[Snyk] Fix for 4 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/eslint/node_modules/doctrine/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint

The new version differs by 250 commits.

• ff8c4bb 4.5.0
• 480bbee Build: changelog update for 4.5.0
• decdd2c Update: allow arbitrary nodes to be ignored in `indent` (fixes #8594) (#9105)
• 79062f3 Update: fix indentation of multiline `new.target` expressions (#9116)
• d00e24f Upgrade: `chalk` to 2.x release (#9115)
• 6ef734a Docs: add missing word in processor documentation (#9106)
• a4f53ba Fix: Include files with no messages in junit results (#9093) (#9094)
• 1d6a9c0 Chore: enable eslint-plugin/test-case-shorthand-strings (#9067)
• f8add8f Fix: don't autofix with linter.verifyAndFix when `fix: false` is used (#9098)
• 77bcee4 Docs: update instructions for adding TSC members (#9086)
• bd09cd5 Update: avoid requiring NaN spaces of indentation (fixes #9083) (#9085)
• c93a853 Chore: Remove extra space in blogpost template (#9088)
• 0d9da6d 4.4.1
• 1ea9a6c Build: changelog update for 4.4.1
• ec93614 Fix: no-multi-spaces to avoid reporting consecutive tabs (fixes #9079) (#9087)
• a113cd3 4.4.0
• 181bd46 Build: changelog update for 4.4.0
• 89196fd Upgrade: Espree to 3.5.0 (#9074)
• b3e4598 Fix: clarify AST and don't use `node.start`/`node.end` (fixes #8956) (#8984)
• 62911e4 Update: Add ImportDeclaration option to indent rule (#8955)
• de75f9b Chore: enable object-curly-newline & object-property-newline.(fixes #9042) (#9068)
• 5ae8458 Docs: fix typo in object-shorthand.md (#9066)
• c3d5b39 Docs: clarify options descriptions (fixes #8875) (#9060)
• 37158c5 Docs: clarified behavior of globalReturn option (fixes #8953) (#9058)

See the full diff

Package name: eslint-release

The new version differs by 6 commits.

• ddc4578 2.0.0
• 420577e Build: changelog update for 2.0.0
• d6439b3 Fix: use global-import shelljs ([Snyk] Security upgrade package-json from 6.5.0 to 7.0.0 #38)
• 3d05dc5 Update: Major version changelogs include all prereleases ([Snyk] Security upgrade got from 9.6.0 to 11.8.5 #37)
• 13d962b Upgrade: github-api@3.2.2 ([Snyk] Security upgrade requests from 1.2.3 to 2.20 #35)
• 8cde736 Breaking: require node >= 8.0 & upgrade eslint-config-eslint (Bump minimist from 1.2.5 to 1.2.6 #34)

See the full diff

Package name: nyc

The new version differs by 109 commits.

• 4a6b327 chore(release): 13.0.1
• ae5318b chore: Update istanbul dependencies. ([Snyk] Fix for 1 vulnerabilities #896)
• d0b76e2 fix: Enable es-modules by default. ([Snyk] Fix for 1 vulnerabilities #889)
• 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing ([Snyk] Fix for 4 vulnerabilities #863)
• c325799 docs: reference babel 7 in all places ([Snyk] Fix for 2 vulnerabilities #881)
• 7483ed9 fix: use uuid/v4 to generate unique identifiers. ([Snyk] Fix for 8 vulnerabilities #883)
• 8ab1ae3 chore: update dependencies ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #872)
• 52b69ef fix: Update caching-transform options. ([Snyk] Security upgrade ava from 0.0.4 to 0.1.0 #873)
• 624a723 chore: update dependencies ([Snyk] Fix for 1 vulnerabilities #866)
• a5818f5 chore(release): 13.0.0
• f0d98a5 docs: update README.md with babel configuration info ([Snyk] Fix for 1 vulnerabilities #860)
• 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report ([Snyk] Fix for 1 vulnerabilities #859)
• f09cf02 chore: update dependencies ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #855)
• d0f654c fix: source was being instrumented twice, due to upstream fix in ista… ([Snyk] Fix for 3 vulnerabilities #853)
• adb310c chore(release): 12.0.2
• ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 ([Snyk] Fix for 5 vulnerabilities #854)
• b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
• 9fc20e4 chore(release): 12.0.1
• 3e087d4 chore: upgrade to version of istanbul with optional catch binding ([Snyk] Security upgrade jest from 24.9.0 to 27.0.0 #851)
• eaf3f70 chore(release): 12.0.0
• 19b7d21 chore: upgrade to newest version of istanbul codebase ([Snyk] Fix for 1 vulnerabilities #848)
• 570a08a chore(release): 11.9.0
• 1329a3b feat: add option that allows instrument to exit on error ([Snyk] Security upgrade tap from 14.6.1 to 16.0.0 #850)
• bc9ffe5 chore(release): 11.8.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)