[Snyk] Fix for 1 vulnerabilities

[smarkussen19]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: anymatch

The new version differs by 18 commits.

• d474c82 Release 3.0.0.
• dd660f8 Update deps.
• 64ce747 Update types.
• bd27242 Fixes.
• e18de05 Update to picomatch-stable.
• 30fa2c3 Merge pull request [Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0 #28 from leonardodino/fix-package-name
• 6b01ef6 Fix package name typo in README.md
• b500318 Remove line.
• 57e0193 Bring back arg passing.
• 13343b0 Cache patterns. Performance boost.
• 5ece3fd Switch to picomatch. Update deps.
• cece732 Fix declarations.
• 0065fca Update readme.
• 4518091 Readme.
• 1e69e91 Update.
• 9ef72e8 Changelog.
• cb143fe Improve type matching.
• 02257b9 New version. More strict. Drop returnIndex and startIndex params for now.

See the full diff

Package name: braces

The new version differs by 16 commits.

• abcf341 3.0.0
• 68a3fdf refactor
• bb5b5ba Remove appveyor from readme.
• 086008a travis: Drop sudo: false.
• 4ed704b add unit tests
• 60eb988 ranges
• 7b1abf0 Use proper nodejs versions for appveyor.
• 7b106b6 braces api
• 80eae1f Drop duplicate node v11 for travis.
• 58d868e windows support
• 27f7344 Appveyor: Drop support for nodejs <8 for now.
• 25424ec Drop support for nodejs <8 for now.
• ceef790 cover sets
• f5bf204 clean up examples
• 92ec96d start refactoring
• cd50063 2.3.2

See the full diff

Package name: dependency-check

The new version differs by 9 commits.

• d0efa70 3.0.0
• bdbbfcf Update remaining dependencies
• 7bb339a Use latest version of read-package-json
• b7aef20 Enable strict mode
• ac7a817 Move from "var" to "const"/"let"
• e5fdc3a Use arrow functions
• 28502b5 Replace asyncMap with Promises
• 36b3d24 Ignore package manager lock files
• b8efac2 Require at least Node 6

See the full diff

Package name: detective-less

The new version differs by 4 commits.

• c4bdaa2 1.0.1
• 1f23fa4 Merge pull request [Snyk] Fix for 11 vulnerabilities #1 from danez/patch-2
• 9ee5b72 Update package.json
• f244e64 deps: Update debug to fix security issue

See the full diff

Package name: engine.io

The new version differs by 20 commits.

• b3f3590 [chore] Release 3.1.5
• 0d4e79e [chore] Bump dependencies ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#549)
• ea318b8 [chore] Bump accepts to version 1.3.4 ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#548)
• d7aaf2b [docs] Update test command in README ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#547)
• c107ffe [chore] Bump uws to version 9.14.0 ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#545)
• 8d0ce5f [refactor] Add some checks to prevent usage of undefined properties ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#540)
• 1a685c0 [chore] Release 3.1.4
• b3f1d35 [chore] Bump ws to version 3.3.1 ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#543)
• 3ee803a [chore] Release 3.1.3
• 49362ab [fix] Fix undefined remoteAddress when using uws ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#533)
• 3c77780 [chore] Bump debug to version 2.6.9 ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#532)
• bf24359 [chore] Release 3.1.2
• a8ff89c [chore] Release 3.1.1
• e0d720c [fix] Check whether 'Origin' header has invalid characters ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#531)
• 38d639a [fix] Use explicit require of wsEngine ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#523)
• f9d3f06 [docs] Fix wsEngine default value in README ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#526)
• fd20b91 [test] Use npm scripts instead of gulp ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#530)
• 7f63d38 [fix] Fix undeterministic error in polling buffer processing ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#529)
• 3dcc2d5 [fix] Use workaround for setEncoding bug in node 0.10+ ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#527)
• e76e035 [fix] Fix null payload when aborting connection ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#503)

See the full diff

Package name: engine.io-client

The new version differs by 15 commits.

• 0071fdf [chore] Release 3.1.5
• 64ce480 fix: use try/catch when setting xhr.responseType ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#592)
• 3039017 [chore] Bump debug to version 3.1.0
• 90f4d17 [chore] Release 3.1.4
• 7fab005 [chore] Bump ws to version 3.3.1 ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#587)
• 4558b25 [chore] Release 3.1.3
• a28776e [refactor] Update entry point in webpack configuration ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#586)
• 42501c6 [revert] [refactor] Remove usuless indexof dependency ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#582)
• 8ce2432 [chore] Bump xmlhttprequest-ssl to version 1.5.4 ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#585)
• 4a551a1 [chore] Bump debug to version 2.6.9 ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#584)
• d8fdf9b [refactor] Remove useless entry point ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#583)
• 6043c49 [refactor] Remove usuless indexof dependency ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#582)
• 5d29c1c [test] Remove IE6 and IE7 tests ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#581)
• 1cbab34 [chore] Release 3.1.2
• 0b26bc3 [fix] Remove parsejson dependency ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#580)

See the full diff

Package name: esformatter

The new version differs by 53 commits.

• 899edf9 0.11.0
• 50a0d35 Updated tests to use node@12
• 4114fe8 Fixed lint errors
• 2189abb Bumped mockery@2.1.0
• 29304e2 Bumped jshint@2.10.2
• 489227a Bumped chai@4.2.0
• 3e8e190 Bumped strip-json-comments@3.0.1
• a469e34 Bumped supports-color@latest
• e4cf24c Bumped mocha@6.2.0
• 57bb6fb Bumped debug@4.1.1
• 6dc68d3 Bumped npm-run@5.0.1
• 505bb14 Merge branch 'issue-506' of github.com:mcandre/esformatter
• 6bfe5e4 Added package-lock.json
• 66663d2 Fix permission issue on pipe tests
• 7f87223 update npm-run
• 060ad53 update debug
• 29045f0 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#488 from langdonx/noop-arrowfunctions
• d08012a add prettier to "popular alternatives"
• ef52228 noop support for ArrowFunctionExpression
• 72e4d95 add MethodDefinitionComputedOpening and MethodDefinitionComputedClosing support. fixes [Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#470
• 3c1c2fa indent return arguments wrapped into parenthesis. fixes [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#465
• de57013 update README to include info about presets
• 4a4a3bb include doc/presets.md
• 2198969 0.10.0

See the full diff

Package name: expand-brackets

The new version differs by 9 commits.

• 58f2f1f 3.0.0
• 3060a56 Revert "Fix appveyor link"
• 232670e Fix appveyor link
• 7e996fb Update Readme
• 7c0bdfc Remove debug
• c204656 Merge pull request [Snyk] Fix for 9 vulnerabilities #9 from danez/update-snapdragon
• 8219034 Update snapdragon to 0.11
• cc56339 Merge pull request [Snyk] Fix for 1 vulnerabilities #7 from mjbvz/patch-1
• ae88242 Update Repository Urls

See the full diff

Package name: extract-zip

The new version differs by 11 commits.

• eb3c1ed 2.0.0
• 27f3f85 feat: add TypeScript definition ([Snyk] Security upgrade snyk from 1.389.0 to 1.685.0 #92)
• ef3995d build: lint ava tests ([Snyk] Fix for 2 vulnerabilities #91)
• e8dae76 docs: add troubleshooting docs
• af00186 refactor: replace callback-style API with Promise-style API ([Snyk] Fix for 15 vulnerabilities #90)
• 7993cb8 feat: require Node 10.12 ([Snyk] Fix for 10 vulnerabilities #89)
• 79e0910 doc: clarify that required parameters are paths ([Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0 #56)
• cc72c88 build: use package.json files instead of .npmignore
• c2b1c17 1.7.0
• 990fc64 Add error handler to zipfile object ([Snyk] Fix for 1 vulnerabilities #67)
• 8285111 feat: don't pin dependency requirements ([Snyk] Fix for 1 vulnerabilities #88)

See the full diff

Package name: karma

The new version differs by 36 commits.

• a4d5bdc chore: release v3.0.0
• 75f466d chore: release v2.0.6
• 5db9399 chore: update contributors
• eb3b1b4 chore(deps): update mime -> 2.3.1 ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3107)
• 732396a fix(travis): Up the socket timeout 2->20s. ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#3103)
• 173848e Remove erroneous change log entries for 2.0.3
• 1002569 chore(ci): drop node 9 from travis tests ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#3100)
• 02f54c6 fix(server): Exit clean on unhandledRejections. ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3092)
• 0fdd8f9 chore(deps): update socket.io -> 2.1.1 ([Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 snyk-fixtures/npm-lockfiles#3099)
• 90f5546 fix(travis): use the value not the key name. ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#3097)
• fba5d36 fix(travis): validate TRAVIS_COMMIT if TRAVIS_PULL_REQUEST_SHA is not set. ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#3094)
• 56fda53 fix(init): add "ChromeHeadless" to the browsers' options ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#3096)
• f6d2f0e fix(config): Wait 30s for browser activity per Travis. ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3091)
• a58fa45 fix(travis): Validate TRAVIS_PULL_REQUEST_SHA rather than TRAVIS_COMMIT. ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#3093)
• 88b977f fix(config): wait 20s for browser activity. ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3087)
• 94a6728 chore: remove support for node 4, update log4js ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3082)
• c5dc62d docs: better clarity for API usage
• 0018947 chore: release v2.0.5
• 02dc1f4 chore: update contributors
• dc7265b fix(browser): ensure browser state is EXECUTING when tests start ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3074)
• 7617279 refactor(filelist): rename promise -> lastCompletedRefresh and remove unused promise ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3060)
• a701732 fix(doc): Document release steps for admins ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3063)
• 93ba05a fix(middleware): Obey the Promise API.
• 518cb11 fix: remove circular reference in Browser

See the full diff

Package name: micromatch

The new version differs by 29 commits.

• 89efcff 4.0.0
• f3238cb Merge pull request [Snyk] Fix for 3 vulnerabilities #151 from micromatch/dev
• 7c78f9a ensure args are strings
• 2e42796 bump picomatch
• 09f8260 windows, it's time we had a talk...
• a49f94c fix slashes in tests
• a6ab670 use braces patch, build readme
• 976d956 upgrade braces and picomatch
• a6596da add benchmarks
• 11168b1 rename unixify to windows
• 5bf40fe package.json: Use github versions of deps to test the env.
• 5d78d48 Drop node v6 since picomatch doesnt support it.
• 96ac3ba Remove duplicate node. Remove unsupported node v7.
• bf44408 Merge branch 'master' into dev
• b8abcf9 Merge remote-tracking branch 'origin/dev'
• e07df11 rebuild docs
• 47340ad Merge remote-tracking branch 'origin/master' into dev
• 52df06d refactor
• 09bd55c Merge pull request [Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #149 from Glazy/hotfix/issue-template-update
• c32543d Add myself to package.json contributors list
• 86858bf Update issue template w/ typo and question change
• f2ce9d2 Merge pull request [Snyk] Fix for 29 vulnerabilities #130 from wtgtybhertgeghgtwtg/unescape
• 677f127 Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 5.0.8 #134 from Tvrqvoise/v3-changelog
• 4a70a66 Merge pull request [Snyk] Fix for 2 vulnerabilities #141 from simlu/patch-1

See the full diff

Package name: mongodb-js-fmt

The new version differs by 7 commits.

• c6eb112 0.0.4
• 4045480 Sunsetting this project
• 2376730 chore(package): update dependencies ([Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #3)
• 244ded0 Update package.json with correct github url ([Snyk] Fix for 11 vulnerabilities #2)
• da67a88 Update travis.yml to node_js 4 from iojs-v2.3.4 ([Snyk] Fix for 11 vulnerabilities #1)
• 453ab45 💚
• d26536f 👕

See the full diff

Package name: precinct

The new version differs by 11 commits.

• 26d7a4c 4.1.0
• 6553f16 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #40 from joscha/joscha/postcss
• 5068a88 paperwork test
• bec9b5e add CSS to list
• c93a1a8 feat: add CSS (PostCSS dialect)
• ab7f601 Merge pull request [Snyk] Security upgrade mongoose from 4.13.21 to 6.4.6 #39 from akkumar/update_versions
• 599bde7 chore: update devDependencies and detective-less to 1.0.1. check in package-lock
• e886f1d 4.0.0
• 7251ccd Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #38 from dependents/bump_typescript
• 34cd9a7 Use newer node version and specify it
• 3b18d6b Bump TS

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 8987918 Merge pull request [Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1781 from snyk/fix/replace-proxy
• eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
• 8045ceb test: update proxy tests for the new proxy global-agent
• 0d0c76a feat: support lowercase http_proxy envvars
• e597846 test(proxy): acceptance test for Proxy envvar settings
• 6d67579 fix: replace vulnerable proxy dependency
• 1449c57 Merge pull request [Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1707 from snyk/feat/snyk-fix
• 3d872fb test: assert exact errors for unsupported
• 5ebd685 Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1777 from snyk/feat/fix-with-version-provenance
• 17e3431 Merge pull request [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1778 from snyk/feat/dont-force-https
• fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
• 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
• 77e6665 chore: lerna release with exact version
• f14819f Merge pull request [Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1760 from snyk/feat/support-critical-in-sarif
• b286418 feat: v1 support for previously fixed reqs.txt
• 0384020 feat: basic pip fix -r support
• f94c558 feat: include pins optionally
• 66ca77a feat: do not skip files with -r directive
• bc44f9a refactor: fix individual reqs manifest
• 6e84322 feat: fix individual file with provenance
• 9ed99f3 Merge pull request [Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1764 from snyk/feat/update-code-client
• c92599b Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1774 from snyk/refactor/change-binaries-release-script
• ca508ac test: smoke test for `snyk fix`
• c68c7da feat: add @ snyk/fix as a dep

See the full diff

Package name: socket.io

The new version differs by 31 commits.

• db831a3 [chore] Release 2.1.0
• ac945d1 [feat] Add support for dynamic namespaces ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3195)
• ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#2895)
• 1f1d64b [fix] Include the protocol in the origins check ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#3198)
• f4fc517 [fix] Properly emit 'connect' when using a custom namespace ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#3197)
• be61ba0 [docs] Add link to a Dart client implementation ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#2940)
• c0c79f0 [feat] Add support for dynamic namespaces ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#3187)
• dea5214 [chore] Bump superagent and supertest versions ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#3186)
• b1941d5 [chore] Bump engine.io to version 3.2.0
• a23007a [docs] Update license year ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3153)
• f48a06c [feat] Add a 'binary' flag ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#3185)
• 0539a2c [test] Update travis configuration
• c06ac07 [docs] Fix typo ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3157)
• 52b0960 [chore] Bump debug to version 3.1.0
• 1c108a3 [chore] Release 2.0.4
• f333479 [test] Use npm scripts instead of gulp ([Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-fixtures/npm-lockfiles#3078)
• 3f61165 [docs] Fix a grammar mistake in the API docs ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3076)
• e26b71c [docs] Fix typo in API docs ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3066)
• 3386e15 [docs] Actually prevent input from having injected markup in chat example ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#2987)
• 3684d59 [docs] Use path.join instead of concatenating paths ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3014)
• dd69abb [fix] Reset rooms object before broadcasting from namespace ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#3039)
• 1f0e64a [fix] Do not throw when receiving an unhandled error packet ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#3038)
• 9d170a7 [docs] Add io.emit in the cheat sheet ([Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 snyk-fixtures/npm-lockfiles#2992)
• 7199d1b [docs] Fix misnamed 'Object.keys' in API docs ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#2979)

See the full diff

Package name: socket.io-client

The new version differs by 15 commits.

• 3eb047f [chore] Release 2.1.0
• afb952d [docs] Add a note about reconnecting after a server-side disconnection
• 74893d5 [feat] Add a 'binary' flag ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1194)
• 9701611 [chore] Bump engine.io-client to version 3.2.0 ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1192)
• 3d8f24e [test] Update travis configuration
• e27f38b [chore] Restore unminified distribution files ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1191)
• bb743c4 [docs] Document connected and disconnected socket properties ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#1155)
• f31837f [chore] Bump debug to version 3.1.0
• ebb0596 [chore] Release 2.0.4
• 57cee21 [test] Remove IE6 and IE7 tests ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#1164)
• c58ecfc [docs] Add code examples for registered events ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#1139)
• e9ebe36 [docs] Add an example with ES6 import in the README ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1138)
• 19f2b19 [chore] Release 2.0.3
• 83fedf5 [docs] Add explicit documentation for websocket transport ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1128)
• c0da119 [docs] Update documentation ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1124)

See the full diff

Package name: socket.io-parser

The new version differs by 9 commits.

• f9c0625 [chore] Release 3.1.3
• f0a7df1 [fix] Ensure packet data is an array ([Snyk] Fix for 1 vulnerabilities #83)
• 8822578 [fix] Use ArrayBuffer.isView to check for typed arrays ([Snyk] Security upgrade debug from 2.6.9 to 3.1.0 #82)
• dd164e6 [chore] Bump debug to version 3.1.0
• f9c3549 [chore] Release 3.1.2
• 425391a [chore] Bump has-binary2 to version 1.0.2 ([Snyk] Fix for 1 vulnerabilities #70)
• b4f849a [fix] Fix Blob detection for iOS 8/9 ([Snyk] Fix for 1 vulnerabilities #69)
• eaee5d5 [chore] Release 3.1.1
• 2f31a4e [fix] Ensure globals are functions before running `instanceof` ([Snyk] Security upgrade karma from 2.0.3 to 5.0.8 #68)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)