WIP - Fixing Gluegun and other dep upgrades

[jamonholmgren]

@GantMan I started working through this but ran out of time. Can you carry the ball forward from here? I've made some progress, but am still getting test failures.

[avaGitHubBot]

	Warnings
⚠️	Changes were made to package.json, but not to package-lock.json - Perhaps you need to run npm install?

Generated by 🚫 dangerJS

[GantMan]

Let's hold on this. I have a major PR in progress. It breaks tons of tests an would significantly affect this work. Sorry :( I wish it were done, but it's a pain so I'm taking it slower.

[jamonholmgren]

Can you bring Gluegun up to latest while you're at it, @GantMan ? I'd love to be able to use Solidarity to test new Gluegun releases.

[GantMan]

@jamonholmgren if you merge or approve and I merge #236 then you can jump back into this one.

[derekgates]

Any updates on merging this PR or #249 ?

I look forward to using this system at work but the audit problems prevent this.

  Low             Prototype Pollution
  Package         lodash
  Patched in      >=4.17.5
  Dependency of   solidarity
  Path            solidarity > gluegun > cli-table2 > lodash
  More info       https://npmjs.com/advisories/577


  High            Prototype Pollution
  Package         lodash
  Patched in      >=4.17.11
  Dependency of   solidarity
  Path            solidarity > gluegun > cli-table2 > lodash
  More info       https://npmjs.com/advisories/782

  High            Prototype Pollution
  Package         lodash
  Patched in      >=4.17.12
  Dependency of   solidarity
  Path            solidarity > gluegun > cli-table2 > lodash
  More info       https://npmjs.com/advisories/1065

  Moderate        Denial of Service
  Package         axios
  Patched in      >=0.18.1
  Dependency of   solidarity
  Path            solidarity > gluegun > apisauce > axios
  More info       https://npmjs.com/advisories/880

  High            Prototype Pollution
  Package         set-value
  Patched in      >=2.0.1 <3.0.0 || >=3.0.1
  Dependency of   solidarity
  Path            solidarity > gluegun > enquirer > prompt-question >
                  prompt-choices > set-value
  More info       https://npmjs.com/advisories/1012

  High            Prototype Pollution
  Package         set-value
  Patched in      >=2.0.1 <3.0.0 || >=3.0.1
  Dependency of   solidarity
  Path            solidarity > gluegun > enquirer > set-value
  More info       https://npmjs.com/advisories/1012


  High            Prototype Pollution
  Package         set-value
  Patched in      >=2.0.1 <3.0.0 || >=3.0.1
  Dependency of   solidarity
  Path            solidarity > gluegun > prompt-autocompletion > prompt-base >
                  prompt-question > prompt-choices > set-value
  More info       https://npmjs.com/advisories/1012

  High            Prototype Pollution
  Package         set-value
  Patched in      >=2.0.1 <3.0.0 || >=3.0.1
  Dependency of   solidarity
  Path            solidarity > gluegun > prompt-autocompletion >
                  prompt-choices > set-value
  More info       https://npmjs.com/advisories/1012

If this PR is still desired, would it be helpful to resolve the conflicts and rebase/merge this again? I can certainly help with that!

[jamonholmgren]

Closing the loop, we are up to Gluegun 4.2.0 (latest as of now is 4.3.1).

solidarity/package.json

Line 41 in 7d36c90

"gluegun": "4.2.0",