[Snyk] Fix for 42 vulnerabilities

[rx007]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-535498	Yes	Proof of Concept
	550/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-535499	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	Yes	Proof of Concept
	600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	Yes	Proof of Concept
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Out-of-bounds Read SNYK-JS-NODESASS-540958	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540960	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540962	Yes	No Known Exploit
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Uncontrolled Recursion SNYK-JS-NODESASS-540964	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540966	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540968	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540970	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540972	Yes	No Known Exploit
	761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-540974	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540978	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-540984	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540986	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODESASS-540988	Yes	No Known Exploit
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	NULL Pointer Dereference SNYK-JS-NODESASS-540992	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-Bounds SNYK-JS-NODESASS-540998	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Use After Free SNYK-JS-NODESASS-541000	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-541002	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: clean-css-brunch

The new version differs by 32 commits.

• 9991b41 Release 3.0.0.
• 0813fc5 Reorganize package.
• a25dbde Merge pull request #22 from minghz/master
• e3b6269 Reverting mocha version update
• 7926eb1 Shouldn't have commited the lock file
• e25b941 Merge pull request [Snyk] Upgrade clean-css-brunch from 1.7.2 to 1.8.0 #1 from minghz/update_dependencies
• 5dec816 Bump version
• d30e1c7 Fix security vulnerabilities from old dependencies
• 3517524 Release 2.10.0.
• a012b48 Refactor tests (#21)
• c1728c8 Use eslint-config-brunch ([Snyk] Security upgrade babel-brunch from 5.1.2 to 6.0.0 #19)
• 0369e48 Use latest Node.js in Travis ([Snyk] Security upgrade brunch from 1.8.5 to 3.0.0 #20)
• 6e83584 Rewrite examples in CoffeeScript to JS ([Snyk] Security upgrade brunch from 1.8.5 to 2.0.3 #18)
• 6ef25cf Link to CleanCSS repo API options ([Snyk] Security upgrade sass-brunch from 1.9.2 to 3.0.1 #17)
• 69a58ec Fix Plugins: Replace npm i —save with —save-dev brunch/brunch#1486 ([Snyk] Fix for 42 vulnerabilities #16)
• d33089b Merge pull request [Snyk] Fix for 21 vulnerabilities #14 from brunch/eslint2
• 62f5220 Update ESLint to 2.1.0
• 3fc3d30 Add travis.
• d3162c3 Tildify dep versions
• 4ce8f45 Release 2.0.0.
• 622eec7 Merge pull request [Snyk] Security upgrade sass-brunch from 1.9.2 to 3.0.0 #13 from brunch/update-iface-2.0
• 0d56ff1 Update interface to 2.0
• d9fab60 Release 1.8.0
• 82742cd Remove incorrect/unneeded main property

See the full diff

Package name: sass-brunch

The new version differs by 105 commits.

• 30d0221 Release 3.0.1.
• df80796 Merge pull request #206 from altmind/194-sourcemap-relpath
• 99a1650 #194 Fix source path names for windows, fixed test
• 1ce930a Delete package-lock.json
• e32d3fc Merge pull request #197 from jkruse/issue194
• 7fac336 Fixes 194
• 83dc077 Release 3.0.0.
• d17769f Audit fix.
• e31bfe4 Log.
• a7b96e5 Deps.
• 9e58640 Update package.json
• 505d1ab Update docs.
• 0ad6e77 Fix.
• 98beee2 Reorganize for brunch 3.
• 66e2fa7 Reorganize.
• 1e528e9 Update package.json
• e44826e Update package.json
• 12655c1 Delete .npmignore
• 5b5efc7 Delete .travis.yml
• 2a00c3a Create nodejs.yml
• c9a8ade Merge pull request #191 from CloudRaker/dart-sass
• 7165633 Fix globbing & sourcemaps
• 05cd3f2 Migrate to dart-sass
• 5dd44ea Merge pull request #190 from brunch/dependabot/npm_and_yarn/eslint-4.18.2

See the full diff

Package name: uglify-js-brunch

The new version differs by 25 commits.

• 8c67a01 Release 2.10.0.
• 65a2952 Improve error formatting.
• b6f8312 Release 2.1.1.
• 064c2a8 Downgrade uglify, new version is shitty
• c4bd027 Release 2.1.0.
• db1ae32 Improve tests
• 335fdd2 Fix Travis
• 1e461de Update uglifyjs dependency
• b0673d1 Skemata handles that
• da9a1b9 Fix source maps (#39)
• 2fc0b02 Fix ESLint errors and warnings (#38)
• ba836e8 Fix eslint (#37)
• 941b80c Use eslint-config-brunch (#35)
• 67d488b Use latest Node.js in Travis (#34)
• 6bc8c66 README: Rewrite examples in coffee to js (#33)
• 060c641 Fix Plugins: Replace npm i —save with —save-dev brunch/brunch#1486 (#32)
• 4c7d45e Fix.
• c2e3848 Merge pull request #30 from brunch/eslint2
• 17d76e6 Update ESLint to 2.1.0
• c2cf8d3 Add travis.
• 6e3a4b2 Release 2.0.1.
• 52b32b2 Update uglify.
• 8edd66b Release 2.0.0.
• 01fb350 Merge pull request #29 from hellyeahllc/update-iface-2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 NULL Pointer Dereference
🦉 Uncontrolled Recursion
🦉 More lessons are available in Snyk Learn