[Snyk] Fix for 8 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (PDF generation: Setting TOC title readthedocs/readthedocs.org#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (readthedocs+recommonmark still does not get code highlighting readthedocs/readthedocs.org#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Improve the documentation about domain and translation readthedocs/readthedocs.org#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Spam on readthedocs.org readthedocs/readthedocs.org#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Refactor oauth utils and managers readthedocs/readthedocs.org#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (Handle logged out users on build detail page readthedocs/readthedocs.org#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Replace vendored theme with commonjs import and bower sources readthedocs/readthedocs.org#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Build failing with "text file busy" readthedocs/readthedocs.org#1609)

See the full diff

Package name: gulp-eslint

The new version differs by 19 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (missing variable in project/tasks readthedocs/readthedocs.org#224)
• a58a58d 4.0.2
• 0880d1a update plugin-error and mocha
• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (Improve version comparison readthedocs/readthedocs.org#213)
• 35eae57 update devDependencies (github service hook not working? readthedocs/readthedocs.org#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (opencomparison.rtfd.org returns a 403 readthedocs/readthedocs.org#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (Bump djangorestframework from 3.12.2 to 3.15.2 in /requirements #194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README

See the full diff

Package name: gulp-less

The new version differs by 11 commits.

• 9d9e96f chore: update deps, publish v5
• ea13d8a Merge pull request docs stuck readthedocs/readthedocs.org#313 from MisterLuffy/master
• 7ce4b9b feat: support less v4
• 1a9d694 Merge pull request Doc deletion request readthedocs/readthedocs.org#314 from stamminator/master
• b1a3e18 Update .travis.yml
• ecacdf7 Fix links after moving repo
• 403b696 4.0.1
• 0678856 Upgrade less version to 3.7.1
• 6114989 Update README.md (How to delete account on readthedocs.org? readthedocs/readthedocs.org#292)
• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes search in projects is not filtered by project, although result page claims so. readthedocs/readthedocs.org#269

See the full diff

Package name: gulp-watch

The new version differs by 5 commits.

• 959128a 5.0.0
• 9208d48 Bump chokidar to ^2.0.0
• 02bd06d Update to newest vinyl for gulp 4 support (pdf builds failing readthedocs/readthedocs.org#296)
• 4ced696 Add Node.js 9 and increase timeout to 5 secs
• aa8146f Remove unsupported versions of Node.js

See the full diff

Package name: less

The new version differs by 127 commits.

• b873737 Merge pull request Add an advertising screen readthedocs/readthedocs.org#3177 from Kartoffelsalat/master
• bd2a93f chore(package): update request to 2.83.0
• 3699921 Merge pull request Wiping has no effect readthedocs/readthedocs.org#3170 from thorn0/patch-1
• 6985541 Having `inline` and `less` imports of the same name lead to a race condition
• 2f1386f Merge pull request Different Online/offline PDF readthedocs/readthedocs.org#3168 from matthew-dean/master
• 4272871 Fixes Doc build killed during pip installation of large (~190 MB) dependency readthedocs/readthedocs.org#3116 - lessc not loading plugins in 3.0
• ba5ad9c Point badges at master branch
• 4962988 Update CHANGELOG.md
• 12fe0c6 Update README.md
• 45d06b9 Merge pull request Fix a minor HTML issue - ul can't be a child of ul readthedocs/readthedocs.org#3163 from matthew-dean/master
• 9590b7b Add dist files
• 0b6536b Merge branch '3.x'
• a48c24c calc() fix - fixes MkDocs builds: RTD theme styles are broken readthedocs/readthedocs.org#974 (partially Cannot import with self-signed certificate readthedocs/readthedocs.org#1880)
• 367b46a Merge pull request Custom robots.txt support? readthedocs/readthedocs.org#3161 from matthew-dean/3.x
• 4508495 Remove legacy upgrade
• 2a4a63a Update CHANGELOG.md with 3.x list
• bb6da28 Update README.md
• f80a021 Merge pull request Build passed but no documentation or downloads readthedocs/readthedocs.org#3159 from matthew-dean/3.x
• 8b4524f Bump to 3.0.0-RC.1
• d30e3a6 Merge pull request conda version used at RTD contains bug -- newer version available readthedocs/readthedocs.org#3150 from anthony-redFox/3.x
• 0b7c81c Removed install npm 2 version for appveyor. It was hotfix for old node version.
• 5d230dd Drop node 0.10 and 0.12 and added node 9 matrix testing
• 385da8f Update stale.yml
• d384779 Create stale.yml

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.