[Snyk] Fix for 15 vulnerabilities

[KhasanAr502]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Arbitrary File Overwrite SNYK-JS-FSTREAM-174725	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-174125	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

Commit messages

Package name: gulp-connect

The new version differs by 7 commits.

• aa10ee3 5.6.1
• a80e3e5 Merge pull request Update package-word-count.md atom/flight-manual.atom.io#257 from rejas/update_dependencies
• c6034b8 Cleanup test file
• edcfba8 Update ansi-colors package
• 429068d Only test supported node versions
• 2055d29 Undo typescript update to avoid breaking tests
• 4e3c831 Update all dependencies

See the full diff

Package name: gulp-sass

The new version differs by 42 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (Update hacking-on-atom-core.md atom/flight-manual.atom.io#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (Patch 1 atom/flight-manual.atom.io#776)
• 8d6ac29 Update changelog
• 43c0547 4.1.0
• ebe3ec6 Set appropriate file stat times (S69y patch 3 atom/flight-manual.atom.io#763)
• 7ab018e Migrate to the lodash package
• fa670c6 4.0.2
• fefa00e Revert package.json version bump
• 98254d2 Fix README typos
• 8a14419 Continue loading Node Sass by default
• 938afbe Add a note about synchronous versus asynchronous speed
• 7cc2db1 Make this package implementation-agnostic
• 643f73b Add documentation for synchronous code options
• 0b3c7e7 4.0.1
• daca90d Merge pull request ΑͲἂͲΘΩ⩩https://github.com/solveforce/flight-manual.atom.io/new/master… atom/flight-manual.atom.io#681 from DKvistgaard/master
• 71471c2 Declaring logError as function instead of arrow function.
• 450a7b8 4.0.0
• e9b1fe8 Fix node versions in appveyor.yml
• 44be409 Merge pull request ⛰️ATOM⛰️ atom/flight-manual.atom.io#667 from dlmanning/next
• 7656eff Adopt airbnb eslint preset
• 1293169 Bump autoprefixer@^8.1.0, gulp-postcss@^7.0.1
• 9fa817b Bump gulp-sourcemaps@^2.6.4

See the full diff

Package name: js-yaml

The new version differs by 27 commits.

• 665aadd 3.13.1 released
• da8ecf2 Browser files rebuild
• b2f9e88 Merge pull request Update installing-atom.md atom/flight-manual.atom.io#480 from nodeca/toString
• e18afbf Fix possible code execution in (already unsafe) load()
• 9d4ce5e 3.13.0 released
• f64c673 Browser files rebuild
• a567ef3 Restrict data types for object keys
• 59b6e76 Fix test name
• e4267fc 3.12.2 released
• 7231a49 Browser files rebuild
• 99c0bf9 Fix for issue Update installing-atom.md to include snap atom/flight-manual.atom.io#468 includes passing test (Added bullet about live reloading atom/flight-manual.atom.io#469)
• b6d2609 3.12.1 released
• 7b68122 Browser files rebuild
• 784d1d0 Add "noArrayIndent" option (adding theme color to octicon-heart atom/flight-manual.atom.io#461)
• 00bba11 Fix description of onWarning (Add manual publishing process with big danger sign atom/flight-manual.atom.io#460)
• 2d1fbed Travis-CI: increase tests timeout
• 5cdad9b 3.12.0 released
• ef00891 Browser files rebuild
• 337595a Dev deps bump
• 290705b Support arrow functions without a block statement (Update: HTTP -> HTTPS atom/flight-manual.atom.io#421)
• bab69b5 Check for leading newlines when determining if block indentation indicator is needed (Updated check for errors in the debugging section atom/flight-manual.atom.io#404)
• bb7f0cf Add property based tests to assess load reverses dump ("really unique" is poor English atom/flight-manual.atom.io#398)
• f2bb207 3.11.0 released
• b7eb2e6 Browser files rebuild

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	Prototype Pollution npm:extend:20180424	No Known Exploit
	Prototype Pollution npm:hoek:20180212	Proof of Concept
	Uninitialized Memory Exposure npm:stringstream:20180511	Mature

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution
🦉 Prototype Pollution