[Snyk] Upgrade ledgerco from 1.1.3 to 1.2.1

[snyk-bot]

Snyk has created this PR to upgrade ledgerco from 1.1.3 to 1.2.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2018-01-05.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:sshpk:20180409	Proof of Concept
	Prototype Override Protection Bypass npm:qs:20170213	No Known Exploit
	Prototype Pollution npm:deep-extend:20180409	No Known Exploit
	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
	Prototype Pollution npm:hoek:20180212	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:brace-expansion:20170302	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:is-my-json-valid:20180214	Mature
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit

Release notes

Package name: ledgerco

• 1.2.1 - 2018-01-05
• 1.2.0 - 2018-01-05
• 1.1.3 - 2017-05-24

from ledgerco GitHub release notes

Commit messages

Package name: ledgerco

• 355ff3a 1.2.1
• 5199ce7 1.2.0
• 2fe1d6c Merge pull request [Snyk] Upgrade ledgerco from 1.1.3 to 1.2.1 #26 from LedgerHQ/es6refactoring
• 9b645ee Fixes https://github.com/Changed buffer for varints LedgerHQ/ledgerjs#34
• d1afd8d update node-hid dependency
• d76183f remove build files
• c81f65d use prepare instead of prepublish
• b45888b prepublish script runs build on local npm install / publish
• 734b8d9 no longer need u2f-api decls because flow-typed PR was accepted :)
• 1e85959 Update CONTRIBUTING.md
• 26c580c Refactor in ES6+ style & with babel/eslint/flow/prettier
• e7b12b1 Merge pull request [Snyk] Upgrade react-event-listener from 0.4.5 to 0.6.6 #18 from maxx-t/no-q-dependency-A
• 25ad65c Removed "q" module dependency
• dc88bf4 Merge pull request [Snyk] Upgrade node-pre-gyp from 0.6.36 to 0.14.0 #19 from Neufund/master
• 6cde597 Fix tests
• 3da8ce2 Bump node-hid version to ensure compilation under node 8
• 77e3a1a Regenerate browser bindings
• 722a9a0 Merge branch 'test-merge'
• bf26769 Merge branch 'merge' of https://github.com/maxx-t/ledger-node-js-api into test-merge
• a852f79 Merge pull request [Snyk] Fix for 15 vulnerabilities #14 from efx/master
• f20347b Merge pull request [Snyk] Upgrade: react, react-dom #16 from 0xProject/master
• 6714984 use node convention for loading file
• dc2024b Improve comment
• ce6e22c Rename u2f-api to chrome-u2f-api in order to make it clear that it's a chrome specific library. Also add the chromeU2FAPI import regardless of global u2f availability so that it's included in browser/ledger.js

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs