[Snyk] Fix for 10 vulnerabilities

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • css/css-writing-modes/tools/generators/package.json
  • css/css-writing-modes/tools/generators/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (Many html tests assume data: URLs are treated as same-origin web-platform-tests/wpt#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (WebSocket: Enable WSS support by default. web-platform-tests/wpt#1859)
• 723cbc4 Docs: Fix syntax in recipe example (A set of tests for X-Content-Type-Options: nosniff web-platform-tests/wpt#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Delay stylesheet load in test to increase confidence. web-platform-tests/wpt#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Extend the CharacterData#appendData test. web-platform-tests/wpt#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (Correct the file name for grouping-li-novalue-MANUAL.html. web-platform-tests/wpt#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Add test for default prevented 'beforescriptexecute' event web-platform-tests/wpt#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Update test preconditions for Battery Status API web-platform-tests/wpt#1609)

See the full diff

Package name: gulp-ejs

The new version differs by 233 commits.

• 1871de5 5.0.0
• 56c37d2 chore(changelog): update to v5.0.0
• 04ec96e chore(deps): bump ejs from 2.7.4 to 3.0.1 (The only first <shadow> element is used web-platform-tests/wpt#168)
• 74aa2dd Merge pull request Submissions/georgeosddev web-platform-tests/wpt#169 from rogeriopvl/dependabot/npm_and_yarn/eslint-6.7.2
• 6fa33e7 chore(deps-dev): bump eslint from 6.7.1 to 6.7.2
• 1afc0a4 Merge pull request Submissions/tomoyukilabs web-platform-tests/wpt#167 from rogeriopvl/dependabot/npm_and_yarn/eslint-6.7.1
• 3b99431 chore(deps-dev): bump eslint from 6.6.0 to 6.7.1
• 8eadd9b Merge pull request IDL harness test for Web Storage web-platform-tests/wpt#166 from rogeriopvl/dependabot/npm_and_yarn/ejs-2.7.4
• 9413628 chore(deps): bump ejs from 2.7.3 to 2.7.4
• d9a475f Merge pull request added test for selection API attributes. web-platform-tests/wpt#165 from rogeriopvl/dependabot/npm_and_yarn/ejs-2.7.3
• 5e079bb chore(deps): bump ejs from 2.7.2 to 2.7.3
• 223c989 Merge pull request <shadow> should insert original tree's node web-platform-tests/wpt#164 from rogeriopvl/dependabot/npm_and_yarn/ejs-2.7.2
• d2c2dec chore(deps): bump ejs from 2.7.1 to 2.7.2
• 75470b9 Merge pull request Add test for a reprojection web-platform-tests/wpt#163 from rogeriopvl/dependabot/npm_and_yarn/prettier-1.19.1
• 03fe086 chore(deps-dev): bump prettier from 1.18.2 to 1.19.1
• aa61005 Merge pull request Fixed a bug where using a port number in the url would cause the test to fail. web-platform-tests/wpt#162 from rogeriopvl/dependabot/npm_and_yarn/eslint-6.6.0
• 6fde366 chore(deps-dev): bump eslint from 6.5.1 to 6.6.0
• 89b33b5 Merge pull request Test that XHR abort() should not fire an "abort" event after a timeout happens. web-platform-tests/wpt#161 from rogeriopvl/dependabot/npm_and_yarn/mocha-6.2.2
• 519014f chore(deps-dev): bump mocha from 6.2.1 to 6.2.2
• c9d6328 chore(deps-dev): bump eslint-plugin-node from 9.2.0 to 10.0.0 (Test navigator.getUserMedia success callback is triggered when user allo... web-platform-tests/wpt#160)
• a6cb7e5 chore(deps-dev): bump eslint from 6.3.0 to 6.5.1 (The older tree is inserted into <shadow> web-platform-tests/wpt#159)
• 2cb9547 chore(deps-dev): bump mocha from 6.2.0 to 6.2.1 (added input[type=email] test web-platform-tests/wpt#158)
• 951c8d6 docs: remove greenkeeper badge
• 3c769f3 4.1.2

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Injection
🦉 Cross-site Scripting (XSS)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 79c2438

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR