[Snyk] Fix for 1 vulnerabilities

[ebarahona]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 137 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: gulp-iconfont

The new version differs by 24 commits.

• d751ba6 10.0.3
• b0e8399 Merge pull request [Snyk] Fix for 2 vulnerabilities #175 from pioug/master
• ed9dae2 Add support for Node.js 11/12
• 47cde1a 10.0.2
• a4a2b5e updated dependencies
• 0819325 10.0.1
• cb86fe2 Use multipipe instead of plexer: no need for explicit error handling, simpler code.
• 974891f 10.0.0
• 4a99226 Updated gulp-svgicons2svgfont and refactored tests as necessary.
• 230b2f9 Updated dependencies and added node 9.10.1 to travis in attempt to trace bugs.
• c26a03d travis: node lts and latest.
• 0295439 9.2.0
• 45c7f12 Merge branch 'feature/make_options_available_for_svg2ttf' of https://github.com/bialikover/gulp-iconfont
• 012bbd9 9.1.0
• 55b7c8a Updated package-lock.json.
• d24b64c Merge pull request [Snyk] Fix for 1 vulnerabilities #159 from selfpoint/master
• 8761113 Integrated proposed changes.
• 9e9601b lazy load gulp-* fonts dependencies when needed
• 580ac6c lazy load gulp-* fonts dependencies when needed
• 159ba51 Merge pull request [Snyk] Fix for 1 vulnerabilities #158 from ohbarye/remove-gulp-util
• d971936 Drop dependency on gulp-util
• e7db288 remove ttf2woff2 support
• 4fe2c02 pass timestamp instead of date
• 86d48c8 move options to the top and pass the entire object to svg2ttf function

See the full diff

Package name: gulp-less

The new version differs by 13 commits.

• 9d9e96f chore: update deps, publish v5
• ea13d8a Merge pull request Slugs not editable Gottwik/Enduro#313 from MisterLuffy/master
• 7ce4b9b feat: support less v4
• 1a9d694 Merge pull request Security Vulnerabilities found using npm audit Gottwik/Enduro#314 from stamminator/master
• b1a3e18 Update .travis.yml
• ecacdf7 Fix links after moving repo
• 403b696 4.0.1
• 0678856 Upgrade less version to 3.7.1
• 6114989 Update README.md (Enduro on Kubernetes: Can't Save Changes to CMS Gottwik/Enduro#292)
• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes Version 10 of node.js has been released Gottwik/Enduro#269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (Can't reopen existing project Gottwik/Enduro#281)

See the full diff

Package name: gulp-sass

The new version differs by 38 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options
• 0b3c7e7 4.0.1
• daca90d Merge pull request #681 from DKvistgaard/master
• 71471c2 Declaring logError as function instead of arrow function.
• 450a7b8 4.0.0
• e9b1fe8 Fix node versions in appveyor.yml
• 44be409 Merge pull request #667 from dlmanning/next
• 7656eff Adopt airbnb eslint preset
• 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
• 9fa817b Bump gulp-sourcemaps@^2.6.4

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 [email protected]
• 94f92de [email protected]
• 7ac621c [email protected]
• 218caca [email protected]
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 [email protected]
• e9e5ee5 @ npmcli/[email protected]
• 991a3bd [email protected]
• f077724 [email protected]
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 [email protected]
• df57f0d @ npmcli/[email protected]
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: rimraf

The new version differs by 62 commits.

• 3b6b098 4.0.0
• e0cffea ci: reduce workload even more
• 0e6646d ci: remove unnecessary lint filter
• 546e017 update action versions
• 6d88a65 tone down benchmark intensity
• 842a8d2 fix benchmark workflow yaml
• 1b91697 chore: add copyright year to license
• 08bbb06 rewrite in TS, export hybrid, update changelog, docs
• 1b3f46e drop support for node versions below 14
• 2e1f003 gh actions workflow for benchmarks
• 52f9370 tests for retry-busy behavior
• 188e3ed don't test on very old node versions
• d1d5495 test for fix-eperm
• e7501cd prettier formatting
• 40f64ec windows: only fall back to move-remove when absolutely necessary
• b6f7819 update tap
• 99496cd test: run posix test on windows, why not?
• 51d43c1 benchmarks
• 6b8aa29 doc: correct os.tmp default
• 4b228c9 do not ever actually try to rmdir /
• 2442655 consolidate all the spellings of 'opt' into one
• d4eec2e add cli script
• 0c82d74 accept strings, arrays of strings, and no other types
• ad4f2db Do not rimraf /, override with preserveRoot:false

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.