[Snyk] Fix for 28 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-535499	Yes	No Known Exploit
	NULL Pointer Dereference SNYK-JS-NODESASS-535500	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-535501	Yes	No Known Exploit
	Uncontrolled Recursion SNYK-JS-NODESASS-535503	Yes	No Known Exploit
	Resource Exhaustion SNYK-JS-NODESASS-535504	Yes	No Known Exploit
	NULL Pointer Dereference SNYK-JS-NODESASS-535505	Yes	No Known Exploit
	Uncontrolled Recursion SNYK-JS-NODESASS-540960	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-540962	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-NODESASS-540966	Yes	No Known Exploit
	Improper Input Validation SNYK-JS-NODESASS-540968	Yes	No Known Exploit
	Uncontrolled Recursion SNYK-JS-NODESASS-540970	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-540972	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NODESASS-540982	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-540984	Yes	No Known Exploit
	Out-of-bounds Read SNYK-JS-NODESASS-540986	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NODESASS-540988	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-NODESASS-542662	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

Commit messages

Package name: gulp-connect

The new version differs by 7 commits.

• aa10ee3 5.6.1
• a80e3e5 Merge pull request Update package-word-count.md atom/flight-manual.atom.io#257 from rejas/update_dependencies
• c6034b8 Cleanup test file
• edcfba8 Update ansi-colors package
• 429068d Only test supported node versions
• 2055d29 Undo typescript update to avoid breaking tests
• 4e3c831 Update all dependencies

See the full diff

Package name: gulp-sass

The new version differs by 2 commits.

• 0d2a2bf 3.0.0
• 251fbc8 Bump node-sass@v4.0.0

See the full diff

Package name: js-yaml

The new version differs by 27 commits.

• 665aadd 3.13.1 released
• da8ecf2 Browser files rebuild
• b2f9e88 Merge pull request Update installing-atom.md atom/flight-manual.atom.io#480 from nodeca/toString
• e18afbf Fix possible code execution in (already unsafe) load()
• 9d4ce5e 3.13.0 released
• f64c673 Browser files rebuild
• a567ef3 Restrict data types for object keys
• 59b6e76 Fix test name
• e4267fc 3.12.2 released
• 7231a49 Browser files rebuild
• 99c0bf9 Fix for issue Update installing-atom.md to include snap atom/flight-manual.atom.io#468 includes passing test (Added bullet about live reloading atom/flight-manual.atom.io#469)
• b6d2609 3.12.1 released
• 7b68122 Browser files rebuild
• 784d1d0 Add "noArrayIndent" option (adding theme color to octicon-heart atom/flight-manual.atom.io#461)
• 00bba11 Fix description of onWarning (Add manual publishing process with big danger sign atom/flight-manual.atom.io#460)
• 2d1fbed Travis-CI: increase tests timeout
• 5cdad9b 3.12.0 released
• ef00891 Browser files rebuild
• 337595a Dev deps bump
• 290705b Support arrow functions without a block statement (Update: HTTP -> HTTPS atom/flight-manual.atom.io#421)
• bab69b5 Check for leading newlines when determining if block indentation indicator is needed (Updated check for errors in the debugging section atom/flight-manual.atom.io#404)
• bb7f0cf Add property based tests to assess load reverses dump ("really unique" is poor English atom/flight-manual.atom.io#398)
• f2bb207 3.11.0 released
• b7eb2e6 Browser files rebuild

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	Prototype Pollution npm:extend:20180424	No Known Exploit
	Prototype Pollution npm:hoek:20180212	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	Uninitialized Memory Exposure npm:stringstream:20180511	Mature

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[pull-assistant]

Best reviewed: commit by commit

---

Optimal code review plan

     fix: package.json, package-lock.json & .snyk to reduce vulnerabilities...

     fix: package.json, package-lock.json & .snyk to reduce vulnerabilities...

     fix: package.json, package-lock.json & .snyk to reduce vulnerabilities...

Powered by Pull Assistant. Last update f25a8ea ... ecc6e15. Read the comment docs.