[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 55 commits.

• a838948 1.1.2
• ff2c3ea Merge pull request #104 from popey456963/patch-1
• 426fc48 7,700 Dependent Modules
• 9001b39 Updates maintainer email.
• 308f6b6 minor tweaks
• 18c64ad cleanup #92
• 05f87e2 Close #92 PR: Closing before and reopening the style after a line break.
• 139f8b6 add Code of Conduct
• 51b8f32 6700 dependents! 🔥
• 8417f17 Close #95 PR: tweak defining proto.
• a301cbf Merge pull request #97 from stevemao/missing-tests
• 8ec46cf Merge pull request #96 from stevemao/bump-deps
• 337f9c7 add missing tests
• 5679ec0 bump deps
• b8e7da6 Merge pull request #93 from venning/master
• 7c40059 Use HTTPS for shields.io unicorn badge; raises mixed-content warning on npmjs.com
• c2ef5b8 Merge pull request #91 from vdemedes/remove-extra-deps
• 04cae22 remove has-ansi and strip-ansi dependencies
• 83615f2 clarify docs about using console.log
• ed6e7d5 Close #86 PR: Add ES2015 template literal example. Fixes #77
• 8d59997 readme tweaks
• 262274a add `slice-ansi` to related section in readme
• 60b0a74 Merge pull request #85 from jorrit/patch-1
• 641ae57 New URL for cmder

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-filenames

The new version differs by 19 commits.

• a47115f Bump version to 4.0.1 to match latest npm version published.
• 1fb5bce Actually commit version mismatch.
• cf0d30b Fix version mismatch.
• 2303b5b Update dependencies.
• 5620c3e Bump v. to 3.8.5 to match gulp
• 17a70ff Update package.json.
• 3b2bc10 Put stream test back after inadvertendly removing it.
• 487b9b6 Updated documentation to include .forget()
• 90438b6 Add btest script to build main.js for debugging.
• 2dd4be6 Bump major version 3.0.0
• 4af877f Merge pull request [Snyk] Security upgrade browser-sync from 2.7.13 to 2.25.0 #8 from bmacnaughton/master
• 6424c9b Set require spacing back to original
• 7539071 Add stream support.
• d2ba2db Merge pull request [Snyk] Fix for 12 vulnerabilities #7 from bmacnaughton/master
• 81e7c9f Fix bug where files were duplicated after passing through filenames.
• 81d1772 Bump version to 2.1.0
• eb99664 Updated coffeescript version
• fa45e77 Merge pull request [Snyk] Upgrade gulp-inject from 1.3.1 to 5.0.5 #6 from bmacnaughton/what-bugs
• 1a989aa Correct documentation for get "what" option to "base" (was "path").

See the full diff

Package name: gulp-ng-annotate

The new version differs by 5 commits.

• 785b073 1.1.0
• 66996d8 Merge pull request [Snyk] Fix for 36 vulnerabilities #31 from josephpage/patch-1
• d98743e update gulp-util to 3.x.x
• 5f4fd70 travis: new targets, container-based build
• 935a1b6 Fix license SPDX id

See the full diff

Package name: wiredep

The new version differs by 32 commits.

• e44d2c9 3.0.1
• 505fbcd update safe main deps
• eab46b8 3.0.0
• 0f5e9b4 Merge pull request #223 from danielsiwiec/master
• c84c057 Fix a problem with CLI -b argument misbehaving
• 5339a49 Merge pull request #206 from ahmednuaman/patch-1
• 1dde839 updated readme to make it clearer than an override can be an array
• de70dc7 create empty dir
• 4192963 3.0.0-beta
• 6fb88e0 continue processing if main file not found - thanks @ george-aprozeanu
• 02b7410 remove eliteDependencies & magic path detection behavior
• 571d469 Merge pull request #147 from surgeforward/default-html-type
• 52bfcab Merge pull request #174 from tubia/patch-1
• 4091161 Update readme.md
• 958bccd Merge pull request #188 from rogerbraun/patch-1
• 3d69ea1 Make it explicit what wiredep does.
• 5240d50 Merge pull request #186 from pgilad/patch-1
• b3ac023 update license attribute
• a1a63ad Update Bower Overrides explanation
• db78c86 Dealing with Bower package shortcomings
• 5792887 Restore permissions.
• 4d8a6a3 Merge branch 'master' into default-html-type
• 48fb10d Undo tests.
• f3dacdc Fix borked test.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[pull-request-quantifier-deprecated]

This PR has 10 quantified lines of changes. In general, a change size of upto 200 lines is ideal for the best PR experience!

---

Quantification details

Label      : Extra Small
Size       : +5 -5
Percentile : 4%

Total files changed: 1

Change summary by file extension:
.json : +5 -5

Change counts above are quantified counts, based on the PullRequestQuantifier customizations.

Why proper sizing of changes matters

Optimal pull request sizes drive a better predictable PR flow as they strike a
balance between between PR complexity and PR review overhead. PRs within the
optimal size (typical small, or medium sized PRs) mean:

• Fast and predictable releases to production:
  • Optimal size changes are more likely to be reviewed faster with fewer
    iterations.
  • Similarity in low PR complexity drives similar review times.
• Review quality is likely higher as complexity is lower:
  • Bugs are more likely to be detected.
  • Code inconsistencies are more likely to be detetcted.
• Knowledge sharing is improved within the participants:
  • Small portions can be assimilated better.
• Better engineering practices are exercised:
  • Solving big problems by dividing them in well contained, smaller problems.
  • Exercising separation of concerns within the code changes.

What can I do to optimize my changes

• Use the PullRequestQuantifier to quantify your PR accurately
  • Create a context profile for your repo using the context generator
  • Exclude files that are not necessary to be reviewed or do not increase the review complexity. Example: Autogenerated code, docs, project IDE setting files, binaries, etc. Check out the Excluded section from your prquantifier.yaml context profile.
  • Understand your typical change complexity, drive towards the desired complexity by adjusting the label mapping in your prquantifier.yaml context profile.
  • Only use the labels that matter to you, see context specification to customize your prquantifier.yaml context profile.
• Change your engineering behaviors
  • For PRs that fall outside of the desired spectrum, review the details and check if:
    • Your PR could be split in smaller, self-contained PRs instead
    • Your PR only solves one particular issue. (For example, don't refactor and code new features in the same PR).

How to interpret the change counts in git diff output

• One line was added: +1 -0
• One line was deleted: +0 -1
• One line was modified: +1 -1 (git diff doesn't know about modified, it will
  interpret that line like one addition plus one deletion)
• Change percentiles: Change characteristics (addition, deletion, modification)
  of this PR in relation to all other PRs within the repository.

---

Was this comment helpful? 👍  :ok_hand:  :thumbsdown: (Email)
Customize PullRequestQuantifier for this repository.