[Snyk] Fix for 15 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • node_modules/esrecurse/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Internal Property Tampering SNYK-JS-TAFFYDB-2992450	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 31 commits.

• a0fbd50 8.0.2
• 2004b91 require correct deps
• fa56d21 Always use unpad ([Snyk] Fix for 1 vulnerabilities #535)
• 295091d Allow ^ version for babel dependencies ([Snyk] Fix for 1 vulnerabilities #534)
• d3b8519 fix(package): update babylon to version 7.0.0-beta.31 ([Snyk] Security upgrade mocha from 2.2.5 to 4.0.0 #533)
• 54ab4ac 8.0.1
• c1a7882 Update README.md support ([Snyk] Fix for 1 vulnerabilities #531) [skip ci]
• 51100c9 chore(package): update mocha to version 4.0.0 ([Snyk] Security upgrade eslint from 4.19.1 to 7.0.0 #524)
• 5742b71 Adding optionalCatchBinding to plugins. ([Snyk] Fix for 1 vulnerabilities #521)
• 905887c 8.0.0
• 49493e4 update to beta.0
• 42d0c5b Remove already fixed workaround ([Snyk] Fix for 1 vulnerabilities #508)
• 25bd208 8.0.0-alpha.17
• 1468905 alpha.17
• 57c133e 8.0.0-alpha.15
• 1e41162 update ([Snyk] Security upgrade eslint from 5.16.0 to 7.0.0 #504)
• c31b577 Readme update usage section ([Snyk] Fix for 1 vulnerabilities #501) [skip ci]
• c2626f9 Update eslint to the latest version 🚀 ([Snyk] Fix for 1 vulnerabilities #500)
• 3c6b2de chore(package): update husky to version 0.14.0 ([Snyk] Fix for 1 vulnerabilities #498)
• e052d5a Update install instructions to use latest stable release ([Snyk] Security upgrade tap from 10.7.3 to 15.0.0 #497) [skip ci]
• 8e3e088 8.0.0-alpha.13
• f757e22 Merge pull request [Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #493 from danez/regression-test
• 5736be6 Update babylon
• 37f9242 Add Prettier ([Snyk] Security upgrade xo from 0.7.1 to 0.41.0 #491)

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples ([Snyk] Security upgrade ava from 0.20.0 to 1.0.1 #1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md ([Snyk] Security upgrade ava from 1.4.1 to 6.0.0 #1859)
• 723cbc4 Docs: Fix syntax in recipe example ([Snyk] Security upgrade ava from 2.4.0 to 6.0.0 #1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration ([Snyk] Security upgrade xo from 0.7.1 to 0.8.0 #1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos ([Snyk] Security upgrade babel-plugin-istanbul from 4.1.6 to 5.0.0 #1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe ([Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API ([Snyk] Security upgrade karma from 1.7.1 to 2.0.0 #1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example ([Snyk] Security upgrade eslint from 6.8.0 to 9.0.0 #1609)

See the full diff

Package name: gulp-eslint

The new version differs by 3 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies ([Snyk] Security upgrade safe-publish-latest from 1.1.5 to 2.0.0 #224)

See the full diff

Package name: gulp-mocha

The new version differs by 7 commits.

• 983b0ac 5.0.0
• 7bc8d9c Add example of using the `exit` option ([Snyk] Fix for 2 vulnerabilities #185)
• 3f53145 Add example of using reporterOptions in readme.md ([Snyk] Fix for 4 vulnerabilities #179)
• 5045939 Improve usage example
• 64fef33 Bump Mocha to v4
• 06b96ba Meta tweaks
• ac3d7fc Drop dependency on deprecated `gulp-util` ([Snyk] Fix for 7 vulnerabilities #187)

See the full diff

Package name: jsdoc

The new version differs by 2 commits.

• 0842185 4.0.0
• b018408 chore!: replace taffydb package with @ jsdoc/salty

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution