
• 7b7fd25 chore: Remove deprecated assets APIs.
• c63656c chore: Remove obsolete test case.
• e1741d2 chore: Remove deprecated API Eyeglass#enableImportOnce.
• 6ab4f9b chore: Remove deprecated sass engine argument from Eyeglass constructor.
• 1ecd85f Deprecated options will now cause an error.
• 57d33b0 chore: Remove deprecated sassOptions() method.
• 5b89784 Enable esModuleInterop for all packages.
• 0935d09 chore: Pin node and yarn versions in remaining packages.
• f9e5e57 chore: Emit typescript output for node 10+.
• b784582 feat: Officially drop support for node 6, 8, and 11.
• 8334e0e fix: Remove deprecation warning and emit errors instead for version conflicts when strictModuleVersions is set.
• cc00552 docs: Note duplicate modules change in the CHANGELOG.
• 521f485 Merge branch 'ignore-duplicate-modules' into release-3.0
• 9d9500a fix: Don't add manual modules if they already exist.
• 1a537a1 Don't even try to install deasync.
• 7664351 docs: CHANGELOG entry for deasync removal.

See the full diff

Package name: glob

The new version differs by 114 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d minimatch@7.3.0
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd minimatch@7.2.0
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: gulp-eslint

The new version differs by 5 commits.

• 5dd78fa 6.0.0
• a35a203 Upgrade to ESLint 6 ([Snyk] Security upgrade @babel/preset-env from 7.20.2 to 7.22.0 justeat/gulp-build-fozzie#235)
• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (Testing, please ignore. (blsbja) justeat/gulp-build-fozzie#224)

See the full diff

Package name: gulp-imagemin

The new version differs by 35 commits.

• 2f7ecc9 8.0.0
• 1b4baf6 Require Node.js 12.20 and move to ESM
• ed39463 Move to GitHub Actions (#351)
• 8b40da0 Update readme lossless note (#346)
• 1cbb7c5 7.1.0
• 67cceb3 Update `imagemin-gifsicle` optional dependency
• 97432ea 7.0.0
• aacca91 Require Node.js 10
• 279a91b Replace jpegtran with mozjpeg (#336)
• f4a2255 6.2.0
• 0460c78 Add `silent` option (#331)
• dfdba76 6.1.1
• 165bf8b Make Gulp an optional peer dependency
• 6c35e59 6.1.0
• 92e224a Update dependencies
• 97cd1c3 6.0.0
• 6e091ed Require Node.js 8
• c1c3346 Create funding.yml
• 8e731f0 5.0.3
• 3e68bd4 Fix another regression of b57f1d6 (#318)
• 3ad32ab 5.0.2
• c7170ba Fix another regression in b57f1d6
• 51bb2ad 5.0.1
• 821dc8a Fix regression in b57f1d6 (#316)

See the full diff

Package name: gulp-sass

The new version differs by 28 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options
• 0b3c7e7 4.0.1
• daca90d Merge pull request #681 from DKvistgaard/master
• 71471c2 Declaring logError as function instead of arrow function.
• 450a7b8 4.0.0
• e9b1fe8 Fix node versions in appveyor.yml
• 44be409 Merge pull request #667 from dlmanning/next
• 7656eff Adopt airbnb eslint preset
• 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
• 9fa817b Bump gulp-sourcemaps@^2.6.4

See the full diff

Package name: postcss-assets

The new version differs by 22 commits.

• 6afee36 Merge branch 'release/6.0.0' into develop
• b820487 Bump the version to 6.0.0
• 08c5016 Merge pull request Update postcss-assets to the latest version 🚀 justeat/gulp-build-fozzie#87 from onigoetz/develop
• 7aa58a0 Update appveyor configuration
• 40a71aa Update to PostCSS 8
• 29b1b0f Merge pull request Fix bug in copy:assets where task callback was called multiple times justeat/gulp-build-fozzie#84 from borodean/feature/ci-update
• e164624 Migrate the logo to jsDelivr and use the master branch
• e6fedf8 Update CI and badge URLs
• 8456393 Merge pull request Added Docs tasks. justeat/gulp-build-fozzie#78 from UziTech/UziTech-cachebuster-docs
• 0375617 include cachebuster example input
• 248868c Merge tag '5.0.0' into develop
• 16bbee9 Merge branch 'release/5.0.0'
• 96e8c22 Bump the version to 5.0.0
• b59163a Merge pull request v4.5.0 - Housework justeat/gulp-build-fozzie#72 from borodean/feature/postcss-six
• e66b684 Merge branch 'develop' into feature/postcss-six
• 877cf9a Update dependencies
• 97f8df1 Make ESLint happy
• a90b41b Update dependencies
• 022fbf6 Merge tag '4.2.0' into develop
• 40d98a8 Drop nodejs 0.12
• c9cfc5d Make ESLint happy
• 43493ee Update dependencies

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 04af9e4 13.0.0
• 704f6a2 Prepare 13.0.0
• 50ba8a9 Reorder changelog
• 1666bba Update devDependencies (#4542)
• 062d298 Reindent nodejs.yml (#4541)
• a24e44a Fix atypical rule README structure (#4537)
• 616ad71 Bump husky from 4.0.3 to 4.0.6 (#4536)
• 5e58ee7 Bump globby from 10.0.2 to 11.0.0 (#4528)
• eaee6a4 Refactor CLI options definition (#4530)
• 6a2ffbd Fix plugin path
• 644b713 Fix Windows path problem
• 1005cbd Add info about invalid syntax in FAQ (#4535)
• 18b1f99 Fix help text indentation (#4531)
• d3c4a9f Update CHANGELOG.md
• 32f67e7 Update CHANGELOG.md
• 04ec577 Bump globby from 10.0.1 to 11.0.0
• d9dbce2 Process multiple spaces in media-feature-parentheses-space-inside (#4513)
• 1dc203e Regenerate package-lock.json (#4517)
• 36bf292 Bump husky from 3.1.0 to 4.0.3 (#4527)
• f5529d5 Bump @ types/micromatch from 3.1.1 to 4.0.0 (#4526)
• a254fd2 Bump got from 10.2.0 to 10.2.1 (#4525)
• f2e9f02 Bump remark-validate-links from 9.0.1 to 9.1.0 (#4524)
• 74d5233 Remove unneeded `@ types/meow` package (#4523)
• cef0b95 Update CHANGELOG.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.