[Snyk] Fix for 1 vulnerabilities

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-eslint

The new version differs by 52 commits.

• 639e388 2.0.0
• 55f0c29 Update ESLint dependency;
• c11bba6 Remove rules that have been removed in ESLint@2.0.0-rc.0;
• 7f01da7 2.0.0-rc-3
• 5851668 Rename .eslintrc to .eslintrc.yml;
• e7ba0f2 2.0.0-rc-2
• 90841cb Tighten various test case configs;
• 3536eeb Update changeling;
• cbe6731 2.0.0-rc-1
• dcdfff7 Update to ESLint next/2.0.0-rc-* dependency;
• 7f190a6 Fix listing error;
• adf2180 Fix path in comment
• 9378eef Simplify the cached-lint watch.js example;
• 6def722 Merge pull request #121 from 5im0n/update-readme
• 67fcd75 Update eslint.results in README.md
• 328cba9 1.1.1
• ce6125b Migrate baseConfig options before others options;
• e3b7d1e Merge pull request #119 from ReadmeCritic/master
• 7146108 Missing anchor
• 3894f01 Update README URLs based on HTTP redirects
• b00c579 1.1.0
• 005862d 1.0.0
• 4cb6145 Update tests to avoid a regression in ESLint's source-fixer;
• 7e8c826 Update README to include API updates;

See the full diff

Package name: gulp-istanbul

The new version differs by 40 commits.

• 502855e 1.1.2
• ac8f966 Add documentation for reportOpts and watermarks (#121)
• be326d1 Update README.md to warn about gulp-mocha (#120)
• b0149ac fix(package): update istanbul-threshold-checker to version 0.2.1 (#112)
• 7ec737a chore(package): update dependencies (#110)
• b047c82 Update .travis.yml
• a8dd45e 1.1.1
• 18ed282 Fix override default reporters (#101)
• 5aefe19 1.1.0
• 081c841 Bump dependencies
• eef2bb3 Update travis covered versions
• e94f537 Allow passing deep options to the instrumenter. Fix Home page login appearing bug fixed. Wrap images with a responsive an… ivanyyuk/web-refinery#79
• d93e057 → Fix common cross-platform issue with file path normalization. (something ivanyyuk/web-refinery#86)
• d34854f Commented "supports es6" on isparta instrumenter (Updating readme and order of items. ivanyyuk/web-refinery#97)
• 200153d 1.0.0
• 8a07dbe gulp-sourcemap support (Updating url to display gif files part three. ivanyyuk/web-refinery#94)
• 99432aa Merge pull request Updating readme with url and gif files. ivanyyuk/web-refinery#91 from nimrod-becker/master
• 5e79eb4 Remove opts.resolveAbsolutePaths option, simply don't path.resolve
• 27be6aa Provide an option to skip path resolution
• 293cf78 Update documentation Fix Bug fix thurs ivanyyuk/web-refinery#89
• 5e01abf 0.10.4
• e9a92b9 Merge pull request something ivanyyuk/web-refinery#84 from pine613/feature/lodash_v4
• e012202 Upgrade lodash from v3.x to v4.x
• 3177d2d 0.10.3

See the full diff

Package name: karma

The new version differs by 250 commits.

• db41e8e chore: release v2.0.0
• 0a1a8ef chore: update contributors
• 1afcb09 chore: add yarn.lock
• f64e1e0 Merge pull request #2899 from outsideris/fix-bad-url-in-stacktrace
• 78ad12f refactor(server): move compile step to first run
• 34dc7d3 fix(reporter): show file path correctly when urlRoot specified
• b53929a Merge pull request #2712 from macjohnny/patch-1
• c9e1ca9 feat: better string representation of errors
• 10fac07 Merge pull request #2885 from karma-runner/prep-2
• 00e3f88 chore: remove yarn.lock for now
• 60dfc5c feat: drop core-js and babel where possible
• 0e1907d test: improve linting and fix test on node 4
• af0efda test(e2e): update cucumber step definitions
• c3ccc5d chore(ci): focus on even node versions
• bf25094 chore(deps): update to latest
• d93cc5f docs(config): Document port collision scenario.
• 871d46f feat(launcher): trim whitespace in browser name
• 99fd3f0 fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 7bd54ed Merge pull request #2890 from reda-alaoui/patch-1
• 91e916a docs(config): Document port collision scenario.
• 334f9fb feat(launcher): trim whitespace in browser name
• e23c0d4 Merge pull request #2837 from JakeChampion/logs
• a340dae fix(config): Call debug log methods after setting the loglevel based upon config/cli-options.
• 6d353dc docs: improve comments in config.tpl.*

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution