[Snyk-dev] Fix for 3 vulnerabilities

[michael-go]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 89 commits.

• 3a7e71d v5.0.15
• 841fda0 use latest minimatch
• 4ba54a8 Skip some tests on Windows, make others pass
• 3936e1e Build: Add build for node v4
• c47d451 v5.0.14
• 821fac8 Handle ENOTSUP for sync glob as well as async
• 9625618 Test for when readdir raises ENOTSUP
• 0a2b519 Generate fixtures more effectively, with -O instead of eval
• f96190b Use js for benchmark cleanup
• 957fd93 Fix some 'use strict' errors
• bf3381e Treat ENOTSUP like ENOTDIR in readdir
• 507733d v5.0.13
• f5878af Do not emit 'match' events for ignored items
• 9439afd v5.0.12
• 6071f3a Revert "Use graceful-fs if available"
• 38ff16c v5.0.11
• f09292b Use graceful-fs if available
• 4f39b60 Remove duplicate option description
• e3cdccc v5.0.10
• 480da05 ignore .nyc_output, upgrade tap, use coverage, rm fixtures
• 155124b add more sync cb thrower tests
• f7302ca Test base-matching
• 7530e88 v5.0.9
• b185987 reduce cases where tests need to be regenerated

See the full diff

Package name: js-yaml

The new version differs by 25 commits.

• 2321c0b 3.2.7 released
• 6de643d Browser files rebuild
• eaa5f30 Deps update, closes Make internal dependency policy less strict and point to a phantomjs … dalekjs/dalek#167
• 9a7ae34 3.2.6 released
• fc35388 Browser files rebuild
• f0d7ea9 Merge pull request Unable to stop test suite dalekjs/dalek#163 from Hypercubed/patch-1
• a937a35 Update utils.js
• c6a2320 Rename codepoint -> c
• 2539825 Rename encodeUTF16Char -> charFromCodepoint
• 14e3b76 Fix encoding of UTF-16 surrogate pairs
• 8a73181 3.2.5 released
• a898401 Browser files rebuild
• d36d316 Improve benchmark/add-by-tag.sh script
• c2de702 Fixed bug: Tag on an empty node didn't resolve in some cases.
• 04ff648 Correct test description for issue dalek callback or custom functions dalekjs/dalek#154
• f1a248d Fix indent checking within skipSeparationSpace function
• 52aa9cc Fix resolving of all built-in types on empty nodes
• 478e66b Add benchmark/implementations to .jshintignore
• bf82559 Add benchmark/add-by-tag.sh script for quick downloading of old releases
• d7b136c Ignore benchmark/implementations/* expect `current`
• a88d676 Clean up benchmark/implementations
• 19bac78 3.2.4 released
• a682a86 Update HISTORY.md
• 25f5c87 Merge pull request resize doesnt work properly dalekjs/dalek#155 from paolochiodi/master

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection