[Snyk] Fix for 3 vulnerabilities

[nfinlayson]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: semantic-release

The new version differs by 194 commits.

• 52238cb fix(deps): Require find-versions ^4.0.0 (#1722)
• af596a9 docs: semantic-release SVG logo (#1715) thanks @ bromso
• 6c7e4be docs: add semantic-release-helm plugin (#1713)
• c177d4b docs: add semantic-release-pypi plugin (#1707)
• eb70823 docs: add semantic-release-license-plugin (#1701)
• 885d87a feat(docs): note that publish token is required (#1700)
• f8f8fbc fix: escape uri encoded symbols (#1697)
• c8d38b6 style: removed line breaks to align with xo rule (#1689)
• ca90b34 fix: mask secrets when characters get uri encoded
• 63fa143 docs(plugins): add listing for new plugin (#1686)
• 2bf3771 fix: use valid git credentials when multiple are provided (#1669)
• 77a75f0 fix: don't parse port as part of the path in repository URLs (#1671)
• d74ffef docs: add npm-deprecate-old-versions in plugins list (#1667)
• 3abcbaf Revert "feat: throw an Error if package.json has duplicate "repository" key (#1656)"
• b8fb35c feat: throw an Error if package.json has duplicate "repository" key (#1656)
• 18e35b2 docs: reorder default plugins list (#1650)
• e35e5bb docs(contributing): fix commit message examples (#1648)
• 311c465 docs(README): welcome @ travi, add alumni section
• b4c5d0a fix: add logging for when ssh falls back to http (#1639)
• c982249 docs(contributing): typo fix (#1638)
• 9635f50 docs: improve github actions recipe on git plugin (#1626)
• d036a89 ci(docs): use actions/checkout@v2 (#1620)
• 9303d1d docs(resources.md): added more sematnic release article (#1610)
• b72cdb3 docs(configuration.md): Updated documentation for dry-run feature of semantic Release (#1607)

See the full diff

Package name: ts-jest

The new version differs by 250 commits.

• 6916e7b Merge pull request #650 from kulshekhar/kulshekhar-patch-1
• 54a30eb Bump the version (minor)
• 9e61969 Merge pull request #626 from huafu/feature/upgrade-babel-and-fix-tsconfig
• ef21f50 Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
• c67ba4d Merge pull request #649 from kulshekhar/greenkeeper/monorepo.react-16.4.2
• 9a6904f Merge branch 'master' of https://github.com/kulshekhar/ts-jest into feature/upgrade-babel-and-fix-tsconfig
• 8a94008 chore(package): update react-test-renderer to version 16.4.2
• 6e73fb9 chore(package): update react to version 16.4.2
• c947791 chore(package): update @ types/node to version 10.5.5 (#646)
• fd24ae6 Merge pull request #640 from jmheik/to-dev-deps
• e2028da Merge branch 'master' into to-dev-deps
• 4396dde Merge pull request #641 from jeznag/patch-1
• 7d78123 Merge branch 'master' into patch-1
• b38e4ca Add TypeScript ^3.0.0 as supported peer dependencies (#644)
• 1e287f3 Add more details on using module name mapper
• df71945 doc: adds troubleshooting wiki page links
• 0b2e406 Move dev only deps to devDependencies.
• fb5cd12 chore: simplify jest config test helper + moves test utils
• ddc8c32 chore: moves test-utils.ts in __helpers__ dir
• a5370cf Merge branch 'master' into feature/upgrade-babel-and-fix-tsconfig
• db590d2 Update @ types/react to the latest version 🚀 (#631)
• 4fc3933 chore: changes after GeeWee review
• fbe4f1f perf: do not hash cache key, jest does it underneath
• 5ab100c fix: resolves correctly config file path (fix #636)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request #6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request #6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request #6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request #6452 from webpack/update_acorn
• 9179980 Merge pull request #6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request #6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request #6561 from joshunger/patch-1
• 6e175bc Merge pull request #6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request #6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request #6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.