[Snyk] Fix for 16 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	599/1000 Why? Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHDEFAULTSDEEP-450198	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHDEFAULTSDEEP-450199	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451341	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS ) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: autoprefixer-stylus

The new version differs by 7 commits.

• 5d1e74f 1.0.0
• 51f9a83 remove engines
• 3b2dace update travis
• fbc4023 update a lot of things
• 54067de Adding collaborators nodejs/nodejs.org#181 Remove deprecated packages, update test logic
• c3d34b9 Add colon back
• 91edfcc Update dependencies and tests

See the full diff

Package name: chokidar

The new version differs by 113 commits.

• 7b8e02a Release 3.0.0.
• e7bfe2f Move stuff.
• df7f22e Remove changelog from npm, move to hidden dir.
• 3df7692 Improve naming.
• 6e94ca2 Clean-up.
• 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (add release post for v6.3.1 nodejs/nodejs.org#833)
• 9e0965a Fix Windows tests in Travis CI (Evangelism: Weekly Update for July ~ nodejs/nodejs.org#832)
• c95a98f Update stuff.
• 187ff2b test: Trying to fix blinked tests for Travis CI. (Always translate header & footer templates? nodejs/nodejs.org#825)
• db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (Seems, 'url.parse' isn't working properly nodejs/nodejs.org#824)
• 41f8782 fix(FsEvents): Remove situation with NaN depth. (Update dependencies nodejs/nodejs.org#823)
• 7cf3f7e Update readdirp to stable.
• 0927a62 Bump packages.
• 11cd857 Update nyc.
• 99c14d7 Uncomment fsevents.
• cf330a5 Update fsevents.
• 0e4fca5 Fix deps.
• 9c575d4 Fix Windows version (Bithound.metalsmith stylus.2.0.0 nodejs/nodejs.org#821)
• 3323d59 fix(Linux): Make event loop hack for keep testing valid. (Add weekly update 2016-07-08 nodejs/nodejs.org#820)
• 06214c5 Update to latest readdirp.
• 793639f Rename osxfswatch.
• 078bc2d Refactor and fix freaking tests.
• 2b9bb41 Try node 11.
• 3fe3d4e Test travis.

See the full diff

Package name: handlebars

The new version differs by 169 commits.

• a9a8e40 v4.7.7
• e66aed5 Update release notes
• 7d4d170 disable IE in Saucelabs tests
• eb860c0 fix weird error in integration tests
• b6d3de7 fix: check prototype property access in strict-mode ([Fix] Fix typo error of Stack Overflow nodejs/nodejs.org#1736)
• f058970 fix: escape property names in compat mode ([Fix] Fix typo error of Stack Overflow nodejs/nodejs.org#1736)
• 77825f8 refator: In spec tests, use expectTemplate over equals and shouldThrow (Better GitHub issue templates nodejs/nodejs.org#1683)
• 3789a30 chore: start testing on Node.js 12 and 13
• e6ad93e v4.7.6
• 2bf4fc6 Update release notes
• b64202b Update release-notes.md
• c2f1e62 Switch cmd parser to latest minimist
• 08e9a11 Revert "chore: set Node.js compatibility to v6+"
• 1fd2ede v4.7.5
• 3c9c2f5 Update release notes
• 16487a0 chore: downgrade yargs to v14
• 309d2b4 chore: set Node.js compatibility to v6+
• 645ac73 test: fix integration tests
• b454b02 docs: update release-docs in CONTRIBUTING.md
• 7adc19a v4.7.4
• 9dd8d10 Update release notes
• 4671c4b Use tmp directory for files written during tests
• e46baa1 tasks/test-bin.js: Delete duplicate test
• c491b4e Revert "Update release-notes.md"

See the full diff

Package name: marked

The new version differs by 250 commits.

• 1ad8e69 Merge pull request remove banner nodejs/nodejs.org#1731 from UziTech/release-1.1.1
• 7e17526 1.1.1
• 7fbee6e Merge pull request Addin JS Interactive to website homepage?  nodejs/nodejs.org#1730 from UziTech/update-deps
• 6f7522f Merge pull request sync locale/es/index.md with the original (#1726) nodejs/nodejs.org#1729 from UziTech/quick-ref
• f8024eb remove ending slash
• 524ae66 remove ending slash
• 0d6e056 build
• 04ac593 update dev deps
• f36f676 🗜️ build [skip ci]
• dddf9ae Merge pull request [Localization] Fix some Chinese translations nodejs/nodejs.org#1686 from calculuschild/EmphasisFixes
• 6b729ed Merge branch 'EmphasisFixes' of https://github.com/calculuschild/marked into EmphasisFixes
• e27e6f9 Sorted strong and em into sub-objects
• a761316 Merge pull request sync locale/uk/index.md with the original nodejs/nodejs.org#1726 from UziTech/show-rules
• f8193ed add npm run rules
• ad720c1 Make emEnd const
• 1fb141d Make strEnd const
• 226bbe7 Lint
• cc778ad Removed redundancy in "startEM" check
• 211b9f9 Removed Lookbehinds
• 982b57e Merge pull request Fix: #1717 nodejs/nodejs.org#1720 from vassudanagunta/docs-patch-1
• 2a847e6 clarify level of support for Markdown flavors
• bd4f8c4 Fix unrestricted "any character" for REDOS
• 4e7902e Gaaaah lint
• 4db32dc Links are masked only once per inline string

See the full diff

Package name: metalsmith-markdown

The new version differs by 5 commits.

• 082f13f 1.3.0
• d05756c Updated history with latest version
• 8fd54b0 Merge pull request Download matrix on the downloads page nodejs/nodejs.org#44 from segmentio/maintenance
• da9bcb0 Updated Packages and history
• c72799c History listing updated with comparisons

See the full diff

Package name: node-version-data

The new version differs by 2 commits.

• 4ea0395 1.1.0
• 396346a update deps, fix tests, add node-downloads.js to git (whoops)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic