[Snyk] Fix for 1 vulnerabilities

[Fisch80]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: broccoli-funnel

The new version differs by 37 commits.

• 05eaaf7 release v3.0.0 🎉
• f1cc4cf bump changelog for 3.x
• ac14282 Merge pull request Add explanation on --platform command adopted-ember-addons/ember-electron#116 from SparshithNR/revamp-test
• ed1aa5d Revamp test with broccoli-test-helper
• 2c91f2f Merge pull request 🐛 Use win32metadata in blueprint instead of version-string adopted-ember-addons/ember-electron#117 from SparshithNR/to-class
• 05a7e13 Rebase with master
• 1a8799c Update README.md
• 2fc79fc Changing to class
• f46e353 Merge pull request Platform flag has no description of what it does adopted-ember-addons/ember-electron#115 from SparshithNR/node-update
• b3176b2 async await in tests
• 3f3fe58 cleanup & use modern features & update deps
• 754f73b Drop node 8
• 96cdac6 Check if path exist using access & stat functions
• e2b3266 Drop node 4, 6, 7 support. Add 10, 12
• 50ea34e Merge pull request Trying to install in new Ember project adopted-ember-addons/ember-electron#108 from jrowlingson/feature/update-readme
• 018a982 Update readme examples
• fc12aaf Remove broken auto-publishing via preversion/postversion scripts
• 87c784d v2.0.2
• 48960a4 Add v2.0.2 to CHANGELOG.md.
• 00de4f4 Merge pull request Unknown blueprint: ember-electron adopted-ember-addons/ember-electron#106 from chriskrycho/input-node-105
• a793c0b Fix indentation in latest-added test.
• 6f031e3 Add test for creating nested output when missing input node.
• 67b2e2c Make an empty dir if missing but `allowEmpty`.
• 74f3454 Add test for available input node at missing source.

See the full diff

Package name: electron-forge

The new version differs by 173 commits.

• f226c68 4.1.6
• bd3e9ee updated CHANGELOG.md
• 24267fe fix(importer): Fix typo in dependency check
• a3ffe36 Add test for the bug
• 468fc7d Fix test description to be more specific
• df3d441 More import test assertions
• 9a73e83 Rename constant for better code clarity
• 9e3c1b0 Make productName fall back on name
• 23f191a fix(importer): handle the case where productName doesn't exist
• a39011b refactor(maker): DRY up linux config transformations
• 076c78e fix(generic): assume invalid semver package manager versions are incompatible
• e118c05 Upgrade dependencies
• 1b69e1b 4.1.5
• 38a32ba updated CHANGELOG.md
• c9e23e3 fix(packager): fix custom afterCopy, afterPrune not being included
• 7d22d16 4.1.4
• bbe41d7 updated CHANGELOG.md
• a2c33eb fix(publisher): fix publishing a saved dry run on a different device from the initial dry run
• 1920b5f Rebuild modules regardless of whether prune is enabled
• cce9db4 fix(packager): move the rebuild hook to after pruning finishes
• e847a78 feat(packager): add support for hook files for electronPackagerConfig.afterPrune
• 08d5577 refactor(packager): resolve hook files in a common function
• 38f9a3d fix(importer): adjust Forge config defaults just like in init
• dbc2a4b 4.1.3

See the full diff

Package name: socket.io

The new version differs by 77 commits.

• db831a3 [chore] Release 2.1.0
• ac945d1 [feat] Add support for dynamic namespaces (#3195)
• ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
• 1f1d64b [fix] Include the protocol in the origins check (#3198)
• f4fc517 [fix] Properly emit 'connect' when using a custom namespace (#3197)
• be61ba0 [docs] Add link to a Dart client implementation (#2940)
• c0c79f0 [feat] Add support for dynamic namespaces (#3187)
• dea5214 [chore] Bump superagent and supertest versions (#3186)
• b1941d5 [chore] Bump engine.io to version 3.2.0
• a23007a [docs] Update license year (#3153)
• f48a06c [feat] Add a 'binary' flag (#3185)
• 0539a2c [test] Update travis configuration
• c06ac07 [docs] Fix typo (#3157)
• 52b0960 [chore] Bump debug to version 3.1.0
• 1c108a3 [chore] Release 2.0.4
• f333479 [test] Use npm scripts instead of gulp (#3078)
• 3f61165 [docs] Fix a grammar mistake in the API docs (#3076)
• e26b71c [docs] Fix typo in API docs (#3066)
• 3386e15 [docs] Actually prevent input from having injected markup in chat example (#2987)
• 3684d59 [docs] Use path.join instead of concatenating paths (#3014)
• dd69abb [fix] Reset rooms object before broadcasting from namespace (#3039)
• 1f0e64a [fix] Do not throw when receiving an unhandled error packet (#3038)
• 9d170a7 [docs] Add io.emit in the cheat sheet (#2992)
• 7199d1b [docs] Fix misnamed 'Object.keys' in API docs (#2979)

See the full diff

Package name: testem

The new version differs by 38 commits.

• bf29853 2.2.0
• 55d0df5 Use npm lockfile
• 9429129 Merge pull request Bump eslint-plugin-ember from 11.0.5 to 11.0.6 adopted-ember-addons/ember-electron#1223 from testem/greenkeeper/socket.io-2.1.0
• ed48bb8 fix(package): update socket.io to version 2.1.0
• 1699c79 release v2.1.0 🎉
• 14d9b6f Merge pull request Bump ember-data from 4.6.0 to 4.6.1 adopted-ember-addons/ember-electron#1209 from LoicEvenium/upgrade-socketio
• fd4ce61 Merge pull request Bump portfinder from 1.0.28 to 1.0.29 adopted-ember-addons/ember-electron#1219 from arthirm/master
• 750aad2 Adding api for setting defaultOptions in testem
• 686ab88 Merge pull request Bump eslint-plugin-ember from 11.0.4 to 11.0.5 adopted-ember-addons/ember-electron#1214 from testem/greenkeeper/sinon-chai-3.0.0
• 6e84fab Merge pull request Bump sass from 1.54.1 to 1.54.2 adopted-ember-addons/ember-electron#1216 from testem/greenkeeper/execa-0.10.0
• 6d690c9 fix(package): update execa to version 0.10.0
• 735f8c9 chore(package): update sinon-chai to version 3.0.0
• fb51a34 add lock file
• 58cbaa4 update socket-io to fix "Validation TypeError" https://github.com/Node.js and Socket.io UTF8 Validation TypeError coming from ws websockets/ws#1021
• 4f60ed0 2.0.0
• af8620d Merge pull request Bump ember-source from 4.5.0 to 4.6.0 adopted-ember-addons/ember-electron#1205 from testem/fix-leaky-runners
• 6f6c7be Merge pull request Bump sass from 1.52.1 to 1.52.2 adopted-ember-addons/ember-electron#1170 from smottt/master
• 184de4e [BUGFIX] Prevent leaked runners/sub processes.
• 1950ca9 Merge pull request Bump eslint-plugin-ember from 10.6.1 to 11.0.0 adopted-ember-addons/ember-electron#1199 from ajlomagno/rename-npmignore
• 19a24d1 Renamed .npmingore to .npmignore
• 208b5d5 Merge pull request Bump eslint-plugin-qunit from 7.3.0 to 7.3.1 adopted-ember-addons/ember-electron#1193 from tjgq/report-failed-hook-error-message
• e7bc3dd Display error message correctly when a hook fails to run.
• a87d79b Merge pull request Bump sass from 1.52.3 to 1.53.0 adopted-ember-addons/ember-electron#1182 from jlogsdon/fix/browser_args-by-mode
• bd9a1b1 Merge pull request Bump eslint-plugin-prettier from 4.0.0 to 4.1.0 adopted-ember-addons/ember-electron#1185 from rlivsey/fix-cycle-depth

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)