[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-less

The new version differs by 13 commits.

• 9d9e96f chore: update deps, publish v5
• ea13d8a Merge pull request Slugs not editable Gottwik/Enduro#313 from MisterLuffy/master
• 7ce4b9b feat: support less v4
• 1a9d694 Merge pull request Security Vulnerabilities found using npm audit Gottwik/Enduro#314 from stamminator/master
• b1a3e18 Update .travis.yml
• ecacdf7 Fix links after moving repo
• 403b696 4.0.1
• 0678856 Upgrade less version to 3.7.1
• 6114989 Update README.md (Enduro on Kubernetes: Can't Save Changes to CMS Gottwik/Enduro#292)
• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes Version 10 of node.js has been released Gottwik/Enduro#269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (Can't reopen existing project Gottwik/Enduro#281)

See the full diff

Package name: gulp-uglify

The new version differs by 37 commits.

• 76b5b3a fix(package): update files array
• 5d4c4c6 chore(all): refactor unit tests
• f2b779b feat(composer): implement new API for composing deps
• dbbba30 fix(minify): log warnings to gulplog
• 4cc8751 feat(uglify): add support for UglifyJS3
• ad73ab8 chore(pkg): update dependencies, run lint
• 4656fe5 2.1.2
• ba83a45 fix(package): move eslint dependencies to dev
• 3d0f155 2.1.1
• c722ab9 fix(errors): restore file and line info
• da3e18f chore(prettier): setup prettier
• ec8ba54 fix(tests): UglifyJS errors use "message" property
• 6c336ec v2.1.0
• 35c33f1 chore(uglifyjs): loosen uglify-js pin
• 74b6eff 2.0.1
• 832b427 chore(package): update uglify-js to version 2.7.5
• 1bf0f72 docs(README): link to Why Use Pump?
• ccdc482 docs(pump): fix typo
• 5ddafd2 chore(package): update uglify-js to version 2.7.4
• d5801ca chore(greenkeeper): ignore "gulp-sourcemaps" dependency
• 129df84 chore(package.json): update repository field
• 533ee01 fix(package): update uglify-js to version 2.7.3
• 1f2c508 docs(why-use-pump): fix plugin name
• 2829956 docs(README): fix typo

See the full diff

Package name: handlebars

The new version differs by 22 commits.

• 8d22e6f v4.0.12
• 3c970cc Update release notes
• abba3c7 Update release notes
• 4bf1c4f Update release notes
• 41b6a11 Merge branch '4.x' of github.com:wycats/handlebars.js into 4.x
• 2d28f92 bump grunt-plugin-dependencies to 1.x versions
• 29b1744 style: omit linting error caused by removing "if"
• d130ed2 chore: bump various dependencies
• 2145c14 bump grunt-plugin-dependencies to 1.x versions
• 8359722 style: omit linting error caused by removing "if"
• a1d864d chore: bump various dependencies
• 0ddff8b unnecessary check
• 288e986 Docs: Document branches in the CONTRIBUTING guide
• 30df8a1 Testcase for accessing @ root from a partial-block
• cda544b Add package.json to components shim
• 69c6ca5 Use `files` field
• a4e39bd Fix release-notes (links to contributors` pages)
• b86b918 Fix release-notes (links to github-repo)
• d3d3942 upgrade uglify-js
• 73d5637 Update dependencies "async" to 2.5.0 and "source-map" to 0.6.1
• 7729aa9 Update grunt-eslint to 20.1.0
• 8947dd0 Update jsfiddle to 4.0.11

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic