[Snyk] Fix for 1 vulnerabilities

[ryanoolala]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: prompt

The new version differs by 33 commits.

• fbf6dac 1.2.0
• fef3933 Move off abandoned utile dependency Bump sockjs from 0.3.19 to 0.3.21 OpenZeppelin/ethernaut#213
• 33febea add eslint
• c071b85 Merge pull request Requesting new level instance does not populate contract var OpenZeppelin/ethernaut#198 from caub/1.1
• 88c403e 1.1.0
• 756fa65 Fix inconsistent options.noHandleSIGINT for windows
• 8d5495c Merge pull request Bump lodash-es from 4.17.11 to 4.17.20 OpenZeppelin/ethernaut#196 from caub/promisify
• 33ddf56 prompt.get promise: add test, update readme
• b92a9a9 promisify prompt.get
• 0ff93b6 Merge pull request Bump lodash-es from 4.17.11 to 4.17.15 OpenZeppelin/ethernaut#184 from dsych/windows-sigint
• 9e80863 triggering sigint on windows
• 1c95d1d Merge pull request Fix issue170 OpenZeppelin/ethernaut#171 from blahah/master
• 65ac6e2 Merge pull request Fix issue170 for solidity04 OpenZeppelin/ethernaut#172 from Shank09/Shank09-package.json
• d03edd0 Added missing keywords in package.json
• df42a26 Respect falsy overrides (fixes Update to solidity 0.5 OpenZeppelin/ethernaut#151)
• b732102 Merge pull request Bump lodash from 4.17.11 to 4.17.19 OpenZeppelin/ethernaut#169 from jordanyaker/master
• 6ebf54a Removed the pkginfo dependency. Updated the required version of winston.
• 7d1a28f Removed the pkginfo dependency.
• d550674 Merge pull request Fix event filtering when syncing player progress OpenZeppelin/ethernaut#163 from Eagerod/fixer/add-properties
• 9b5f65b Added a test addProperties() with no parameters.
• fb83773 Fixed an issue where the first parameter in a callback would not be the
• e7b5449 Merge pull request Upgrade from Ropsten test network OpenZeppelin/ethernaut#121 from rubbingalcoholic/master
• e493cb8 Merge pull request Solidity 0.5 Version: MaxListenersExceededWarning OpenZeppelin/ethernaut#153 from devrelm/devrelm.function-defaults
• 3046431 Merge pull request Solidity 0.5 Version: Shop - Out of gas OpenZeppelin/ethernaut#156 from littleguga/master

See the full diff

Package name: truffle

The new version differs by 250 commits.

• 29e9e55 Publish
• 155a076 Merge pull request #2064 from trufflesuite/bug/contract-schema-tuples
• 9fba1f7 Merge pull request #2054 from trufflesuite/remove-callback
• c209b53 add conditional support for a tuple parameter
• 2ec6bee update ajv to use json schema draft 07
• 0911ba7 Merge branch 'develop' of github.com:trufflesuite/truffle into remove-callback
• cadba21 Merge pull request #2056 from trufflesuite/bug-migrations-in-test
• 300a8ca Merge pull request #2042 from trufflesuite/wrapper-solc
• dfe5d02 bump postinstall default solc to 0.5.8
• a460bcf Merge pull request #2062 from trufflesuite/return-status
• b2111f7 Rename "matches" variables
• d5b6543 await and pass web3 to truffle-deployer test
• cc09d0c bump travis solc obtain version
• 5f0b5dd Adapt interpreter and tests to new status selector
• f69c947 bump default solc to 0.5.8
• 2ce2482 updated yarn.lock
• 5dd4204 rm truffle-solc-wrapper dep
• 5cd23bc Account for exceptional halts from normal halting instructions
• 2dab6c8 use solc/wrapper
• fc7742d add solc-js back as truffle-compile dep
• 9964d37 Merge pull request #2053 from trufflesuite/vyper-compilation-source
• 176a8eb Check to see if the migrations folder exists and whether it has files before running migrations
• 5bba3ee Merge branch 'develop' of github.com:trufflesuite/truffle into remove-callback
• c427f08 Rename lICENSE to LICENSE

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Vulnerable Libraries (2)

Severity	Details
Critical	pkg:npm/[email protected] upgrade to: > 5.0.20
Critical	pkg:npm/[email protected] upgrade to: > 1.2.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.