[Snyk] Security upgrade vinyl-fs from 1.0.0 to 2.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: vinyl-fs

The new version differs by 56 commits.

• de7bf7b 2.0.0
• 59620dc update vinyl
• 5b056f6 update object-assign dep
• 27983ef merge
• 7ca959e remove watch 0.9.0: loading helpers from verb config from package.json verbose/verb#92
• b9b9469 Merge pull request 0.9.0: way to remove default gulp-format-md plugin verbose/verb#90 from davidbarrows/with-updated-merge-stream-to-1.0.0
• 22e5e13 Updated merge-stream version to 1.0.0
• 5192dec Merge pull request 0.9.0: developer docs verbose/verb#88 from kketch/fix-event-name
• 65445ec fix wrong event name in README.md
• cb22635 Merge pull request 0.9.0: configfile instance doesn't register properly verbose/verb#85 from Klowner/symlink-passthru-support
• 9f5f6e8 Add symlink copy with `followSymlinks` option
• fa184c4 Merge pull request verb helpers verbose/verb#82 from stevemao/patch-2
• 0b3eed2 symlink opt.base should be the same as dest
• 3e2a5ef base can be a function now, also add better error messaging. closes 0.9.0 verbose/verb#78
• c7887c1 Merge pull request Parent directory from docs/ verbose/verb#81 from silverwind/patch-1
• 69090c4 use valid semver range for `engine`
• 65090b8 Merge branch 'master' of https://github.com/wearefractal/vinyl-fs
• b481130 fix filter-since
• 30a8507 Merge pull request 0.9.0: loading config values verbose/verb#79 from stevemao/improvements
• 8e8135c update vinyl-filter-since
• cb86d86 add missing test for f7516ebac102104ad0f39437f7739bf5aedec165
• a8161c8 update vinyl filter since
• 99db7de add sourcemaps to dest, clear up some dead src code now that empty arrays arent valid globs, dep updates
• d32876f update deps

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic