[Snyk] Fix for 20 vulnerabilities

[enterstudio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babelify

The new version differs by 6 commits.

• b06b778 8.0.0
• ea73917 Remove path-is-absolute devDep
• 02f97ec drop node 0.10/0.12, add peerDep on babel-core instead of dep, drop object-assign, add package-lock
• 6d45fa8 Explicitly test Node 4, 5 and 6 in travis
• 9944a55 Explain the double negatives a bit better (Rewrite Paper Wallet (to not use jquery & use angular) MyEtherWallet/etherwallet#197)
• d9e3029 babelify in quotes in example (Update global ETH / ETC / Token balances MyEtherWallet/etherwallet#198)

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (Manual gas limits for upcoming _ token MyEtherWallet/etherwallet#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md ([Network] Add Musicoin support MyEtherWallet/etherwallet#1859)
• 723cbc4 Docs: Fix syntax in recipe example (merge previous work MyEtherWallet/etherwallet#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (I withdrew my POA from Binance on to myetherwallet because I thought it was a ERC20 Tooken MyEtherWallet/etherwallet#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (add LND token MyEtherWallet/etherwallet#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (problem claiming Callisto MyEtherWallet/etherwallet#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Updated Skraps contract ABI MyEtherWallet/etherwallet#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (ajaxReq is empty function MyEtherWallet/etherwallet#1609)

See the full diff

Package name: gulp-autoprefixer

The new version differs by 21 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (updated input width and removed watch-var from icon MyEtherWallet/etherwallet#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` (Rewriting the polish translation MyEtherWallet/etherwallet#92)
• 7828646 Upgrade to Autoprefixer 8 (When decrypting new JSON/Keystore file, the page doesn't update with new wallet's info or update existing wallet's info. MyEtherWallet/etherwallet#96)
• d008588 4.1.0
• 27816c3 Meta tweaks
• 94f3447 Drop dependency on deprecated gulp-util (Fix broken translate attributes MyEtherWallet/etherwallet#94)
• 60aead3 Test against Node.js v8 (Update de.js MyEtherWallet/etherwallet#90)

See the full diff

Package name: gulp-clean

The new version differs by 2 commits.

• 1b2503e Merge pull request [Snyk] Security upgrade gulp-autoprefixer from 4.0.0 to 6.0.0 #30 from kuangyeheng/pl
• d83c56a remove gulp-util

See the full diff

Package name: gulp-file-include

The new version differs by 12 commits.

• 5897e85 v2.0.1
• 07cc720 Replace hardcoded newline character in test
• c4b0bbf Drop dependency on deprecated `gulp-util`
• 9c84c87 v2.0.0
• 88853d1 lint
• 7f771cb lint
• a52b855 chore - use eslint, remove jscs
• 1510106 chore - update travis, add npmrc
• 5a5f9ca Update applyFilters method to look for filter handler options (Initial update ja.js MyEtherWallet/etherwallet#146)
• 6251797 v1.2.0
• 699a95e chore: add gitignore, bump deps, travis++
• 79b56f5 improved error messages for "for" and "if" statements (Missing translation summary MyEtherWallet/etherwallet#143)

See the full diff

Package name: gulp-less

The new version differs by 6 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes Update params in keystore files to be more consistent with geth and parity and/or change to use pbkdf2 MyEtherWallet/etherwallet#269
• 453625a 3.5.0
• d706f87 fix(deps): update accord to version 0.28 (Create Embedded Send Page MyEtherWallet/etherwallet#281)
• 9f9e643 3.4.0
• f58e0f7 Remove gulp-util

See the full diff

Package name: gulp-notify

The new version differs by 7 commits.

• 398d0a4 v3.1.0
• fc51ff2 Merge pull request update consistancy MyEtherWallet/etherwallet#124 from ohbarye/replace-gulp-util
• 46efdc6 Move vinyl to devDependencies
• 173fcb0 Use ansi-colors instead of chalk due to node version compatibility
• 1e8c372 Remove unused through import
• 3284a51 Drop dependency on deprecated gulp-util
• 455250c npm install chalk fancy-log plugin-error lodash.template vinyl

See the full diff

Package name: gulp-plumber

The new version differs by 4 commits.

• b91f934 1.2.0
• c80d68e Merge pull request unable to see/shift ETH, DAO on MyEtherWallet MyEtherWallet/etherwallet#54 from demurgos/issue-53
• 310cd31 Drop dependency on deprecated gulp-util
• ba3d6e4 improve errorHandler docs

See the full diff

Package name: gulp-template

The new version differs by 3 commits.

• 55805ee 5.0.0
• 229b21c Require Node.js 4
• 4939d79 Drop dependency on deprecated `gulp-util` ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #42)

See the full diff

Package name: gulp-zip

The new version differs by 4 commits.

• d4d4931 4.1.0
• cef68d8 Meta tweaks
• 3cb988d Remove gulp-utils module dependency (Update tr.js MyEtherWallet/etherwallet#100)
• ba39ef6 Remove moot eslint-disable comment

See the full diff

Package name: npm

The new version differs by 250 commits.

• 3b4ba65 7.0.0
• bbfc75d chore: fix weird .gitignore thing that happened somehow
• 8a2d375 docs: changelog for v7.0.0
• 365f2e7 [email protected]
• fafb348 [email protected]
• 9306c68 [email protected]
• 569cd64 [email protected]
• ac9fde7 Integration code for @ npmcli/[email protected]
• 704b9cd @ npmcli/[email protected]
• 3955bb9 [email protected]
• da240ef fix: patch config.js to remove duplicate values
• 9ae45a8 [email protected]
• 41ab36d [email protected]
• c474a15 [email protected]
• efc6786 fix: make sure publishConfig is passed through
• 1e4e6e9 docs: v7 using npm config refresh
• 5c1c2da fix: init config aliases
• 5bc7eb2 docs: v7 npm-install refresh
• 1a35d87 7.0.0-rc.4
• 7a5a557 docs: changelog for v7.0.0-rc.4
• f0cf859 chore: dedupe deps
• 0273745 [email protected]
• 7bd47ca @ npmcli/[email protected]
• 9320b8e only escape arguments, not the command name

See the full diff

Package name: run-sequence

The new version differs by 15 commits.

• 31103da 2.2.1
• 209e46c Drop dependency on deprecated `gulp-util` (Update tr.js MyEtherWallet/etherwallet#100)
• 37e17be 2.2.0
• c450122 Changelog, cleanup for orchestration events change
• 2155560 handle orchestration aborted events (Update no.js MyEtherWallet/etherwallet#97)
• 066b8c6 2.1.0
• dada3f4 Added date to v1 in changelog
• f2b1635 Added options, code cleanup
• 578d017 Added a changelog, Closes Update 1 - Navigation & General MyEtherWallet/etherwallet#82
• 9fd7783 2.0.0
• d80ddf5 Specify chalk version (Polish Patch  MyEtherWallet/etherwallet#89)
• 59515cf Fixed typo
• 7e263af Ignore yarn lock when publishing
• b83cc34 Adding Yarn lockfile
• ee04d48 Added modern node versions to travis ci (Translated some lines into German MyEtherWallet/etherwallet#73)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn