[Snyk] Fix for 4 vulnerabilities

[piranna]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 154 commits.

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (#454)
• b68dbf8 Fix typo (#455)
• 1351d2f Inline extend function in node implementation (#452)
• c211947 update version for component
• 14df14c release 2.6.5
• cae07b7 cleanup browser tests and fix null reference check on window.documentElement.style.WebkitAppearance (#447)
• f311b10 release 2.6.4
• 1f01b70 Fix bug that would occure if process.env.DEBUG is a non-string value. (#444)
• 2f3ebf4 Update CHANGELOG.md
• f5ae332 Update CHANGELOG.md
• 9742c5f chore(): ignore bower.json in npm installations. (#437)
• 27d93a3 update "debug" to v0.7.3
• 9dc30f8 release 2.6.3
• 0fb8ea4 LocalStorage returns undefined for any key not present (#431)
• ce4d93e changelog fix
• 017a9d6 release 2.6.2
• 23bc780 fix DEBUG_MAX_ARRAY_LENGTH
• 065cbfb Add backers and sponsors from Open Collective (#422)

See the full diff

Package name: fresh

The new version differs by 77 commits.

• 02df630 0.5.2
• 37cd4a2 build: Node.js@8.5
• 731c0eb build: Node.js@6.11
• 21a0f0c perf: improve If-None-Match token parsing
• ff5f257 Fix regression matching multiple ETags in If-None-Match
• e8a4aaf 0.5.1
• 7015bce perf: improve ETag match loop
• 7a2b460 Fix handling of modified headers with invalid dates
• 1599530 bench: add simple benchmarks
• 74793d9 build: eslint-plugin-node@5.1.1
• 7d02af4 build: eslint-plugin-import@2.7.0
• 5a0a80f build: eslint-plugin-markdown@1.0.0-beta.6
• 1846661 build: support Node.js 8.x
• 3687aad build: Node.js@7.10
• 6c33c6d lint: apply standard 10 style
• b1a0dbe build: eslint@3.19.0
• 377ffa2 build: Node.js@7.9
• 9fcd106 build: use precise dist on Travis CI
• 6593668 lint: use standard style in readme
• e55337d build: Node.js@7.7
• ffef2df build: Node.js@6.10
• af79bbe build: Node.js@4.8
• d0109e0 build: eslint-config-standard@7.0.0
• b1d26ab 0.5.0

See the full diff

Package name: mime

The new version differs by 23 commits.

• eb24bae 1.4.1
• 855d0c4 Fix Remove line in SendStream.pipe() that does nothing pillarjs/send#167
• 1f0af63 1.4.0
• 8d02be2 update to mime-db@v1.30.0
• 78aa9df bump version
• 93caa32 fixup tests
• 29f5a46 Revert "Use facets to prioritize when resolving type conflicts" (Fix Create .npmignore pillarjs/send#157)
• f7ccb94 Merge pull request Close <html> element pillarjs/send#156 from broofa/facets
• fb02668 Merge pull request SendStream.pipe with empty path resolves to path with slash on end pillarjs/send#148 from edi9999/patch-1
• d33f801 Merge pull request Renamed error param to err; to fix Error in strict pillarjs/send#133 from xiaody/master
• 902ec07 Use facets to prioritize when resolving type conflicts
• 19a4b97 Merge branch 'master' of github.com:broofa/node-mime
• 89d499e Merge pull request Upgrade to mime@1.5.0. pillarjs/send#155 from WORMSS/patch-1
• 2f1f6a0 debug fix
• 76e8766 update types from latest version of mime-db
• 9515cda Merge pull request #150 from taylorhutchison/master
• 691da1d Removing duplicate scripts property.
• dba7e01 Update LICENSE
• a5c1455 Merge pull request deps: mime@1.4.0 pillarjs/send#142 from billymoon/patch-1
• 9695770 Update package.json
• aa327fe js/json should be utf-8 charset
• 6c3d324 Merge pull request Avoid race condition by using fs.open and fs.fstat, also allow file descriptor to be passed pillarjs/send#125 from pgilad/patch-1
• d0715f3 update license attribute

See the full diff

Package name: ms

The new version differs by 63 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s (index event pillarjs/send#89)
• b83b36d chore(package): update eslint to version 3.19.0 (Index as function pillarjs/send#88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 (Show symbolic links as redirects pillarjs/send#86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 (Add pending HTTP methods pillarjs/send#85)
• bd49cec chore(package): update xo to version 0.18.0 (emit('end') when notModified() pillarjs/send#84)
• d4a94b1 chore(package): update serve to version 5.0.3 (Send breaks jest pillarjs/send#83)
• 923eee1 chore(package): update serve to version 5.0.2 (Add support for transform option. pillarjs/send#82)
• 2006a77 0.7.3
• 15a27b1 chore(package): update serve to version 5.0.1 (Check module node.js 4.* to raise in express.js pillarjs/send#81)
• 126d7f0 Pinned dependencies
• 2ee4afa chore(package): update serve to version 5.0.0 (A named anonymous function issue on Safari's strict mode pillarjs/send#80)
• 5bfb0a7 chore(package): update serve to version 4.0.0 (Extra slashes ignored pillarjs/send#79)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn