[Snyk] Fix for 4 vulnerabilities

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-mocha

The new version differs by 41 commits.

• 983b0ac 5.0.0
• 7bc8d9c Add example of using the `exit` option (Edge Case: User clicks back during the GitHub authentication page.. jes708/CodeGenius#185)
• 3f53145 Add example of using reporterOptions in readme.md (Centered the text on the snackbar. jes708/CodeGenius#179)
• 5045939 Improve usage example
• 64fef33 Bump Mocha to v4
• 06b96ba Meta tweaks
• ac3d7fc Drop dependency on deprecated `gulp-util` (Added validation to required fields and removed description as a requ… jes708/CodeGenius#187)
• 67b1e3e 4.3.1
• 315275f Rewrite tests to use AVA
• 4ac3c98 Cleanup
• 9ddcbd0 Convert objects to key value lists. Closes Selecting File while Solution Code is Shown will load Student's code instead jes708/CodeGenius#167 (Student view missing changes? jes708/CodeGenius#171)
• 55004ca Fix `require` option for multiple entries (Student Forks could have different locations for solution files... jes708/CodeGenius#173)
• e878086 4.3.0
• 9cedf6e Increase the max buffer
• 43f4b4d 4.2.0
• edfa4dd Forward stderr too (use navigate left and right to beautify assesscard jes708/CodeGenius#168)
• 9e5d38a Minor readme tweaks
• 92ec619 4.1.0
• 915351f Use the local Mocha dependency of this package
• bf30380 Print mocha output immediately, not when process finished (move fully graded and total score into assessment card jes708/CodeGenius#160)
• 12d44db Convert all arrays to comma separated lists for Mocha
• fbcaf85 Add compiler option description to the readme (must be login message jes708/CodeGenius#157)
• 32afe0d 4.0.1
• 4e05dce Add manual test gulpfile

See the full diff

Package name: socket.io

The new version differs by 102 commits.

• 873fdc5 chore(release): 2.4.0
• f78a575 fix(security): do not allow all origins by default
• d33a619 fix: properly overwrite the query sent in the handshake
• 3951a79 chore: bump engine.io version
• 6fa026f ci: migrate to GitHub Actions
• 47161a6 [chore] Release 2.3.0
• cf39362 [chore] Bump socket.io-parser to version 3.4.0
• 4d01b2c test: remove deprecated Buffer usage (#3481)
• 8227192 [docs] Fix the default value of the 'origins' parameter (#3464)
• 1150eb5 [chore] Bump engine.io to version 3.4.0
• 9c1e73c [chore] Update the license of the chat example (#3410)
• df05b73 [chore] Release 2.2.0
• b00ae50 [feat] Add cache-control header when serving the client source (#2907)
• d3c653d [docs] Add Touch Support to the whiteboard example (#3104)
• a7fbd1a [fix] Throw an error when trying to access the clients of a dynamic namespace (#3355)
• 190d22b [chore] Bump dependencies
• 7b8fba7 [test] Update Travis configuration
• e5f0cea [docs] Use new JavaScript syntax inside the README (#3360)
• 7e35f90 [docs] fix `this` scope in the chat example
• 2dbec77 [chore] Update issue template
• d97d873 [docs] update README.md (#3309)
• e0b2cb0 [chore] Release 2.1.1
• 1decae3 [feat] Add local flag to the socket object (#3219)
• 0279c47 [docs] Convert the chat example to ES6 (#3227)

See the full diff

Package name: socket.io-client

The new version differs by 72 commits.

• de2ccff chore(release): 2.4.0
• e9dd12a chore: bump engine.io-client version
• 7248c1e ci: migrate to GitHub Actions
• 4631ed6 chore(release): 2.3.1
• 7f73a28 test: fix tests in IE
• 67c54b8 chore: bump engine.io-parser and socket.io-parser
• 15a52ab test: remove arrow function (for now)
• 050108b fix: fix reconnection after opening socket asynchronously (#1253)
• b570025 chore: bump engine.io-client and downgrade debug
• 1fb1b78 chore: remove unused dependencies
• 0c39f14 docs: add section about Debug / logging on the client side (#1278)
• 6ce02ee docs: add server port in the example (#1359)
• f4a4d89 chore: update package-lock.json file
• 3c1d860 chore: bump component-emitter dependency (#1376)
• b7dbbd2 test: fix race condition in the tests
• 661f1e7 [chore] Release 2.3.0
• 71d7b79 [chore] Bump engine.io-client to version 3.4.0
• 8b4a539 [docs] Add CDN link (#1318)
• 40cf185 [ci] use Node.js 10 for compatibility with Gulp v3
• 3020e45 [chore] Release 2.2.0
• 06e9a4c [chore] Bump dependencies
• 4a93871 [chore] Update the Makefile
• eeafa44 [fix] Remove any reference to the `global` variable
• dfc34e4 [chore] Pin zuul version

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection