[Snyk] Fix for 19 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	No	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Symlink File Overwrite npm:tar:20151103	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: fullname

The new version differs by 4 commits.

• 6cf9f5c 2.0.0
• 87dbd2f extract the CLI into a separate module
• d1e2ba9 tweaks
• 57715e0 Close [Snyk] Fix for 19 vulnerabilities #7 PR: Promisified the library. Added XO and AVA..

See the full diff

Package name: insight

The new version differs by 45 commits.

• 84df37e 0.9.0
• 9812a19 Bump dependencies
• 5494868 Bump dependencies
• b4ce462 Immediate execution of debounce function in _save (Show outdated generators in yoyo yeoman/yo#57)
• 506539b Meta tweaks
• 63059e9 Move to AVA for testing (Mark outdated generators in the yoyo list yeoman/yo#55)
• a0430e2 ES2015ify
• 66a5db6 Bump minimum supported `node` version to `node@4`. (yo yo inception issue yeoman/yo#51)
• 3edcaf4 0.8.4
• e09db96 chore(package): update uuid to version 3.0.0 (Use generator.name if set in yoyo yeoman/yo#50)
• 140e7b6 cleanup
• ee16694 make XO happy
• fa317f7 0.8.3
• 897d250 Update request to 2.74.0 (bower version number. yeoman/yo#48)
• cd02a9c 0.8.2
• 0b6b675 BugFix: Automatically opt-out after timeout (Mock the hell out of yo status code test yeoman/yo#47)
• 1e93f3e 0.8.1
• f1dbe45 fix issue when event value is undefined (Run generators in same context yeoman/yo#45)
• 791b6c0 0.8.0
• 3a6ac61 Add event tracking for GA
• cca7b59 Fix code examples
• 15a86ca readme - remove obsolete live demo link
• 0c2be5f 0.7.0
• 90a5381 minor readme tweaks

See the full diff

Package name: yeoman-generator

The new version differs by 250 commits.

• dc47384 0.24.1
• 1c0bb5a Fix dependencies not supporting Node < v4
• fc69dfe 0.24.0
• 5cc59c1 Bump dependencies
• b605a5c Remove remote modules from core
• f8dc720 0.23.4
• 9ed4879 Chain install commands with double ampersand (#944)
• 035ce57 Bump `cross-spawn`
• 425e81f 0.23.3
• faa3e2c Fix for Node < 4, downgrade read-chunk (#929)
• a55558a 0.23.2
• b89eece Fix for Node < 4, downgrade path-exists (#928)
• bbc05cc Fix tests on newer Node verions
• f668360 add node v6
• 0644986 0.23.1
• f733835 Fix yeoman-generator ignoring errors
• 7d0aa14 0.23.0
• 4bdf621 Base#prompt now return a promise
• 2d90140 Move inquirer to devDeps
• ca55109 Bump devDeps and eslint 2.0 settings adjustment
• 3272f44 Bump some dependencies
• 3a41fa0 0.22.6
• 634a9c7 Fix the error thrown from generator is swallowed (#923)
• edfa8a0 Fix storage documentation

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic