[Snyk] Fix for 8 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-coffee

The new version differs by 19 commits.

• 39df753 3.0.3
• 8c9ec9a Merge pull request Typo fix atom/flight-manual.atom.io#89 from TheDancingCode/no-coercion
• 9db3c01 Merge pull request Replace screenshots atom/flight-manual.atom.io#90 from TheDancingCode/remove-require
• 64b0784 Remove unneeded Mocha require statement
• 8cd8339 Avoid implicit type coercion
• f668318 Remove unused variables
• 428393b Replace deprecated `new Buffer()`
• 841228b Update repo location
• 95c3621 Replace unneeded `merge`
• a752a2a Fix node version in README
• 2b17e7c 3.0.2
• e8a6459 closes HTML download is missing the Table of Contents atom/flight-manual.atom.io#81
• e39eac8 closes abort! keymap directive is not documented atom/flight-manual.atom.io#82
• bbb041d 3.0.1
• 4e4fe84 respond to https://github.com/Ecosystem migration gulpjs/gulp-util#143
• 2b1623c 3.0.0
• eaf44ad more dep updating
• 480d8ee Merge pull request HTML download contains most files in repo atom/flight-manual.atom.io#80 from ndrewtl/master
• e3939ff Bump Coffeescript to version 2.1.0

See the full diff

Package name: gulp-connect

The new version differs by 7 commits.

• aa10ee3 5.6.1
• a80e3e5 Merge pull request Update package-word-count.md atom/flight-manual.atom.io#257 from rejas/update_dependencies
• c6034b8 Cleanup test file
• edcfba8 Update ansi-colors package
• 429068d Only test supported node versions
• 2055d29 Undo typescript update to avoid breaking tests
• 4e3c831 Update all dependencies

See the full diff

Package name: gulp-uglify

The new version differs by 37 commits.

• 76b5b3a fix(package): update files array
• 5d4c4c6 chore(all): refactor unit tests
• f2b779b feat(composer): implement new API for composing deps
• dbbba30 fix(minify): log warnings to gulplog
• 4cc8751 feat(uglify): add support for UglifyJS3
• ad73ab8 chore(pkg): update dependencies, run lint
• 4656fe5 2.1.2
• ba83a45 fix(package): move eslint dependencies to dev
• 3d0f155 2.1.1
• c722ab9 fix(errors): restore file and line info
• da3e18f chore(prettier): setup prettier
• ec8ba54 fix(tests): UglifyJS errors use "message" property
• 6c336ec v2.1.0
• 35c33f1 chore(uglifyjs): loosen uglify-js pin
• 74b6eff 2.0.1
• 832b427 chore(package): update uglify-js to version 2.7.5
• 1bf0f72 docs(README): link to Why Use Pump?
• ccdc482 docs(pump): fix typo
• 5ddafd2 chore(package): update uglify-js to version 2.7.4
• d5801ca chore(greenkeeper): ignore "gulp-sourcemaps" dependency
• 129df84 chore(package.json): update repository field
• 533ee01 fix(package): update uglify-js to version 2.7.3
• 1f2c508 docs(why-use-pump): fix plugin name
• 2829956 docs(README): fix typo

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic