Fixes for security vulnerabilities

[kedar-joshi]

Fixes security vulnerabilities.

Also, support for Node v4 has been dropped and support for v10 has been added to CI configuration.

See electron/electron-api-demos#418.

[kedar-joshi]

I am not sure why build is failing when all tests are passing.

[codebytere]

it's failing in Node.js v4 because that version does not have support for destructuring:

const {deprecate, warn} = require('../lib/utils');

To fix this, you can update the travis config to use newer versions:

language: node_js
node_js:
  - "10"
  - "12"

However the v8 CI run looks to be failing legitimately in a cleanup hook or something, so you may want to rerun that locally.

  6 passing (292ms)
path.js:28
    throw new TypeError('Path must be a string. Received ' + inspect(path));
    ^

[kedar-joshi]

Thank you for the suggestion. I have removed support for v4 and also added support for v10.

so you may want to rerun that locally.

This is not reproducible on my local environment. I tried with v6, v8, and v10 and everything completes without any exception.

I will debug a bit more.

[zeke]

Thanks for the PR!

It looks like the Node 6 build is failing on this:

/home/travis/build/zeke/check-for-leaks/node_modules/picomatch/lib/picomatch.js:54
    let ignoreOpts = { ...options, ignore: null, onMatch: null, onResult: null };
                       ^^^
SyntaxError: Unexpected token ...

Can you take 6 out of the Travis config?

I'm also seeing this on the 8 and 10 builds:

internal/validators.js:125
    throw new ERR_INVALID_ARG_TYPE(name, 'string', value);
    ^
TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received type undefined
    at validateString (internal/validators.js:125:11)
    at Object.resolve (path.js:1080:7)
    at Command.<anonymous> (/home/travis/build/zeke/check-for-leaks/node_modules/standard-markdown/cli.js:32:28)
    at Command.listener (/home/travis/build/zeke/check-for-leaks/node_modules/commander/index.js:315:8)

I'm not able to reproduce this issue locally either. Can you go ahead and npm rm standard-markdown and remove it from the test script? The README's already in good shape and we can live without that linter.

Once this goes green I'll get a new version out.

[kedar-joshi]

Done. Everything is green.

[zeke]

~/git/zeke/check-for-leaks master
$ np patch

Publish a new version of check-for-leaks (current: 1.2.0)

Commits:
- Merge pull request #4 from kedar-joshi/vulnerability-fixes  e7b1b82
- Vulnerability fixes  05c93b4

Commit Range:
v1.2.0...master


  ✔ Prerequisite check
  ✔ Git
  ↓ Cleanup [skipped]
  ✔ Installing dependencies using npm
  ✔ Running tests using npm
  ✔ Bumping version using npm
  ✔ Publishing package using npm
  ✔ Pushing tags
  ✔ Creating release draft on GitHub

 check-for-leaks 1.2.1 published 🎉

[zeke]

Thanks again, @kedar-joshi