[Snyk] Fix for 17 vulnerabilities

[ARAIN-SAAB]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • AhMyth-Server/app/node_modules/semantic-ui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-autoprefixer

The new version differs by 27 commits.

• ede5a11 8.0.0
• a953087 Require Node.js 12 and upgrade dependencies
• 87ff53d Move to GitHub Actions (Won't install on mac os AhMyth/AhMyth-Android-RAT#117)
• c5e7214 7.0.1
• da50fd2 Make Gulp an optional peer dependency
• 40fba84 7.0.0
• ab49120 Require Node.js 8 and Gulp 4
• 83cc576 Enable the repo sponsor button
• adec1a7 6.1.0
• 7b080bf Upgrade dependencies
• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` ([Snyk] Security upgrade findup-sync from 0.4.3 to 4.0.0 #92)
• 7828646 Upgrade to Autoprefixer 8 ([Snyk] Security upgrade globby from 2.1.0 to 3.0.0 #96)
• d008588 4.1.0
• 27816c3 Meta tweaks
• 94f3447 Drop dependency on deprecated gulp-util ([Snyk] Security upgrade ws from 1.0.1 to 8.17.1 #94)
• 60aead3 Test against Node.js v8 ([Snyk] Security upgrade semantic-ui from 2.2.6 to 2.4.1 #90)
• 5188604 4.0.0
• 04814b7 Rewrite tests to use AVA
• 7df69ba ES2015ify, bump postcss, require Node.js 4

See the full diff

Package name: gulp-clean-css

The new version differs by 35 commits.

• e2bf4d2 dep updates, test cleanup
• 48e956f removed deprecated gulp-util ([Snyk] Security upgrade glob from 7.2.3 to 9.0.0 #50)
• 9f5c4ab readme syntax consistency
• 869e147 clean-css => 4.1.9
• e6c44e4 clean-css => 4.1.8
• 2f70027 bump clean-css 4-1-7
• 47425a2 link fix for badge
• a43222d 😎
• 4a4daa1 clean-css bump
• edd64a9 bump to clean-css 4.1.5
• 6db6e08 readme
• c93de53 dm, readme
• bc636fc build, node v8
• 8709c50 slight cleanup
• 414e7cb clean-css => 4.1.4, dep updates
• d6729f2 bump
• f389d8f ensure that URLs of inlined imports are recalculated relative to current file ([Snyk] Security upgrade globby from 2.1.0 to 11.0.0 #44)
• 5dc705c [Snyk] Security upgrade node-notifier from 4.6.1 to 5.0.0 #43 ; dep updated (clean-css 4.1.3)
• eeee392 pass rebase option
• ba2ee13 [Snyk] Security upgrade marked-terminal from 1.7.0 to 3.1.0 #42
• 0efd1c3 bump 3.3.0
• 81d70a7 Merge remote-tracking branch 'origin/master'
• 92ddf63 rebasing, clean-css 4.1.2
• 38b8899 update dep, clean-css 4.1.1

See the full diff

Package name: gulp-concat-css

The new version differs by 3 commits.

• 8d11ad5 3.0.0
• e8f7ad3 Merge pull request [Snyk] Security upgrade globby from 2.1.0 to 11.0.0 #44 from TheDancingCode/pr/remove-gutil
• 2266a2c Drop dependency on deprecated `gulp-util`

See the full diff

Package name: gulp-copy

The new version differs by 16 commits.

• a275373 Release 4.0.0 ([Snyk] Security upgrade gulp-util from 2.2.20 to 3.0.8 #34)
• 78775d7 Upgrade Gulp to v4 ([Snyk] Security upgrade findup-sync from 0.4.3 to 2.0.0 #32)
• 5832377 Chore ci ([Snyk] Fix for 17 vulnerabilities #33)
• 648b99b Update CI ([Snyk] Security upgrade micromatch from 2.3.11 to 3.0.0 #30)
• 9fb9cea Chore eslint ([Snyk] Security upgrade angular from 1.5.8 to 1.6.0 #29)
• 2f349b4 [Chore] update packages ([Snyk] Security upgrade postcss from 5.2.18 to 8.4.31 #28)
• 2f13506 Migrate to CircleCI 2.0 ([Snyk] Security upgrade semantic-ui from 2.2.6 to 2.5.0 #26)
• ab1560c CircleCi 2.0
• 433c976 Bump version
• ffde364 Merge pull request [Snyk] Fix for 1 vulnerabilities #25 from grig0ry/drop-deprecated
• ddd05a4 Replace deprecated dependency gulp-util
• cf6bd7a Merge pull request [Snyk] Security upgrade rtlcss from 2.6.2 to 3.0.0 #23 from OmgImAlexis/master
• ff8ff0c fix syntax highlighting
• d21a458 Release bugfixes version 1.0.1
• 6c6b293 Merge pull request [Snyk] Security upgrade gulp-copy from 1.0.0 to 4.0.0 #22 from klaascuvelier/fixes
• 216f00a Updates

See the full diff

Package name: gulp-flatten

The new version differs by 12 commits.

• 0119b8c new verstion with dropped deprecated deps
• 14b1908 tests now passes on node 9.x.x
• fc2e3f9 Merge pull request [Snyk] Security upgrade gulp-util from 2.2.20 to 3.0.8 #15 from TheDancingCode/issue-14
• bff1212 Drop dependency on deprecated `gulp-util`
• 8a83216 exapmple output fix
• 04c2b46 v0.3.1
• 7fc66c4 refactor: nested functions was defined on each call
• 2229a21 bump v0.3.0
• 48a1557 update deps
• ce64bc0 Merge pull request [Snyk] Security upgrade semver from 5.7.1 to 7.5.2 #11 from fkammer/new-subpath-option
• 0b24d9c Updated Readme
• a5c26a7 Adds option subPath

See the full diff

Package name: gulp-less

The new version differs by 2 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support less@3.0.0 - closes Building Failed AhMyth/AhMyth-Android-RAT#269

See the full diff

Package name: gulp-print

The new version differs by 16 commits.

• d9353ec 3.0.0
• d64cc43 Merge pull request [Snyk] Fix for 1 vulnerabilities #19 from alexgorbatchev/greenkeeper/mocha-5.0.0
• 807f01b Merge branch 'master' into greenkeeper/mocha-5.0.0
• d181d50 Merge pull request [Snyk] Security upgrade semver from 5.7.1 to 7.5.2 #17 from TheDancingCode/pr/remove-gutil
• 7e02c8a chore(package): update mocha to version 5.0.0
• 4c2f3e0 Drop dependency on deprecated `gulp-util`
• f218ad2 Merge pull request [Snyk] Security upgrade meow from 3.7.0 to 10.0.0 #16 from alexgorbatchev/greenkeeper/mocha-4.0.1
• 9fb86af Merge branch 'master' into greenkeeper/mocha-4.0.1
• 06d97dd Updates travis to use node v6 and v8
• 0f78882 Merge pull request [Snyk] Security upgrade gulp-util from 2.2.20 to 3.0.8 #15 from alexgorbatchev/greenkeeper/chai-4.1.2
• fb24f18 Merge pull request [Snyk] Security upgrade node-notifier from 4.6.1 to 7.0.0 #14 from alexgorbatchev/greenkeeper/sinon-4.0.1
• 4869c10 chore(package): update mocha to version 4.0.1
• 48e5be4 chore(package): update sinon to version 4.0.1
• cbf0a9b chore(package): update chai to version 4.1.2
• aa1a949 Merge pull request [Snyk] Security upgrade dateformat from 1.0.12 to 2.0.0 #9 from alexgorbatchev/greenkeeper/update-all
• f317075 chore(package): update dependencies

See the full diff

Package name: gulp-prompt

The new version differs by 56 commits.

• 4ff3e5b Merge pull request [Snyk] Security upgrade glob-stream from 3.1.18 to 8.0.0 #45 from shannonlal/master
• 47279f0 Code clean up
• 154e3f7 Clean up package.json
• cae3b02 Updating Change log
• 1969ebf Small code clean up
• 33d2acb Check in fix for selecting first
• 6d2c26c Merge pull request [Snyk] Security upgrade globby from 2.1.0 to 11.0.0 #44 from shannonlal/v-0-4-Templating
• 4973ad2 Check in latest version into master
• 5d48414 Merge branch 'master' into v-0-4-Templating
• c90dbc1 Check in Changelog and removed gulp dev dependency
• 0f82cbf Updated the documentation
• b9be7ca Put together a sample gulp file
• d109683 Check in latest test case
• 65298de Check in fix for simple test
• 3ed221b Check in simple test case
• 5f5ec66 Check in first test case for this
• fa27144 Adding fix for templateOptions
• 8eca047 Adding lodash templates
• ed2ffe7 Change version
• e9dfdd6 Merge pull request [Snyk] Security upgrade marked-terminal from 1.7.0 to 3.1.0 #42 from Freyskeyd/v-0-3-2-Readme-Update
• dbfd89a Update Readme.nd
• 76f6209 Merge pull request [Snyk] Security upgrade less from 2.7.3 to 3.12.0 #41 from Freyskeyd/v-0-3-1-ChangeLog
• a12c567 Create ChangeLog.md file
• b474b83 Merge pull request [Snyk] Security upgrade liftoff from 2.5.0 to 4.0.0 #40 from shannonlal/v-0-3-2-List-Selection-Size

See the full diff

Package name: gulp-uglify

The new version differs by 9 commits.

• e4f9045 2.0.0
• 566ec6a refactor(tests): write tests with mocha
• 5651111 refactor(tests): replace `cmem` with `testdouble`
• b82387b refactor(tests): compose streams with `mississippi` utilities
• 1232c3c fix(errors): emit errors of type `GulpUglifyError`
• 5632cee fix(minifer): use `gulplog` for the warning
• 8160697 feat(minifier): use UglifyJS 2.7.0's input map support
• 3ec8fc3 chore(package): update uglify-js to version 2.7.0
• a9c55b9 doc(README): spelling mistake in example

See the full diff

Package name: gulp-watch

The new version differs by 7 commits.

• 80cd83e 5.0.1
• 6fe8912 Replace deprecated gulp-util (#303)
• 959128a 5.0.0
• 9208d48 Bump chokidar to ^2.0.0
• 02bd06d Update to newest vinyl for gulp 4 support (Bump path-parse from 1.0.6 to 1.0.7 in /AhMyth-Server AhMyth/AhMyth-Android-RAT#296)
• 4ced696 Add Node.js 9 and increase timeout to 5 secs
• aa8146f Remove unsupported versions of Node.js

See the full diff

Package name: run-sequence

The new version differs by 15 commits.

• 31103da 2.2.1
• 209e46c Drop dependency on deprecated `gulp-util` (Building failed on mac AhMyth/AhMyth-Android-RAT#100)
• 37e17be 2.2.0
• c450122 Changelog, cleanup for orchestration events change
• 2155560 handle orchestration aborted events ([Snyk] Security upgrade gulp-uglify from 1.5.4 to 2.1.0 #97)
• 066b8c6 2.1.0
• dada3f4 Added date to v1 in changelog
• f2b1635 Added options, code cleanup
• 578d017 Added a changelog, Closes [Snyk] Fix for 2 vulnerabilities #82
• 9fd7783 2.0.0
• d80ddf5 Specify chalk version ([Snyk] Security upgrade micromatch from 2.3.11 to 4.0.6 #89)
• 59515cf Fixed typo
• 7e263af Ignore yarn lock when publishing
• b83cc34 Adding Yarn lockfile
• ee04d48 Added modern node versions to travis ci ([Snyk] Security upgrade lodash from 1.0.2 to 4.17.17 #73)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn