[Snyk] Fix for 1 vulnerabilities

[EitanGayor]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/demo-os/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: glob

The new version differs by 76 commits.

• 3a7e71d v5.0.15
• 841fda0 use latest minimatch
• 4ba54a8 Skip some tests on Windows, make others pass
• 3936e1e Build: Add build for node v4
• c47d451 v5.0.14
• 821fac8 Handle ENOTSUP for sync glob as well as async
• 9625618 Test for when readdir raises ENOTSUP
• 0a2b519 Generate fixtures more effectively, with -O instead of eval
• f96190b Use js for benchmark cleanup
• 957fd93 Fix some 'use strict' errors
• bf3381e Treat ENOTSUP like ENOTDIR in readdir
• 507733d v5.0.13
• f5878af Do not emit 'match' events for ignored items
• 9439afd v5.0.12
• 6071f3a Revert "Use graceful-fs if available"
• 38ff16c v5.0.11
• f09292b Use graceful-fs if available
• 4f39b60 Remove duplicate option description
• e3cdccc v5.0.10
• 480da05 ignore .nyc_output, upgrade tap, use coverage, rm fixtures
• 155124b add more sync cb thrower tests
• f7302ca Test base-matching
• 7530e88 v5.0.9
• b185987 reduce cases where tests need to be regenerated

See the full diff

Package name: grunt-contrib-compress

The new version differs by 31 commits.

• 936dd94 Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 7.0.0 #166 from gruntjs/014
• 4056bb8 v0.14.0
• 6c340ab make ok output consistent with other grunt plugins
• 2e2ef91 Merge pull request [Snyk] Security upgrade snyk from 1.101.1 to 1.465.0 #165 from ascripcaru/verbose
• e38ef0b more comments
• 0f2797b made grunt to log each file only on verbose
• 1617c2f Merge pull request [Snyk] Security upgrade madge from 3.12.0 to 4.0.1 #162 from gruntjs/deps
• 46e9027 Update dependencies.
• 49f4651 Update compress-options.md
• fcb5047 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 6.0.3.5 #159 from hkdobrev/patch-1
• b83ffa6 Fix store option default in README
• ff1d89d Update appveyor.yml.
• 51382c0 Merge pull request [Snyk] Security upgrade knex from 0.7.3 to 0.95.0 #160 from tandrewnichols/verbose
• dd92183 Change grunt.log to grunt.verbose for created files
• eceb50b CI: test node.js 4.0.
• c7c353e Merge pull request [Snyk] Security upgrade handlebars from 2.0.0 to 4.7.7 #150 from pdehaan/patch-1
• d95518b Update license attribute
• 3f67a96 Update appveyor.yml.
• 0beb9cd Lint fixes.
• 3862bed Update appveyor.yml.
• 6f68849 Update appveyor.yml.
• 4107a18 Update JSHint's options.
• 3459ce3 bump `chalk`
• ef3d6a2 better pretty output

See the full diff

Package name: grunt-jscs

The new version differs by 24 commits.

• d13072f Release v2.3.0
• d8fef95 Update jscs to 2.5.0 version
• c272f8f Release v2.2.0
• 4767f7f Check 4. and .12 nodes with travis CI
• cc63399 Update "load-grunt-tasks" dependency
• 1e4c9bf Use "idiomatic" preset instead of "jquery"
• 0c86a48 Use new "Checker#execute" method
• 6011f05 Release v2.1.0
• 31f9ced Release v2.0.1
• 3f2499e Update dependencies
• 302d8da Use Travis CI container-based builds
• 4a34df6 Release v2.0.0
• 9e6d86e Update dependecies
• 17f9e9c Bump jscs version to 2.0.0
• 8715716 Fix code style issues
• ad532e2 Update package.json
• 49936c6 Add enmasse testing merge with path config and inline options
• 330f2bc Merge branch 'remove-grunt-bump'
• 34dba9c Change package.json indent size to 2
• 8c7064b Document how to publish a new version
• de383ba Create npm scripts to bump version
• 1e60f29 Remove grunt-bump and the bump task
• 37a7757 Correct docs example
• b2d9ff9 Improve doc examples

See the full diff

Package name: grunt-mocha-cli

The new version differs by 39 commits.

• ed591d2 Release version 3.0.0
• a3fadd6 Drop support for node 0.10 and 0.12
• 1f10946 Fix lint warnings
• 1cf5be9 Update dependencies
• 8d4c95d Update node test versions
• 4241cd0 Release version 2.1.0
• 2b7a994 Update mocha and switch to caret semver range
• a59ebb2 Fix linting warnings
• 8e235cc Fix files option unit test
• 5f19029 Update devDependencies
• 465048a Merge pull request [Snyk] Fix for 1 vulnerabilities #36 from wtrocki/master
• a9616e6 Missing loadNpmTasks in README.md
• 27d05b0 Test on node 5
• 4d5704d Update eslint-config-rowno
• c08b8dd Use shared eslint config
• be4b1ee Release version 2.0.0
• 94630c7 package.json: add files property
• c05a494 Update mocha
• 4291df9 Add flags option and remove all node flag options (except debug ones)
• ab31719 readme: add npm download rank to badge
• 8dc22da readme: remove gratipay
• 35ce6a3 appveyor: don't convert line endings
• 4828ab3 Revert "travis: test on osx"
• 8b92039 appveyor: don't try to compile the project

See the full diff

Package name: testem

The new version differs by 250 commits.

• 379a0ea 1.9.0
• fccb6a5 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #898 from johanneswuerbach/glob-7
• 1b56c81 Replace fileset with plain glob 7
• bd03b4a Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.11.3 #896 from testem/greenkeeper-bluebird-retry-0.7.0
• 2762202 chore(package): update bluebird-retry to version 0.7.0
• 729ff79 Merge pull request [Snyk] Upgrade snyk from 1.101.1 to 1.1139.0 #889 from testem/greenkeeper-npmlog-3.0.0
• 371cd22 Merge pull request [Snyk] Upgrade snyk from 1.101.1 to 1.1126.0 #866 from tjni/metadata
• 476ea31 Lets custom adapters configure max decycle depth.
• 328a53c Passing metadata from an adapter to a reporter.
• 16c8f76 chore(package): update npmlog to version 3.0.0
• 1a9914f Merge pull request [Snyk] Upgrade snyk-nodejs-lockfile-parser from 1.17.0 to 1.48.3 #888 from johanneswuerbach/bluebird
• 7fa0dfd Extract signal listeners
• b97b9c2 Extract reporter creation
• 700732a Extract run timeout
• bbca2bb Use promises (bluebird) consistently
• 6e4ccbb 1.8.1
• c2c98c7 Merge pull request [Snyk] Upgrade snyk from 1.101.1 to 1.1137.0 #887 from johanneswuerbach/unknown-error
• c996d89 Handle different which exit codes
• b71e0ca 1.8.0
• 6418e12 Merge pull request [Snyk] Upgrade @grpc/proto-loader from 0.1.0 to 0.7.6 #884 from johanneswuerbach/use-sinon
• 13595ca Unify spying and stubbing to sinon
• 4f142a5 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.11.3 #782 from johanneswuerbach/parallel-integration-tests
• 02ac45e Use a shared cache for npm
• a4bfa4e Run integration tests in parallel

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)