[Snyk] Fix for 11 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/esrecurse/package.json
  • node_modules/esrecurse/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (Can we use the github token as a parameter for reporting github/codeql-action#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (Mergeback v2.21.5 refs/heads/releases/v2 into main github/codeql-action#1859)
• 723cbc4 Docs: Fix syntax in recipe example ([Snyk] Security upgrade ava from 2.4.0 to 6.0.0 #1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Update default bundle to 2.14.2 github/codeql-action#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos ([Snyk] Security upgrade babel-plugin-istanbul from 4.1.6 to 5.0.0 #1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API ([Snyk] Security upgrade karma from 1.7.1 to 2.0.0 #1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example ([Snyk] Security upgrade eslint from 6.8.0 to 9.0.0 #1609)

See the full diff

Package name: gulp-eslint

The new version differs by 3 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies ([Snyk] Security upgrade safe-publish-latest from 1.1.5 to 2.0.0 #224)

See the full diff

Package name: gulp-mocha

The new version differs by 14 commits.

• c1e272e 7.0.0
• 4924437 Update Mocha and require Node.js and Gulp 4
• cde8dc2 6.0.0
• 1fd70f0 Require Node.js 6
• fc5cc1f Reduce noise in console output on test failures ([Snyk] Fix for 3 vulnerabilities #188)
• eb1f5cc Set color option to what is supported by the current env ([Snyk] Fix for 7 vulnerabilities #190)
• c5da1d1 Update mocha to 5.2.0 ([Snyk] Fix for 10 vulnerabilities #191)
• 983b0ac 5.0.0
• 7bc8d9c Add example of using the `exit` option ([Snyk] Fix for 2 vulnerabilities #185)
• 3f53145 Add example of using reporterOptions in readme.md ([Snyk] Fix for 4 vulnerabilities #179)
• 5045939 Improve usage example
• 64fef33 Bump Mocha to v4
• 06b96ba Meta tweaks
• ac3d7fc Drop dependency on deprecated `gulp-util` ([Snyk] Fix for 7 vulnerabilities #187)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection