[Snyk] Upgrade bluebird from 3.5.5 to 3.7.2

[snyk-bot]

Snyk has created this PR to upgrade bluebird from 3.5.5 to 3.7.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released a year ago, on 2019-11-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-450202	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Execution SNYK-JS-JSYAML-174129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Insertion of Sensitive Information into Log File SNYK-JS-NPMREGISTRYFETCH-575432	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JSYAML-173999	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: bluebird

• 3.7.2 - 2019-11-28
  

  Bugfixes:

  • Fixes firefox settimeout not initialized error (#1623)
• 3.7.1 - 2019-10-15
  

  Features:

  • feature

  Bugfixes:

  • Fix (#1614)
  • Fix (#1613)
  • Fix (#1616)
• 3.7.0 - 2019-10-01
  

  Features:

  • Add Promise.allSettled` method (#1606)
• 3.6.0 - 2019-10-01
  

  Features:

  • Add support for AsyncResource (#1403)

  Bugfixes:

  • Fix .reduce generating unhandled rejection events (#1501)
  • Fix Promise.reduce` generating unhandled rejction events (#1502)
  • Fix .map and .filter generating unhandled rejection events (#1487)
  • Fix Promise.map` unhandled rejection events (#1489)
  • Fix cancel skipping upward propagation (#1459)
  • Fix loadTimes deprecation (#1505)
  • Fix Promise.each` maximum stack exceeded error (#1326)
  • Make PromiseRejectionEvent confrom to spec (#1509)
  • Fix false unhandled rejection events (#1468)
• 3.5.5 - 2019-05-24
  

  Features:

  • Added Symbol.toStringTag support to Promise (#1421)

  Bugfixes:

  • Fix error in IE9 (#1591, #1592)
  • Fix error with undefined stack trace (#1537)
  • Fix #catch throwing an error later rather than immediately when passed non-function handler (#1517)

from bluebird GitHub release notes

Commit messages

Package name: bluebird

• 750bd7f Release v3.7.2
• f880445 Fixes [BUG] npm update gets out of memory npm/cli#1627 Make view test snapshot deterministic npm/cli#1623
• bd20f79 Release v3.7.1
• 2378ee6 try fix tests
• a00a664 Release v3.7.0
• 4df279b Fixes v7: npm view npm/cli#1606
• 0a85236 Release v3.6.0
• 96f266e Merge pull request [BUG] Cannot read property 'resolve' of undefined on 64-bit npm installation npm/cli#1604 from renewooller/master
• 933b5da Merge pull request NPM Install Error - Cannot read property 'match' of undefined npm/cli#1610 from Piccirello/patch-1
• 8e3eedc Add async/await example
• 6796d23 Update schedule.js
• b0ed2e4 docs: qualified that map must only take finite iterables
• b9037b3 Update README.md
• 60ef7a0 Fixes Stripe transfer insufficient funds, used together with stripe checkout npm/cli#1468, stabilize unhandled rejection tests
• 8991667 Fixes refactor lib npm.js npm/cli#1509
• 8f39dbc Fixes [FEATURE] Improved DX reporting engines field mismatch on install errors npm/cli#1326
• 12154ad Fix [ERR] npm ERR! cb() never called! npm/cli#1505
• 420cf4e Fix chore(docs): fixed links to cli commands npm/cli#1459
• a518f18 Fix [BUG] git is unable to add 'git-core' to the PATH when it is run using npm scripts npm/cli#1487 [BUG] publish error http fetch put 404 on npm v 6.14.5 node v 14.5.0 npm/cli#1489
• c9618f0 Fix unit tests for config commands npm/cli#1501 Stop recommending npm upgrade immediately after a npm upgrade npm/cli#1502
• c54bac1 update doc
• 8120177 document async hooks
• 8d9afb7 config update
• 79b9115 webpack config

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs