[Snyk] Fix for 61 vulnerabilities

[lholmquist]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHMERGE-173732	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHMERGE-173733	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	No	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRINTF-1072096	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	No	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	No	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	No	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-TAR-174125	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	No	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	No	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:markdown-it:20150702	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	npm Token Leak npm:npm:20160418	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Symlink File Overwrite npm:tar:20151103	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ember-cli-babel

The new version differs by 250 commits.

• 0b83e42 7.0.0
• fcf317f Merge pull request #140 from babel/babel-7
• d01d724 Prevent issues with @ babel/preset-env getting unknown options.
• 1ea60c3 Merge branch 'master' into babel-7
• 6955f46 Drop support for ember-cli < 2.13.
• eb03764 Merge changes from master...
• c58ae85 6.17.0
• 5486b3e Add recent releases to changelog...
• ec3f25c Merge pull request #241 from arthirm/master
• af16202 Bumping broccoli-babel-transpiler
• b4528ff Update test to properly match plugin style.
• 2ea0e47 Remove brittle (and unneeded) tests.
• 9671601 7.0.0-beta.5
• 1167211 Remove stray .only.
• cf8f7ee Fix issue with @ babel/polyfill update.
• b4ea00d 7.0.0-beta.4
• e53e927 Update dependencies.
• 1e494d6 Update babel-polyfill -> @ babel/polyfill.
• 7008a5f Use release version of broccoli-babel-transpiler.
• 932a1d0 Merge pull request #239 from dfreeman/green-tests
• a185133 Get tests passing with throwUnlessParallelizable: true
• 6d11f44 Merge pull request #237 from babel/rwjblue-patch-1
• b96e5cb Use correct preset env...
• f9e4f17 Fix file: reference in package.json.

See the full diff

Package name: ember-cli-htmlbars-inline-precompile

The new version differs by 30 commits.

• ae552eb 0.4.0
• 133cd0a Release 0.4.0 final.
• 705f173 0.4.0-beta.2
• 335e4c5 Update CHANGELOG.
• 62e44bd Update minimum version of babel plugin.
• d86edac 0.4.0-beta.1
• 74fd184 Merge pull request #69 from rwjblue/babel-6
• ffafb16 Remove welcome page.
• 99aad43 Add ember-cli-shims back to ember-source scenario.
• 3ae7891 Update min engine version.
• d8cb4a1 Make function properly for babel@6 version.
• f68e8b6 Update minimum versions of deps and devDeps.
• c18f6d3 fixup! Add babel@6 to devDeps for test harness.
• 8f92b23 Remove unused directories.
• 1e9f66e Set ember-cli to 2.11.1.
• edeceaa Add babel@6 to devDeps for test harness.
• c113ff3 fixup! Update minimum node version.
• 06f4fc7 ES6ify
• 1f9d121 Update for babel@6.
• e157867 Update minimum node version.
• a8e851b Merge pull request #68 from samselikoff/patch-1
• d1763d7 Ensure super call is bounded
• 083ae62 Merge pull request #67 from Turbo87/ci-deploy
• 5fa9b15 CI: Enable automatic NPM deployment for tags

See the full diff

Package name: ember-cli-qunit

The new version differs by 91 commits.

• ce97b77 4.0.0
• a047c12 Update yarn.lock.
• 03d7c2c Update CHANGELOG for 4.0.0.
• b5dbd09 Update minimum version of ember-qunit.
• f16f4d1 Merge pull request #180 from mminkoff/patch-1
• f91e04b don't cover open Module drop-down
• c9c0bbf 4.0.0-beta.1
• c9385f2 Add basic upgrading info to README.
• 127600d Update CHANGELOG.
• e1e96a7 Merge pull request #177 from rwjblue/stuff
• 8f77efd Update associated dependencies to Babel 6.
• 99b18ba Death to `var`!
• a1929f2 Merge pull request #175 from rwjblue/update-babel-6
• ea52fd4 Merge pull request #176 from rwjblue/manual-start
• cf5c5a5 Replace autostart behavior with hook to start tests.
• df6a0e9 Update allowed engines in package.json.
• 4b46471 Update to Babel 6.
• fb8127a 3.1.2
• 1714541 Update CHANGELOG for v3.1.2.
• 8adb7ab Merge pull request #173 from rwjblue/prevent-clobbering
• 161ab87 Bump to node@4 in CI.
• 893d0ff Prevent clobbering custom `this.options.babel`.
• f4cbeb9 3.1.1
• f2f997c Merge pull request #170 from hidnasio/override-height-in-fullscreen

See the full diff

Package name: ember-cli-uglify

The new version differs by 22 commits.

• 373aba7 v2.0.0
• dd9a511 Update CHANGELOG
• 315228f Merge pull request [Snyk] Fix for 1 vulnerabilities #28 from Turbo87/update
• 71d9fec Update "broccoli-uglify-sourcemap" to v2.0.0
• b82b75d 2.0.0-beta.2
• f626ca4 Update CHANGELOG for 2.0.0-beta.2.
• dcc9348 Merge pull request [Snyk] Security upgrade ember-cli from 2.2.0-beta.3 to 2.4.0 #26 from jrjohnson/safari-mangle
• 73707d6 Add a fix for Safari to the default config
• 948d179 Add CHANGELOG
• 4b4c8f7 2.0.0-beta.1
• 4a0813c Merge pull request [Snyk] Security upgrade ember-cli from 2.2.0-beta.3 to 2.12.0 #18 from Turbo87/readme
• e21f7a0 Merge pull request [Snyk] Fix for 1 vulnerabilities #19 from Turbo87/package-json
• 1285e37 Update README
• 3ea29f2 Use ES6 shorthand method syntax
• 979039f package.json: Adjust repository links
• 9c8d67a package.json: Sort contents
• 8a9aa92 package.json: Update "engines" property to Node 4+
• b567e39 Merge pull request [Snyk] Security upgrade ember-cli from 2.2.0-beta.3 to 2.12.0 #17 from Turbo87/next
• 22e596b Update "broccoli-uglify-sourcemap" to v2.0.0-beta.1
• 122fcb3 Merge pull request [Snyk] Security upgrade ember-cli from 2.2.0-beta.3 to 3.16.0 #15 from ember-cli/greenkeeper/remove-node-0.10
• 5f12f29 chore: drop support for Node.js 0.10
• 211e1bd Add link to community guidelines as CODE_OF_CONDUCT.md

See the full diff

Package name: ember-export-application-global

The new version differs by 7 commits.

• 3641991 Release 2.0.1
• 84999a5 Remove ember-cli-babel dependency.
• 2e335cf 2.0.0
• d8904dd Merge pull request [Snyk] Fix for 1 vulnerabilities #24 from ember-cli/update-babel-6
• cf11f03 Update to Babel 6.
• bf21819 Merge pull request [Snyk] Security upgrade ember-cli from 2.2.0-beta.3 to 2.4.2 #23 from ember-cli/clean-up
• 06605c5 addon cleanup

See the full diff

Package name: ember-resolver

The new version differs by 27 commits.

• ff70a9f 4.0.0
• 1681fe6 Update CHANGELOG for v4.0.0.
• 9966909 Merge pull request #179 from rwjblue/babel-6
• 0bc5fd5 Update to Babel 6.
• 81c3d0b 3.0.1
• 16d5f08 Update CHANGELOG for 3.0.1.
• 10e0c88 Merge pull request #178 from ember-cli/bugfix
• fa83970 Bring in line with addon/ layout changes.
• f80f6de [Fixes #175] restore ability to resolve from modules
• 1fbc09e Merge pull request #177 from 201-created/keys
• c08ccbb No longer need Ember.keys
• 7b423a2 Merge pull request #176 from 201-created/restructure
• 1f656e8 Restructure on disk
• 7362f60 release v3.0.0
• 3d6ae61 Merge pull request #174 from ember-cli/cleanup
• 58bacd8 more cleanup
• 2bc9593 Merge pull request #173 from ember-cli/cleanup
• 6b0727f cleanup
• 15cc4c3 Merge pull request #172 from ember-cli/cleanup
• 4861481 cleanup deps
• 074179a Merge pull request #164 from ember-cli/greenkeeper-ember-cli-2.9.1
• bb65019 Merge branch 'master' into greenkeeper-ember-cli-2.9.1
• 946aa6c Merge pull request #165 from ember-cli/greenkeeper-ember-cli-app-version-2.0.1
• 8f6c55b Merge pull request #169 from daniellawrence/bug/readme-link-update-example

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn