[Snyk] Fix for 26 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: coveralls

The new version differs by 3 commits.

• 2ed4d09 major version bump for node > 4.x
• 5ebe57f bump version
• 428780c Expand allowed dependency versions to all API compatible versions (Thank you Rob--W/cors-anywhere#172)

See the full diff

Package name: nock

The new version differs by 250 commits.

• c7b156a v8.0.0
• 43e9b2f added missing dep
• 1735038 Merge branch 'greenkeeper-request-2.70.0'
• 568cd04 Merge branch 'master' into greenkeeper-request-2.70.0
• ca251b3 making the latest version of lodash work
• 6d997a6 Merge pull request #521 from node-nock/greenkeeper-update-all
• 149d7ab fixes for latest tap version
• 361dc21 chore(package): update request to version 2.70.0
• d4877f7 chore(package): update dependencies
• 5d8e77d v7.7.3
• 9684dc6 Merge pull request #520 from ericsaboia/master
• 2834178 properly remove interceptor with regex domain from the list after used
• 3ce48c9 Merge pull request #519 from Byron-TW/patch-1
• 35e4f4f Fix typo
• 842ecfc changelog update
• 646dfd2 v7.7.2
• d8bbaab v7.7.1
• b40d53a Merge branch 'master' of github.com:node-nock/nock
• bc95ed6 v7.7.0
• 29af0e6 Merge pull request #514 from kevinburkeshyp/fix-req-no-match
• 3d08263 Merge pull request #512 from kevinburkeshyp/fix-typo
• e4d7433 browserify bundle update
• 4aae26b request abort destroys socket. fixes #511
• 37d10ab Fix nock.emitter.on('no match') undefined argument

See the full diff

Package name: supertest

The new version differs by 95 commits.

• 199506d Prepare 3.0.0 release. Small readme updates, update dev libs.
• 1d82e5b Allow TestAgent pass a cert and key to request (where do i add custom headers on the request? Rob--W/cors-anywhere#373)
• 188f8f2 Update readme (Yandex app English language transition Rob--W/cors-anywhere#392)
• bd63752 Use superagent 3 (Add ability to preserve set-cookie on responses Rob--W/cors-anywhere#400)
• 3c16aa1 Couple small updates to README
• 5930d2c Change package.json to 2.0.1 version and update engines field.
• 4d21f0d Remove node 0.12 from travis testing. A little early for 0.12 EOF but I want the new eslint libs which don't support 0.12.
• 6fcd9b3 Update dev deps. Fix couple lint issues. Add node v6 and remove 0.10 for travis tests.
• 2026549 Prepare for 2.0.1 release.
• e07e981 fix request with content-length > 0 and content-encoding: gzip (Question: SSL certificate verification Rob--W/cors-anywhere#371)
• cf9f991 Update Release History for v2.0.0
• df45dd7 Handle server not-running & superagent system errors (LimitInternalRecursion Rob--W/cors-anywhere#348)
• 054ad57 Prepare for 2.0.0 release.
• 7ca0574 Upgrade superagent to 2.x (Minor error in README.md Rob--W/cors-anywhere#347)
• 7d35f22 Change 'super-agent' to 'superagent' in Readme. (Missing required request header. Must specify one of: origin,x-requested-with Rob--W/cors-anywhere#343)
• d0c1457 Fix eslint checks .pem (Fix for "Access-Control-Allow-Credentials" is "true" Rob--W/cors-anywhere#331)
• 076ce21 Fix typo on line 74 (Access-Control-Allow-Credentials: True causing proxied requests to fail Rob--W/cors-anywhere#330)
• a920af5 MISC Update dev deps, small updates to README.
• 25665c0 Fix readme for .expect(fn), fixes Upgrade http-proxy dependency >= 1.18.1 ? Rob--W/cors-anywhere#253 (Will cors-anywhere ever rate limit requests? Rob--W/cors-anywhere#262)
• 480b9bb Merge pull request where set this in herolu Rob--W/cors-anywhere#324 from visionmedia/eslint-refactor
• af3c013 Slight cleanup to esline rules. Remove some overrides, refactor logic in _assertHeader function.
• 1849094 Refactor source code to use eslint with airbnb legacy rules.
• ecced93 Merge pull request Include lockfile Rob--W/cors-anywhere#318 from oskarcieslik/patch-1
• a1533e5 Changed example with cookie-parser

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Execution
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn