[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: electron-forge

The new version differs by 173 commits.

• f226c68 4.1.6
• bd3e9ee updated CHANGELOG.md
• 24267fe fix(importer): Fix typo in dependency check
• a3ffe36 Add test for the bug
• 468fc7d Fix test description to be more specific
• df3d441 More import test assertions
• 9a73e83 Rename constant for better code clarity
• 9e3c1b0 Make productName fall back on name
• 23f191a fix(importer): handle the case where productName doesn't exist
• a39011b refactor(maker): DRY up linux config transformations
• 076c78e fix(generic): assume invalid semver package manager versions are incompatible
• e118c05 Upgrade dependencies
• 1b69e1b 4.1.5
• 38a32ba updated CHANGELOG.md
• c9e23e3 fix(packager): fix custom afterCopy, afterPrune not being included
• 7d22d16 4.1.4
• bbe41d7 updated CHANGELOG.md
• a2c33eb fix(publisher): fix publishing a saved dry run on a different device from the initial dry run
• 1920b5f Rebuild modules regardless of whether prune is enabled
• cce9db4 fix(packager): move the rebuild hook to after pruning finishes
• e847a78 feat(packager): add support for hook files for electronPackagerConfig.afterPrune
• 08d5577 refactor(packager): resolve hook files in a common function
• 38f9a3d fix(importer): adjust Forge config defaults just like in init
• dbc2a4b 4.1.3

See the full diff

Package name: npmi

The new version differs by 11 commits.

• e6d4338 doc warning for npm 5 regarding local modules
• 4d043cc gotta put mocha in devDeps
• 7a91a4a Merge pull request [Snyk] Fix for 15 vulnerable dependencies #14 from lukaskollmer/master
• a0c7ec5 Update README.md
• fe6d7fe Update .travis.yml
• 2fd8fc4 Bump version
• bb12fc6 Update depencencies
• f714a75 Update README.md
• 1deebb4 README ack for HEADS
• 8db04f7 Update README.md
• 94b534e Update README.md

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)