[Snyk] Fix for 2 vulnerabilities

[sailsbot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	753/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 37 commits.

• 9ba3a99 1.0.3
• eee4c33 Changelog v1.0.3
• 46da7f2 Merge pull request #1636 from gruntjs/upt
• 00f4d8a Drop support for Node 0.10 and 0.12
• e852727 util update
• 56d702e Update deps
• 0105524 Fix race condition with file.mkdir and make it operate more similarily to mkdir -p (#1627) r=@ vladikoff
• 303d445 https links (#1629)
• d969132 Merge pull request #1624 from gruntjs/rm-bump-deps
• 289ff91 Remove old bump task and deps
• ccc3163 v1.0.2
• e7795dc Remove iojs from test matrix (#1622)
• a6a133b Remove deprecation warning for coffeescript (#1621) r=@ vladikoff
• 06b377e https links to webchat.freenode.net and gruntjs.com (#1610)
• 7c5242f Use node executable for local grunt bin for Windows support
• f6cbb63 Oh right, Windows isnt bash
• a9a20da Try and debug why appveyor is failing on npm
• 48bba6c Move to the test script to avoid npm was unexpected at this time.
• 6b97ac0 Try to fix appveyor script
• 19003ba For appveyor, check node version to decide whether to install npm@3
• 3fcf921 Install npm@3 if npm version is npm 1 or 2
• 77fc157 Use the local version of grunt to run tests
• 400601a Updating devDependencies
• 6592ad1 Update travis/appveyor to node versions we support

See the full diff

Package name: sails-hook-grunt

The new version differs by 36 commits.

• 405b3ec 4.0.0
• fae8fec Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #2 from sailshq/upgrades
• 408524d 3.1.1
• 69e24d7 Regenerate shrinkwrap file
• dd83d09 Upgrade several dependencies to resolve vulnerability and deprecation warnings, and remove jst and coffee
• 1a99e13 Upgrade babel-core version to resolve vulnerabilities
• b2a173a Upgrade grunt version to resolve vulnerabilities
• 62248fe Skip node 0.10 and 0.12 tests on travis, because they're now failing due to the latest eslint.
• d70ad20 3.1.0
• ccccbb0 3.1.0-0
• 1c8d2ca Tweak to 'grunt aborted' output
• 223daeb Point to gitter etc. in troubleshooting tips
• 7fe0c83 update shrinkwrap.
• b39b9a1 Add grunt-hash for built-in support for cache busting.
• a513553 3.0.2
• 619711b Finished up setup of linting and tests.
• 42fff90 Set up linter and do a few fixes
• 61ceb09 Added ENOSPC troubleshooting for linux users.
• 5a0c582 Comments
• a8f76e4 Add some comments
• 5659381 3.0.1
• 5b2a025 Update shrinkwrap
• 781907f 3.0.0
• 8533bdb Use `@ sailshq/grunt-contrib-uglify`

See the full diff

Package name: sails-hook-sockets

The new version differs by 29 commits.

• bade0f7 2.0.0
• 64d08ac 2.0.0-0
• 4e1fb5b Merge pull request [Snyk] Security upgrade grunt from 1.0.1 to 1.5.3 #41 from balderdashy/upgrades
• fd20a5f Just pass in the full URL for sendHttpRequest
• 0b43d86 Revert "Nevermind, just run the redis tests anyway"
• c697c00 Nevermind, just run the redis tests anyway
• 37f1285 Revert "Try new way of skipping redis tests on appveyor"
• 052a44f Try new way of skipping redis tests on appveyor
• adb9084 Revert "Revert mp-http upgrade"
• b7514b9 Revert mp-http upgrade
• 8e05bce Remove TODO that's toDONE
• a506e88 Upgrade mp-http, and also comment out a test we've pretty much always been skipping because it doesn't matter based on the behavior of redis
• 8454a80 Try out a way of skipping redis tests on appveyor
• f4788a2 Don't set `return_buffers` in call to `createManager`, because of a change in the version of node_redis used by machinepack-redis
• 320b7f7 Fix warning about not being able to parse redis URL after upgrading machinepack-urls
• cadf099 Remove copy/pasted comment
• bab71cf Revert "Temporarily revert machinepack-redis upgrade"
• 629bfbe Temporarily revert machinepack-redis upgrade
• fa242a6 Don't pass through faulty meta in call to Redis.getConnection() (relies on fix in mp-redis 2.0.3)
• 8dd28a4 clarify that to run tests, you'll benefit from having the redis server expect a dummy password
• 5b1d961 Add note about something weird.
• 91dfa06 trivial
• 975ed17 Update CI config files
• 609a66b Fix usage of machinepack-redis `getConnection` after upgrading

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic