Update fsevents to fix prototype pollution attack

[fenichelar]

https://nodesecurity.io/advisories/566

fsevents/fsevents#201
mapbox/node-pre-gyp#347

[fenichelar]

A 2.0.4 release with this would be great :)

[coveralls]

Coverage decreased (-0.05%) to 98.5% when pulling fb0136f on fenichelar:master into 925b534 on paulmillr:master.

[es128]

This is already handled by the caret semver operator, making this PR unnecessary. Just do a fresh install.

[fenichelar]

It is best practice to release a new patch version to address a vulnerability because it forces commands like npm update -S to grab the new release without requiring a fresh install. When you have many applications to manage, it is really annoying to do fresh installs all over the place. I understand that this is not actually a security risk, but I think all vulnerabilities should be treated the same. Is there a reason that you seem to be so against making new releases?

[es128]

My main concern is that I do not yet know the fallout of the node 0.12 breaking change, and forcing fsevents@1.2.0 here makes that a less reconcilable situation for any users affected.

Sorry to cause you annoyance, but you do already have the means to resolve it at your disposal.