Bump package dependencies

[sudo-suhas]

Changelog

• Update dependencies in package.json
• Regenerate yarn.lock with fresh install to fix security issues
• Fix linting errors due to incorrect indentation
• Update tests for changes in sinon.stub syntax and usage

Updated dependencies

Package	Current	Latest	Package Type	Reason
eslint	3.13.0	4.2.0	devDependencies	New rules in recommended, more strict 🔗
js-yaml	3.7.0	3.9.0	dependencies	Throw a warning for duplicate keys, other improvements and features🔗
node-version-check	2.1.1	2.2.0	devDependencies	Added node-version-gte-8 & node-version-lt-8 binaries🔗
nyc	10.0.0	11.0.3	devDependencies	Drop supprt for node < 4, allow .nycrc.json, support for presets, support for per file coverage checking🔗
object-assign	4.1.0	4.1.1	dependencies	Store a reference to Object.getOwnPropertySymbols, meta tweaks🔗
sinon	1.17.7	2.3.8	devDependencies	Migration guide
tape	4.6.3	4.7.0	devDependencies	Show full err stacj on failure, fix spurious "test exited without ending"🔗

eslint-plugin-node(v3.0.5 → v5.1.0) was not updated due to peer dependency with eslint-config-davidtheclark-node("eslint-plugin-node": "^2.0.0 || ^3.0.0"). Changes for eslint-plugin-node - Drop support for node < 4, eslint < 3. New rules no-extraneous-import and no-extraneous-require. Update rules for node 7, 8🔗

Snyk

Snyk is a free tool that can help find and fix vulnerabilities in Node.js.

Security - 2 vulnerabilities, 6 vulnerable paths

Report from snyk cli -https://github.com/snyk/snyk

λ snyk test
✗ Medium severity vulnerability found on brace-expansion@1.1.6
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:brace-expansion:20170302
- from: cosmiconfig@2.1.3 > istanbul-lib-report@1.0.0-alpha.3 > rimraf@2.5.4 > glob@7.1.1 > minimatch@3.0.3 > brace-expansion@1.1.6
Upgrade direct dependency istanbul-lib-report@1.0.0-alpha.3 to istanbul-lib-report@1.0.0

✗ Medium severity vulnerability found on brace-expansion@1.1.6
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:brace-expansion:20170302
- from: cosmiconfig@2.1.3 > istanbul-lib-source-maps@1.1.0 > rimraf@2.5.4 > glob@7.1.1 > minimatch@3.0.3 > brace-expansion@1.1.6
Your dependencies are out of date, otherwise you would be using a newer brace-expansion than brace-expansion@1.1.6.

✗ Medium severity vulnerability found on brace-expansion@1.1.6
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:brace-expansion:20170302
- from: cosmiconfig@2.1.3 > spawn-wrap@1.3.4 > rimraf@2.5.4 > glob@7.1.1 > minimatch@3.0.3 > brace-expansion@1.1.6
Your dependencies are out of date, otherwise you would be using a newer brace-expansion than brace-expansion@1.1.6.

✗ Low severity vulnerability found on ms@0.7.2
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:ms:20170412
- from: cosmiconfig@2.1.3 > babel-template@6.16.0 > babel-traverse@6.21.0 > debug@2.6.0 > ms@0.7.2
Your dependencies are out of date, otherwise you would be using a newer ms than ms@0.7.2.

✗ Low severity vulnerability found on ms@0.7.2
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:ms:20170412
- from: cosmiconfig@2.1.3 > istanbul-lib-instrument@1.4.2 > babel-traverse@6.21.0 > debug@2.6.0 > ms@0.7.2
Your dependencies are out of date, otherwise you would be using a newer ms than ms@0.7.2.

✗ Low severity vulnerability found on ms@0.7.2
- desc: Regular Expression Denial of Service (ReDoS)
- info: https://snyk.io/vuln/npm:ms:20170412
- from: cosmiconfig@2.1.3 > istanbul-lib-instrument@1.4.2 > babel-template@6.16.0 > babel-traverse@6.21.0 > debug@2.6.0 > ms@0.7.2
Your dependencies are out of date, otherwise you would be using a newer ms than ms@0.7.2.

Tested 188 dependencies for known vulnerabilities, found 2 vulnerabilities, 6 vulnerable paths.
Run `snyk wizard` to address these issues.

[davidtheclark]

Thanks, @sudo-suhas. Are you interested in being added as a contributor to this repo?

[sudo-suhas]

Wow! That would truly be an honor. I am very much interested 😃

[davidtheclark]

@sudo-suhas: Sync mode is a major feature and you did a great job with it. I'd love to have you your help maintaining that feature and the rest of the repo.

[sudo-suhas]

😁 You just made my day.
By the way, if I wanted to discuss any possible changes we could do for the package, what would be an appropriate place for it?

[davidtheclark]

if I wanted to discuss any possible changes we could do for the package, what would be an appropriate place for it?

Feel free to open issues for anything you'd like to propose.