[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/server/package.json
  • packages/server/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @cypress/browserify-preprocessor

The new version differs by 10 commits.

• faf9873 patch: Update dependencies ([Snyk] Fix for 1 vulnerabilities #27)
• 0b7af1b minor: release new version
• dae6488 Enable source maps by default ([Snyk] Fix for 1 vulnerabilities #26)
• e6d60cb major: Update deps, remove cjsx support
• f8baedc Merge pull request [Snyk] Security upgrade mocha from 2.4.5 to 7.1.1 #20 from robhowell/patch-1
• 941e8b8 Add missing comma to default config in README
• 6b52455 patch: update package-lock
• 016256c Merge pull request [Snyk] Security upgrade jimp from 0.2.28 to 0.3.7 #18 from cypress-io/issue-17-babel-7-stable
• 915950b update key for @ babel/plugin-transform-runtime
• 732fe9f patch: update deps to latest stable versions (closes [Snyk] Security upgrade browserify from 13.3.0 to 15.0.0 #17)

See the full diff

Package name: chokidar

The new version differs by 38 commits.

• 3409db8 Release 2.0.0
• d5187a2 Merge pull request Cypress doesn't start when running in RHEL7 docker container cypress-io/cypress#660 from phated/docs
• 77cf90f Merge pull request CLI does not display correctly overridden CYPRESS_BINARY_VERSION on first open cypress-io/cypress#659 from phated/ci-updates
• 41021e8 Update changelog for 2.0
• 4ec944e Update AppVeyor badge location
• d2d8132 Add node 9 to both CI
• febd028 Avoid flakey coveralls API from failing the tests
• fe97886 Update Travis & AppVeyor to allow node 0.10 failures
• 51ca0d5 Merge pull request Accept absolute path for --reporter cypress-io/cypress#658 from phated/replace-syspath
• 2f3112a Upgrade other deps
• a92f089 Attempt to fix glob tests
• cde757a Update globbing deps
• cbdf255 fix for handling braces in path (Rename Cypress.Log.command -> Cypress.log cypress-io/cypress#622)
• 528826f Add node v8 to CI configs
• 3d91781 print fsevents require error when env var set (Rewrite chai-jQuery, and improve its unexpected behavior cypress-io/cypress#605)
• 3b1071a Release 1.7.0
• c716ffd Fix process not exiting calling .close() right after watching. (CypressError: cy.visit() failed because you are attempting to visit a second unique domain. cypress-io/cypress#600)
• f03f332 Fix for possible infinite recursion. (Extract browserify code / abstract build pipeline cypress-io/cypress#580)
• 2442f7b Added ability to force `interval` value by setting `CHOKIDAR_INTERVAL… (Giving access to users is buggy and not transparent cypress-io/cypress#557)
• 0faec86 disableGlobbing option: treat glob-like paths as literal paths (Renderer process crashed cypress-io/cypress#598)
• d90d112 Slight README.md typo fix: appear(s) (Using cy.server() and cy.route() not working in before hooks cypress-io/cypress#595)
• 3f7f113 Stabilize tests when running on Travis/darwin
• b427e9c Update example dotfiles regex
• c21a65c Add node v7 to CI configs

See the full diff

Package name: hbs

The new version differs by 9 commits.

• 51457e9 v4.0.2
• 4f327af Upgrade handlebars to 4.0.13 to fix advisory 755
• 1047eb2 v4.0.1
• d0d3622 update History
• 754586a travis: add node v6 to testing matrix
• 58ff471 README: update registerPartials api docs
• 705f0d4 update references to donpark to pillarjs
• 75dd9a6 support params for async helper (Whitelist .svg cypress-io/cypress#131)
• d496e34 update dependencies

See the full diff

Package name: mocha

The new version differs by 250 commits.

• d69bf14 Release v4.0.0
• 171b9f9 pfix "prepublishOnly" potential portability problem
• 60e39d9 Update link to wiki (GitHub at the leading `--`)
• 804f9d5 Update link because GitHub ate the leading `--`
• 3326c23 update CHANGELOG for v4.0.0 [ci skip]
• 6dd9252 add link to wiki on --compilers deprecation
• 96318e1 Deprecate --compilers
• 92beda9 drop bower support
• 58a4c6a remove unused .npmignore
• 7af6611 kill Date#toISOString shim
• 43501a2 reduce noise about slow tests; make a few tests faster, etc.
• fa228e9 update --exit / --no-exit integration test for new default behavior
• 3fdd3ff Switch default from forced exit to no-exit
• c5d69e0 add integration tests for --exit/--no-exit
• 3a7f8dc enhance runMochaJSON() helper by returning the subprocess instance
• 0690d1a remove unused manual tests which remained in test/misc/
• 49e01d5 move the "only" specs out of test/misc/only/ and into test/only/
• 16ffca2 remove shims to avoid decrease in coverage
• 1f3b39a upgrade diff
• e6e3519 upgrade commander
• f1efc14 remove special treatment of unsupported node version in travis before-install script
• bc50020 upgrade debug
• 1103f9c upgrade coveralls
• f09ebf6 remove readable-stream

See the full diff

Package name: send

The new version differs by 62 commits.

• 8b080c8 Release 0.15.6
• 43738dd perf: improve If-Match token parsing
• c3fd47b lint: remote parameter reassignments
• 4edb37e deps: debug@2.6.9
• 2d17fa1 Release 0.15.5
• 32ef137 deps: fresh@0.5.2
• 112e8b3 deps: etag@~1.8.1
• 1daeb4c build: Node.js@8.4
• 0eafb9a build: Node.js@6.11
• bad2a46 Release 0.15.4
• aa380d2 deps: http-errors@~1.6.2
• fb3e006 deps: depd@~1.1.1
• 1e45f67 build: support Node.js 8.x
• 3bea353 deps: debug@2.6.8
• cbeac74 build: Nodejs@7.10
• a20f8f2 Release 0.15.3
• 5fe5ec6 deps: debug@2.6.7
• a5a523b build: eslint-plugin-markdown@1.0.0-beta.6
• c191ba9 deps: ms@2.0.0
• d927057 deps: debug@2.6.6
• 93b86b2 Release 0.15.2
• de06518 build: eslint-config-standard@7.1.0
• 569d766 build: Node.js@7.9
• fbff665 deps: debug@2.6.4

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Symlink File Overwrite npm:tar:20151103	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)