[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browser-sync

The new version differs by 119 commits.

• 24206ca 2.12.1
• 5f9423c fix(cli): add shebang
• e1babca 2.12.0
• 10c7720 deps: bump lodash, yargs, micromatch, chokidar
• 308b76c bump brower-sync-ui to inherit fixes for #802 #931
• 6c95765 tests: plugins: add tests for incorrectly configured plugins
• 8113649 [wip] - adding support for plugin errors
• f0ac65f fix(proxy): fail when second port scanner (when proxy.ws=true) throws
• c85195d chore: remove redundant 'bs.app' check
• decb092 tests: ensure second call to getPorts (when proxy.ws=true) can handle an error correctly
• 7a1e42e tests: add initial rewriteRule to ensure the filtering works as expected
• 7acc3fa cleanup: remove redundant isArray check from each series
• f09a3ed tests: add tests for init with null/undefined
• 94d4414 test(plugins): Add test for plugins that cannot be located
• ce6a293 logger: remove unused methods
• 0a63c8f ci: allow builds on older nodes
• 5a0665d tests: Add tests for proxy rewrites
• 2e8ea4d Update README.md
• 11a5825 Merge branch 'feature/backport-proxy'
• 8572f06 feat(middleware): accept route/handler in plain objects
• 55749b0 Simplify cli input
• 36ae237 cli: Move handler functions outside try/catch of yargs
• b3198fd yarf
• 2853d47 fix(plugin-resolve): Also use process.cwd() as base for node_modules resolution

See the full diff

Package name: gulp-lintspaces

The new version differs by 15 commits.

• b703581 Merge pull request [Snyk] Security upgrade browser-sync from 2.9.1 to 2.26.9 #14 from jared-thompson/master
• 8760d9e gulp-util to ansi-colors and plugin-error
• 37c39f5 Update gulpfile.js
• 439993c Update index.js
• 9f288db 0.5.0
• b2540da Merge pull request [Snyk] Fix for 1 vulnerabilities #12 from ferlores/patch-1
• 67e2a72 Fixes markdown
• 00d0718 Adds maintenance notice
• 83c16a4 Update lintspace dependency to latest
• 9b1bf75 0.4.1
• a6ddc4e Merge pull request [Snyk] Fix for 1 vulnerabilities #9 from evilebottnawi/patch-1
• 7aa7d5d bug with option
• 4242a40 0.4.0
• e1de1ff Merge pull request [Snyk] Fix for 1 vulnerabilities #8 from SparkartGroupInc/improve-reporter
• 22392b9 improve reporter

See the full diff

Package name: gulp-util

The new version differs by 13 commits.

• 28c2aa2 3.0.8
• 1034a68 Upgrade: bump dateformat, per https://github.com/removes CLI felixge/node-dateformat#53#issuecomment-245782776 (Sales Path might be too long for mobile salesforce-ux/design-system#130)
• 5a417cf Merge pull request Fixed dropdown salesforce-ux/design-system#125 from jmeas/patch-1
• 8cdbc07 Remove gutil.beep() from README example
• b74a5ff 3.0.7
• 5c0c5cf bump logger versions
• 3879b24 Merge pull request Tabs not receiving active state styles in 0.12.0 salesforce-ux/design-system#106 from stevelacy/patch-1
• 7bba70f Update package repo link
• 194248a Merge pull request [React component] Should remove css style on body upon modal dismissal salesforce-ux/design-system#105 from gulpjs/gulplog
• 65c210a add branching logic to support new gulplog stuff
• 4656163 Merge pull request Latched state for buttons salesforce-ux/design-system#100 from makky3939/clean_up_template_js
• 878c95b fix
• 385b059 more readable

See the full diff

Package name: imagemin-cli

The new version differs by 8 commits.

• 9300532 3.0.0
• f75b4c7 Add `process-exit-as-throw` rule ([Snyk] Fix for 1 vulnerabilities #8)
• 0483df1 Don't write to stdout if no files exists
• 09ccff7 Show error when trying to write multiple files to `stdout` ([Snyk] Fix for 1 vulnerabilities #9)
• efb9b39 Improve CLI output by adding number of minified files and spinner ([Snyk] Fix for 2 vulnerabilities #7)
• b0cefab tweaks
• 147c5ab Bump imagemin version ([Snyk] Fix for 8 vulnerabilities #6)
• 2179988 add shinnn and me as maintainers to package.json

See the full diff

Package name: imagemin-pngquant

The new version differs by 14 commits.

• be923c2 6.0.0
• fcf28bb Update to pngquant 2.12.0
• ec458e9 Require Node.js 6
• 6b65fa9 Add `strip` option (Picklist multi-select overflows container when 6+ items added and no scroll salesforce-ux/design-system#44)
• 5c3b75c 5.1.0
• bded797 Bump dependencies
• a89bebb Add support for streams
• fe14c58 5.0.1
• 0241a8d Meta tweaks
• b889812 Catche error 99 and returns original buffer ([Snyk] Fix for 15 vulnerabilities #33)
• 6c3631e 5.0.0
• ba94afa ES2015ify and support Node.js >=4
• e630d06 Merge pull request [Snyk] Security upgrade node-sass from 3.3.2 to 4.14.1 #22 from raine/patch-1
• 36d1d7c readme: fix error in example

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic