[Snyk] Fix for 23 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	569/1000 Why? Has a fix available, CVSS 7.1	Arbitrary Code Execution SNYK-JS-GRUNT-597546	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:jasmine-core:20180216	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: grunt

The new version differs by 82 commits.

• 6f49017 1.3.0
• faab6be Merge pull request Slow Scroll with collection inside modal Dogfalo/materialize#1720 from gruntjs/update-changelog-deps
• 520fedb Update Changelog and legacy-util dependency
• 7e669ac Merge pull request Docs Italian Translation Dogfalo/materialize#1719 from gruntjs/yaml-refactor
• e350cea Switch to use `safeLoad` for loading YML files via `file.readYAML`.
• 7125f49 Merge pull request Fix #1610: Correct javascript source in templates Dogfalo/materialize#1718 from gruntjs/legacy-log-bumo
• 00d5907 Bump legacy-log
• 3b75085 1.2.1
• ae11839 Changelog update
• 9d23cb6 Merge pull request Responsively hiding prefix icons in forms is buggy Dogfalo/materialize#1715 from sibiraj-s/remove-path-is-absolute
• e789b1f Remove path-is-absolute dependency
• 27bc5d9 Merge pull request documentation for Card Reveal has error Dogfalo/materialize#1714 from gruntjs/release-1.2.0
• 64a3cf4 Release v1.2.0
• 0d23eff Merge pull request Material Select remaining caret icon on destroy Dogfalo/materialize#1570 from bhldev/feature-options-keys
• ee70306 Merge pull request Materialize is randomly adding caret icons on top of my drop downs  Dogfalo/materialize#1697 from philz/1696
• 05c0634 Merge pull request icon font on BlackBerry 10 browser Dogfalo/materialize#1712 from gruntjs/fix-lint
• cdd1c19 fix lint in file.js
• bc168e3 Merge pull request Slider crashing with jQuery UI Dogfalo/materialize#1283 from greglittlefield-wf/recognize-relative-links
• 5f16b5a Merge pull request Icons not loading on windows phone Dogfalo/materialize#1675 from STRML/remove-coffeescript
• 58f80ae Merge pull request nav .brand-logo (Line 5268) Dogfalo/materialize#1677 from micellius/monorepo-support
• 1f61427 Add CODE_OF_CONDUCT.md
• 4c6fcd9 Merge pull request fix for #1708 Dogfalo/materialize#1709 from NotMoni/patch-1
• 169d496 add link to license
• 288ea76 add license link

See the full diff

Package name: grunt-contrib-jasmine

The new version differs by 20 commits.

• 201bb2a Release v2.0.3
• 9b18221 Upgrade npm dependencies
• d0e2572 fix: build only should pass if the buildSpecrunner runs without error
• 74855ed Update dependencies
• d65dd20 v2.0.2
• d7f652f Fix typo
• 55a5f1f Wait for spec runner before larunching browser
• 408a233 Set the startTime before calling sendMessage
• a30f731 Create new optional 'noSandbox' option to launching Puppeteer with no-sandbox arg.
• a88f31b Launching Puppeteer with no-sandbox arg.
• de29770 v2.0.1
• a71cc54 Use the grunt current working directory to find the jasmine core folder (Wish to clear date field value Dogfalo/materialize#277)
• f3c320c Deals with Code Clean :) Dogfalo/materialize#274 (Select box doesn't render if added dynamically! Dogfalo/materialize#275)
• a21b0b1 Implement options.version (Do a special dropdown for the small devices Dogfalo/materialize#273)
• 7d3dbdc update template usage (Dropdown Hover:false Dogfalo/materialize#272)
• 51feacb Update deps (Does SideNav also work other than on mobile? Dogfalo/materialize#271)
• 02e72f3 Switch from PhantomJS to Chrome Headless via Puppeteer (Input-field class documentation Dogfalo/materialize#269)
• 55594d0 1.2.0
• 5fc2536 Update ci (Add Sidebar Naviagation Dogfalo/materialize#268)
• cc8572c Fix deprecation warning in Node.js 7 (Increased z-index of dropdown menu Dogfalo/materialize#262)

See the full diff

Package name: grunt-sass

The new version differs by 9 commits.

• 2b662db 3.0.0
• 64f6444 Add support for Dart Sass (reattach events Dogfalo/materialize#283)
• 683ad07 Meta tweaks
• 12138d1 Fix linting
• 26c31c0 Require Node.js 8
• 276257e 2.1.0
• cfb6b53 Force the latest verison of node-sass
• b7087c6 Travis CI: Add Node.js 7 (Updated the range input code sample Dogfalo/materialize#270)
• e9187e2 Lock the XO dependency

See the full diff

Package name: lint-staged

The new version differs by 45 commits.

• d5e738d fix: Fix configuration validation and allow specifying custom renderers ((fix) Disabled buttons should have cursor: default Dogfalo/materialize#572)
• 406a0c0 chore: Revert "chore: pin cosmiconfig to 5.0.6" (fix : initial dropdown height change when animation is in progress Dogfalo/materialize#571)
• adfc1d4 docs(readme): Add example for environment variables (Indeterminate Preloader breaks down the iOS WebApp (tap functions) Dogfalo/materialize#564)
• 73e04d7 chore: Use `unmock` to get rid of mock hoisting (I have a relevant Sass function you might want to include. Dogfalo/materialize#563)
• ac8cdf1 docs: Remove comment about hunks support (Headers padding right  Dogfalo/materialize#553)
• 352ab8c docs: Update for JetBrains support (checkbox label's color Dogfalo/materialize#552)
• 30576d6 chore: Upgrade semantic-release to latest (Materialize Select is not focusable with key tab Dogfalo/materialize#548)
• fcb774b feat: Add `relative` option to allow passing relative paths to linters (Card Reveal Not Covering Entire Image Dogfalo/materialize#534)
• 5e607ef docs: Fix typo in README.md (Function getWavesEffectElement throwing TypeError when clicking on SVGs Dogfalo/materialize#537)
• 8285123 chore: Upgrade husky to v1 (Material Boxed doesn't work with Slider images Dogfalo/materialize#543)
• 48c5b65 chore: pin cosmiconfig to 5.0.6 (Update table.html Dogfalo/materialize#538)
• 503110d fix: Use listr-update-renderer from npm (Tabs not retaining active tab after tab change via jquery. Dogfalo/materialize#542)
• 6f6c08d docs(readme): refine prettier examples (Missing comma in docs Dogfalo/materialize#541)
• 5e165a3 Merge pull request problem with v0.95 dropdown menu collapse Dogfalo/materialize#513 from okonet/greenkeeper/staged-git-files-1.1.2
• 07fd087 Merge branch 'master' into greenkeeper/staged-git-files-1.1.2
• 00047de docs: fix typo (feat(font icons): Allows a custom path with the variable $icons-font-pat... Dogfalo/materialize#527)
• bedba5a refactor: Use object spread (Slider not working properly Dogfalo/materialize#524)
• 225a904 fix: Allow to use lint-staged on CI (minified css with grunt Dogfalo/materialize#523)
• af99172 fix(git): Use resolveGitDir in hasPartiallyStagedFiles (Remove console.log message from tooltip Dogfalo/materialize#520)
• da42f8a fix(git): Use resolveGitDir to resolve to .git for git commands (Navbar with mobile collapse button does not initialize sidenav without container Dogfalo/materialize#518)
• c4e8a2d chore(package): update lockfile yarn.lock
• ce434d3 fix(package): update staged-git-files to version 1.1.2
• 592486f docs: Update readme to include info about partially staged files support
• f82443c feat: Add support for partially staged files (Cleaned & Added composer.json (composer/packagist) Dogfalo/materialize#75)

See the full diff

Package name: node-sass

The new version differs by 64 commits.

• 240e8da 4.9.1
• cc6ff42 Restore old node to CI
• ef713a7 Bump request@2.87.0
• 62fd84a chore: Add info for "Pinned" label
• d3aebe7 Create CODE_OF_CONDUCT.md
• 18d198e typo: node-sas -> node-sass
• 64fdacf chore: Add link to 2355 on PR template
• 8040cb7 docs: add more 404 binding install info
• a3ac021 Clean out duplicate ISSUE template
• e0a92f6 docs: Cleanup issue templates
• 94ce852 Be even more explicit that Node 10 needs 4.9
• 91973ed chore: Add compile issue details to bug template
• e23531d Update issue templates using builder
• 8878118 docs: Add Feature request issue template
• 043e2bc docs: Move and update Installation template
• fece9af docs: Add issue template for compilation results
• 8268296 doc: New ISSUE Template for Request Security issues
• 6fef242 Updates README.md with AppVeyor svg badge (Navbar Links ul watch bad in mobile Dogfalo/materialize#2376)
• e3ab6e1 Clarify docs for --source-map. Closes More than 3 grid breakpoints? Dogfalo/materialize#1026.
• 8c4808a Updated links to absolute path instead of relative (Textarea won't autoresize on initial page load on mobile Dogfalo/materialize#2371)
• 26a2032 Add PR Template for Request bumps
• 9d6faf6 Bump LibSass@3.5.4
• 739d768 Bump gcc@4.9 for Node 10
• a124e9d Add Node 10 to CI

See the full diff

Package name: phantomjs-prebuilt

The new version differs by 6 commits.

• 0cc1407 Merge pull request ASP.Net MVC Checkbox Dogfalo/materialize#746 from avindra/patch-1
• 2c46265 Dependencies: change tilde to caret
• a98231b Merge pull request Fullscreen Slider Dogfalo/materialize#733 from avindra/patch-1
• 19c6d4c Bump package.json version
• 65b57f7 Merge pull request Syntax Error on navbar.html page Dogfalo/materialize#732 from Ilshidur/patch-1
• cc52482 Dependencies update : fix security issues

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic