[Snyk] Fix for 1 vulnerabilities

[ebarahona]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 46 commits.

• df47bab release: 2.24.0
• 2c7083d Merge pull request #1548 from BrowserSync/client-ts
• ad0723d release: 2.24.0-rc4
• b8685bc fix: (client, rxjs) fix imports to avoid the entire library being bundled
• b2361d5 release: 2.24.0-rc3
• 0ad5f3a deps: upgrade [email protected]
• f6ac69f deps: upgrade [email protected]
• 0e1dd37 deps: upgrade [email protected] - fixes #1512
• f5a094d release: 2.24.0-rc2
• b41f602 fix: (cli) remove `watch` boolean when false
• 99a69ce feat: (client) rewrite to Typescript + RxJS
• 9d9dfb1 feat: (client) make initial options available in initial payload
• 06608fb feat: (client) added `injectNotification` option & defaulted to false
• 4803786 feat: (client-js) allow functions in client:js hook
• e4754c9 feat: (http-protocol) support POST requests over HTTP Protocol
• 31bace2 tests: add cypress for integration tests
• 679fbbc deps: [email protected]
• 1c9ae43 Resolved warning in tsconfig.
• b5d25f4 Merge pull request #1545 from aznnomness/master
• 8a957e9 Merge pull request #1547 from jgravois/patch
• 31956ab bump localtunnel to resolve security vuln nag
• ea9da09 Resolved warning in tsconfig.
• 78c3854 Merge pull request #1544 from SergiuNegara/fix/steam-docs-spelling
• 4ce533c Fix stream docs spelling

See the full diff

Package name: gulp-less

The new version differs by 4 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes Version 10 of node.js has been released Gottwik/Enduro#269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (Can't reopen existing project Gottwik/Enduro#281)

See the full diff

Package name: npm

The new version differs by 225 commits.

• c62d0ea 5.10.0
• 9edd48e docs: update changelog for [email protected]
• e33bc08 audit: Timeout audit requests eventually
• 9cb9102 5.10.0-next.1
• dab8d6d update AUTHORS
• ba6f620 doc: update changelog for [email protected]
• be01b7d test: Change bad url in test in anticipation of aliasing
• 74bcdb8 update: Add parens to clarify order of operations when defaulting where
• 3232699 deps: Fix regexp used to cleanup from fields
• fb99f75 travis: Add node v10
• d6187a9 mailmap: Update with real names
• 1822379 audit: Only report audit as being unsupported on 404 and >= 500
• 35de046 docs: describe what colors in outdated mean
• e0235eb docs: add from field back into git dependencies
• fb7efac makefile: call cache clean with --force
• cf09066 audit: Refuse to run in global mode
• bc3fc55 audit: Verify lockfile integrity before running
• 7d43ddf audit: Exit with non-zero when vulnerabilities are found
• 113e1a3 inflate-shrinkwrap: Infer versions from tarballs to self heal
• 36f9984 shrinkwrap: Prefer computed resolved from dep tree
• aadbf3f audit: Include session and scope in requests
• f9804b1 cmd-list: How else am I supposed to deploy my urns?
• dac6f9b cmd-list: sit booboo, cit
• a6e2f12 audit: Make sure we hide stream errors on background audit submissions

See the full diff

Package name: request

The new version differs by 28 commits.

• 02fc5b1 Update changelog
• de1ed5a 2.87.0
• a6741d4 Replace hawk dependency with a local implemenation (#2943)
• a7f0a36 2.86.1
• 8f2fd4d Update changelog
• 386c7d8 2.86.0
• 76a6e5b Merge pull request #2885 from ChALkeR/patch-1
• db76838 Merge branch 'patch-1' of github.com:ChALkeR/request
• fb7aeb3 Merge pull request #2942 from simov/fix-tests
• e47ce95 Add Node v10 build target explicitly
• 0c5db42 Skip status code 105 on Node > v10
• d555bd7 Generate server certificates for Node > v10
• 81f8cb5 Remove redundant code
• db17497 Use Buffer.from and Buffer.alloc in tests
• 0d29635 Merge pull request #2923 from gareth-robinson/cifixes
• 3745cec Correction for Windows OS identification
• 219a298 Alterations for failing CI tests
• bbb3a0b 2.85.1
• 21ef363 Update changelog
• 5dad86e 2.85.0
• 5ba8eb4 Revert "Update hawk to 7.0.7 (#2880)"
• b191514 2.84.1
• d77c839 Update changelog
• 4b46a13 2.84.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.