[Snyk] Fix for 15 vulnerabilities

[hajjiTarik]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (Update babel-core to version 6.7.2 🚀 commitizen/cz-cli#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (fix(lib): keep newline at the end of package.json commitizen/cz-cli#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (Update babel to version 6.5.2 🚀 commitizen/cz-cli#140)
• dbae68d Update dependent package count in the readme (fix: make gulp depedencies available for prod installs commitizen/cz-cli#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (Update lodash to version 4.4.0 🚀 commitizen/cz-cli#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (Fail a build if the commit is not in the standard format commitizen/cz-cli#129)
• 835ca3d You've just reached 10,000 dependent modules. (Update chai to version 3.5.0 🚀 commitizen/cz-cli#122)
• 74c087d minor doc improvements (Update mocha to version 2.4.3 🚀 commitizen/cz-cli#120)

See the full diff

Package name: find-node-modules

The new version differs by 13 commits.

• d7a1ff0 Merge pull request [Snyk] Security upgrade find-node-modules from 1.0.4 to 2.1.1 #13 from PunChaFeng/upgrade-merge
• 2cdfee5 Update package-lock.json
• 5d91ac5 Update package.json
• 2f4a0dd 2.1.0
• 891bfcf Add package-lock.json
• dc65c2e Merge pull request [Snyk] Security upgrade find-node-modules from 1.0.4 to 2.1.1 #11 from sebelga/chore/update-findup-sync-dep
• 4bcc026 chore(deps): update findup-sync from 3.0.0 to 4.0.0
• 73a6a52 2.0.0
• badcd1a Merge pull request [Snyk] Security upgrade lodash from 4.17.2 to 4.17.17 #10 from seantrane/update-findup-sync
• 9b1f999 chore(deps): update findup-sync from 0.4.2 to 3.0.0
• 5002f7d 1.0.5
• 442ddf1 Merge pull request [Snyk] Security upgrade lodash from 4.17.2 to 4.17.20 #9 from YOU54F/updateDepMerge
• fd864bc update dep - merge 1.2.0 > 1.2.1

See the full diff

Package name: inquirer

The new version differs by 67 commits.

• 68fcbcb 3.2.0
• e16575c Bump dependencies
• 3f2c74b fix(package): update chalk to version 2.0.0
• 2e9eb3e Allow non-string values as a list default option (git cz just opens the local editor commitizen/cz-cli#558)
• 5dbd186 [fix] Update lodash to version 4.14.0 🚀 commitizen/cz-cli#293 Exit script when SIGINT signal received (Error in Readme: npx git-cz installs wrong package commitizen/cz-cli#564)
• 625965e Fixed typo (git-cz doesn't finish, doesn't return the prompt commitizen/cz-cli#563)
• babdfb2 Add Plugins Section to README.md (Git bash on windows: cannot read property 'get' of undefined commitizen/cz-cli#559)
• 810c138 fix(package): update strip-ansi to version 4.0.0
• 13d3100 3.1.1
• 60b27f0 Setup coverage in codacy
• 62fde13 Bump dev dependencies
• 3f465b4 Move eslint configs to own file (easier to integrate in third party)
• 948f8dc Keep password prompt silenced after error - Fix fix(deps): update dependency glob to v7.1.3 - autoclosed commitizen/cz-cli#553 Om commit, Nano editor is getting open. No commitizen dialogs at all commitizen/cz-cli#546
• 11f5854 chore(package): update sinon to version 2.3.4 (Is there a way to override standard git commit? commitizen/cz-cli#550)
• e612cc5 3.1.0
• 148cb71 Update eslint-config-xo-space to the latest version 🚀 (chore(deps): update dependency proxyquire to v2 - autoclosed commitizen/cz-cli#516)
• 3b93dd5 call chalk.reset() after message prompt (Open Collective CLI Breaks Build on CI commitizen/cz-cli#544)
• 3ff39a6 chore(package): update chai to version 4.0.1 (fix(deps): update dependency inquirer to v6 commitizen/cz-cli#541)
• 76f1bfe upgrade external-editor to 2.0.4 (chore(deps): pin dependencies commitizen/cz-cli#535)
• da4eceb pass current answers hash to filter (Open Collective Objectives commitizen/cz-cli#533)
• f99b398 Use rx-lite-aggregates instead of full rx (docs(readme): add npx use examples commitizen/cz-cli#532)
• 20119a2 fix(package): update ansi-escapes to version 2.0.0 (Locally installation messed up with Yarn commitizen/cz-cli#527)
• e294e16 Update validate fn param docs (chore(deps): pin dependency in-publish to v2.0.0 - autoclosed commitizen/cz-cli#526)
• 5b3a4a2 Add masked password example

See the full diff

Package name: shelljs

The new version differs by 108 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (bug: issue with LRU cache, cannot execute git-cz commitizen/cz-cli#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (updated 404 url commitizen/cz-cli#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (chore(deps): update all non-major dependencies commitizen/cz-cli#903)
• 4bd22e7 chore(ci): fix codecov on travis (Why are there no releases anymore? commitizen/cz-cli#897)
• 2b3b781 fix: silent exec (chore(deps) Update dependency semantic-release to v19 - autoclosed commitizen/cz-cli#892)
• 37acb86 chore(npm): add ci-or-install script (chore(deps): update all non-major dependencies to v7.17.0 commitizen/cz-cli#896)
• 4e861db chore(appveyor): run entire test matrix (chore(deps): update dependency conventional-changelog-conventionalcommits to v4.6.2 commitizen/cz-cli#886)
• d079515 docs: remove gitter badge (chore: remove unused Travis-CI config commitizen/cz-cli#880)
• 4113a72 grep includes the i flag (chore(deps) Update dependency strip-json-comments to v4 commitizen/cz-cli#876)
• 8dae55f Fix(which): match only executable files (fix(deps): update dependency inquirer to v8 commitizen/cz-cli#874)
• 6d66a1a chore: rename some tests (chore(deps): update dependency sinon to v12 commitizen/cz-cli#871)
• 131b88f Fix cp from readonly source (chore(deps): update dependency sinon to v11 - autoclosed commitizen/cz-cli#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (Ownership of find-node-modules commitizen/cz-cli#863)
• 72ff790 chore: bump dev dependencies and add package-lock (build(node versions): - Deprecates Node 10 and adds current LTS versions commitizen/cz-cli#864)
• 93bbf68 Prevent require-ing bin/shjs (filter type input commitizen/cz-cli#848)
• aa9d443 chore: output npm version in travis (signed-off-by commitizen/cz-cli#850)
• 4733a32 chore(appveyor): do not use latest npm (git commit -m to pre-fill commit title commitizen/cz-cli#847)
• dd5551d chore: update shelljs-release version (cz.json version mismatch merge conflict commitizen/cz-cli#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn