[Snyk] Fix for 1 vulnerabilities

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: connect-session-sequelize

The new version differs by 19 commits.

• e7c6a58 Merge pull request [Snyk] Security upgrade gulp-istanbul from 0.9.0 to 1.1.2 #60 from mweibel/update-deps
• fa7f22f Fix tests and increase node requirement to 4.1.0 as 4.0 does not work
• cbaa4b0 Fix tests
• ca3c6a9 Update dependencies and fix code style
• 9503a2b Update required node versions
• d8300f6 Merge pull request [Snyk] Fix for 1 vulnerabilities #59 from miqueloi/master
• 6d798b5 - Updated sequelize operator to use a static symbol obj, when checking if session has expired.
• e047d73 Merge pull request [Snyk] Security upgrade gulp-mocha from 2.2.0 to 9.0.0 #57 from mattandrews/master
• 9353f51 Update README.md
• 5a3434e Merge pull request [Snyk] Security upgrade sequelize from 3.35.1 to 4.0.0 #55 from jorrit/patch-1
• 3732120 Remove unnecessary files from NPM package
• c45cac3 Update README to indicate that the touch method is implemented so the express-session resave option should be set to false ([Snyk] Security upgrade supertest from 0.15.0 to 2.0.0 #51)
• a1db139 Version 4.1.0
• 3c35a65 Version 4.1.0-beta.1
• afcad35 Non transactional session - Sequelize `findOrCreate` ([Snyk] Fix for 1 vulnerabilities #47)
• 37c966f Update peerDependency of sequelize
• b80afbc Update sequelize and add yarn lockfile
• 5f218c5 Add yarn lockfile
• 654bbb1 chore(package): update sequelize to version 3.24.5

See the full diff

Package name: gulp-eslint

The new version differs by 86 commits.

• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option
• 286b0c4 remove unused fixtures
• e2723e1 Remove unnecessary `object-assign` dependency
• 82c1949 3.0.0
• 97d8638 Remove invalid options in example code
• 505779d Remove option aliases
• 7228608 Bump ESLint to v3.x and ES2015ify
• 946e0e9 2.1.0
• a01671e Add v2.1.0 release note
• 87213fd Fix inline config example in README (#159)
• 4de3d64 Test on the latest/LTS Node
• cb7fd6a Install istanbul-coveralls only on Travis CI

See the full diff

Package name: gulp-livereload

The new version differs by 11 commits.

• 85e7ca0 Update README.md
• 0a3f940 Update dependencies
• 909c139 Replace `mini-lr` dependency by `tiny-lr`
• e3be670 Generate new certificate for HTTPS tests
• 5af4318 Update minimum supported Node version to Node 6
• f7eeeba Eemove deprecated gulp-util (#127)
• bbf71b1 Merge branch 'lukehorvat-travis-nodejs'
• 6e58e67 Add Node.js v0.12 and v4 to Travis config
• 7fc51e9 update README.md
• fc39c77 Merge branch 'patch-1' of https://github.com/bigtiger/gulp-livereload into bigtiger
• 314344a Update README.md

See the full diff

Package name: gulp-mocha

The new version differs by 41 commits.

• 983b0ac 5.0.0
• 7bc8d9c Add example of using the `exit` option (#185)
• 3f53145 Add example of using reporterOptions in readme.md (#179)
• 5045939 Improve usage example
• 64fef33 Bump Mocha to v4
• 06b96ba Meta tweaks
• ac3d7fc Drop dependency on deprecated `gulp-util` (#187)
• 67b1e3e 4.3.1
• 315275f Rewrite tests to use AVA
• 4ac3c98 Cleanup
• 9ddcbd0 Convert objects to key value lists. Closes #167 (#171)
• 55004ca Fix `require` option for multiple entries (#173)
• e878086 4.3.0
• 9cedf6e Increase the max buffer
• 43f4b4d 4.2.0
• edfa4dd Forward stderr too (#168)
• 9e5d38a Minor readme tweaks
• 92ec619 4.1.0
• 915351f Use the local Mocha dependency of this package
• bf30380 Print mocha output immediately, not when process finished (#160)
• 12d44db Convert all arrays to comma separated lists for Mocha
• fbcaf85 Add compiler option description to the readme (#157)
• 32afe0d 4.0.1
• 4e05dce Add manual test gulpfile

See the full diff

Package name: gulp-sourcemaps

The new version differs by 2 commits.

• 7b5e269 prep v2.0.0 release
• 4e689ec BREAKING CHANGE is due to strip-bom 3.X. Marking 2.0.0-beta 'work in progress branch'. This will be the new master branch.

See the full diff

Package name: karma

The new version differs by 250 commits.

• a4d5bdc chore: release v3.0.0
• 75f466d chore: release v2.0.6
• 5db9399 chore: update contributors
• eb3b1b4 chore(deps): update mime -> 2.3.1 (#3107)
• 732396a fix(travis): Up the socket timeout 2->20s. (#3103)
• 173848e Remove erroneous change log entries for 2.0.3
• 1002569 chore(ci): drop node 9 from travis tests (#3100)
• 02f54c6 fix(server): Exit clean on unhandledRejections. (#3092)
• 0fdd8f9 chore(deps): update socket.io -> 2.1.1 (#3099)
• 90f5546 fix(travis): use the value not the key name. (#3097)
• fba5d36 fix(travis): validate TRAVIS_COMMIT if TRAVIS_PULL_REQUEST_SHA is not set. (#3094)
• 56fda53 fix(init): add "ChromeHeadless" to the browsers' options (#3096)
• f6d2f0e fix(config): Wait 30s for browser activity per Travis. (#3091)
• a58fa45 fix(travis): Validate TRAVIS_PULL_REQUEST_SHA rather than TRAVIS_COMMIT. (#3093)
• 88b977f fix(config): wait 20s for browser activity. (#3087)
• 94a6728 chore: remove support for node 4, update log4js (#3082)
• c5dc62d docs: better clarity for API usage
• 0018947 chore: release v2.0.5
• 02dc1f4 chore: update contributors
• dc7265b fix(browser): ensure browser state is EXECUTING when tests start (#3074)
• 7617279 refactor(filelist): rename promise -> lastCompletedRefresh and remove unused promise (#3060)
• a701732 fix(doc): Document release steps for admins (#3063)
• 93ba05a fix(middleware): Obey the Promise API.
• 518cb11 fix: remove circular reference in Browser

See the full diff

Package name: sequelize

The new version differs by 250 commits.

• 0a9b8a6 5.1.0
• 6d84ced docs: fix styling issue with long comments
• cf5aeea chore: v5 release (#10544)
• 1275de0 docs: remove extra entries
• d6d9d81 5.0.0-beta.17
• bc6c133 docs: v5.0.0-beta.17
• 4478d74 chore: strict linting for code and jsdocs (#10535)
• f862e6b fix(util): improve performance of classToInvokable (#10534)
• a26193a chore: enforce stricter linting (#10532)
• 786b19b fix(build): default null for multiple primary keys
• ae7d4b9 feat: expose Sequelize.BaseError
• e03a537 fix(tests): missing clock instance
• d7241f7 fix(tests): path for instance tests
• 69b85c3 refactor: instance tests
• 0c68590 feat(sqlite/query-generator): support restart identity for truncate-table (#10522)
• 3cd3891 refactor(data-types): move to classes (#10495)
• 1b4a7bf fix(association): use minimal select for hasAssociation (#10529)
• 7ccbb1e fix(query-interface): reject with error for describeTable (#10528)
• 454cf48 fix(model): throw for invalid include type (#10527)
• 0b5aa71 fix(types): allow specifying additional options for db.query and add missing retry (#10512)
• 45648dd docs(legacy): fix N:M example (#10509)
• 10c34e3 fix(query): don't prepare options & sql for every retry (#10498)
• e5c0d78 feat: upgrade to tedious@6.0.0 (#10494)
• e0fe772 build: update dependencies

See the full diff

Package name: socket.io

The new version differs by 77 commits.

• db831a3 [chore] Release 2.1.0
• ac945d1 [feat] Add support for dynamic namespaces (#3195)
• ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
• 1f1d64b [fix] Include the protocol in the origins check (#3198)
• f4fc517 [fix] Properly emit 'connect' when using a custom namespace (#3197)
• be61ba0 [docs] Add link to a Dart client implementation (#2940)
• c0c79f0 [feat] Add support for dynamic namespaces (#3187)
• dea5214 [chore] Bump superagent and supertest versions (#3186)
• b1941d5 [chore] Bump engine.io to version 3.2.0
• a23007a [docs] Update license year (#3153)
• f48a06c [feat] Add a 'binary' flag (#3185)
• 0539a2c [test] Update travis configuration
• c06ac07 [docs] Fix typo (#3157)
• 52b0960 [chore] Bump debug to version 3.1.0
• 1c108a3 [chore] Release 2.0.4
• f333479 [test] Use npm scripts instead of gulp (#3078)
• 3f61165 [docs] Fix a grammar mistake in the API docs (#3076)
• e26b71c [docs] Fix typo in API docs (#3066)
• 3386e15 [docs] Actually prevent input from having injected markup in chat example (#2987)
• 3684d59 [docs] Use path.join instead of concatenating paths (#3014)
• dd69abb [fix] Reset rooms object before broadcasting from namespace (#3039)
• 1f0e64a [fix] Do not throw when receiving an unhandled error packet (#3038)
• 9d170a7 [docs] Add io.emit in the cheat sheet (#2992)
• 7199d1b [docs] Fix misnamed 'Object.keys' in API docs (#2979)

See the full diff

Package name: socket.io-client

The new version differs by 44 commits.

• 3eb047f [chore] Release 2.1.0
• afb952d [docs] Add a note about reconnecting after a server-side disconnection
• 74893d5 [feat] Add a 'binary' flag (#1194)
• 9701611 [chore] Bump engine.io-client to version 3.2.0 (#1192)
• 3d8f24e [test] Update travis configuration
• e27f38b [chore] Restore unminified distribution files (#1191)
• bb743c4 [docs] Document connected and disconnected socket properties (#1155)
• f31837f [chore] Bump debug to version 3.1.0
• ebb0596 [chore] Release 2.0.4
• 57cee21 [test] Remove IE6 and IE7 tests (#1164)
• c58ecfc [docs] Add code examples for registered events (#1139)
• e9ebe36 [docs] Add an example with ES6 import in the README (#1138)
• 19f2b19 [chore] Release 2.0.3
• 83fedf5 [docs] Add explicit documentation for websocket transport (#1128)
• c0da119 [docs] Update documentation (#1124)
• c3c0270 [chore] Release 2.0.2
• d864486 [chore] Bump debug to version 2.6.8 (#1123)
• 214a57f [test] Launch browser tests on localhost by default (#1122)
• 8091591 [fix] Do not update the opts.query reference (#1121)
• 4f71bd2 [chore] Release 2.0.1
• d30914d [chore] Release 2.0.0
• 9e7b543 [chore] Bump engine.io to version 3.1.0 (#1109)
• 442587e [chore] Bump dev dependencies (#1108)
• ff4cb3e [feat] Move binary detection to the parser (#1103)

See the full diff

Package name: supertest

The new version differs by 95 commits.

• 199506d Prepare 3.0.0 release. Small readme updates, update dev libs.
• 1d82e5b Allow TestAgent pass a cert and key to request (#373)
• 188f8f2 Update readme (#392)
• bd63752 Use superagent 3 (#400)
• 3c16aa1 Couple small updates to README
• 5930d2c Change package.json to 2.0.1 version and update engines field.
• 4d21f0d Remove node 0.12 from travis testing. A little early for 0.12 EOF but I want the new eslint libs which don't support 0.12.
• 6fcd9b3 Update dev deps. Fix couple lint issues. Add node v6 and remove 0.10 for travis tests.
• 2026549 Prepare for 2.0.1 release.
• e07e981 fix request with content-length > 0 and content-encoding: gzip (#371)
• cf9f991 Update Release History for v2.0.0
• df45dd7 Handle server not-running & superagent system errors (#348)
• 054ad57 Prepare for 2.0.0 release.
• 7ca0574 Upgrade superagent to 2.x (#347)
• 7d35f22 Change 'super-agent' to 'superagent' in Readme. (#343)
• d0c1457 Fix eslint checks .pem (#331)
• 076ce21 Fix typo on line 74 (#330)
• a920af5 MISC Update dev deps, small updates to README.
• 25665c0 Fix readme for .expect(fn), fixes #253 (#262)
• 480b9bb Merge pull request #324 from visionmedia/eslint-refactor
• af3c013 Slight cleanup to esline rules. Remove some overrides, refactor logic in _assertHeader function.
• 1849094 Refactor source code to use eslint with airbnb legacy rules.
• ecced93 Merge pull request #318 from oskarcieslik/patch-1
• a1533e5 Changed example with cookie-parser

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)