[Snyk] Fix for 1 vulnerabilities

[ghost]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 43 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (Data fixture for dev environment Midburn/spark#486)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (Seed promises bug Midburn/spark#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request Create a button on event form to copy new community Midburn/spark#496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (event form created Midburn/spark#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`
• 402c856 fix lint
• 87e7399 readme++

See the full diff

Package name: knex

The new version differs by 48 commits.

• 4005615 Bumped version up to 0.14
• 291bcfd Change log update for 0.14 release
• 7c1a0d4 mysql stream should support query options (#2301)
• 74f2a03 Throw error on non-string table comment (#2126)
• 53314cb Making containsUndefined check for own properties (#1711)
• f66b524 Call to knex.migrate.currentVersion causes an error #2111 (#2123)
• 7d18837 Allow update queries in with statements. Fixes #2263. (#2298)
• 85d088a Update each out-of-date dependency according to david-dm.org. (#2297)
• f40d69d Update v8flags to version 3.0.0 (#2288)
• fddfd3b Escape table name in SQLite columnInfo call (#2281)
• e59cc19 Update interpret version (#2283)
• d0d22e0 Track the current migration file for use in error message. Print filename of errored migration (#2272)
• 11536f9 Implemented select syntax: select({ alias: 'column' }) (#2227)
• b092a27 Allow raw expressions in query builder aggregate methods (#2257)
• 9658c78 Post processing hook for query result (#2261)
• 0ccd591 Fix connection error propagation when streaming (#2199)
• 7032dff Fix comments not being applied to increments columns (#2243)
• 15639d0 Build native sql for a dialect without to string (#2237)
• 491cc78 Updated oprator list and allow operator transformation for e.g. escaping ? (#2239)
• b5d93f1 Configuration option to allow override/hook to identifier wrapping code (#2217)
• 9122cbf upgrade generic-pool to 3.1.7 (#2208)
• 8f7d2e2 Adding NOT ILIKE for postgres (#2195)
• f8989e1 Fix debug output typo (#2187)
• 03f0fb4 Remove sorting of statements from UPDATE (#2169) (#2171)

See the full diff

Package name: snyk

The new version differs by 74 commits.

• adf9b7b feat: update deps
• 6b9b538 feat: add payload size to analytics
• 91893f6 feat: don't send `from` arrays in pkg trees
• f5c99b2 chore: node4 compatible syntax in test
• 4af5792 chore: drop babel
• 439195c feat: use proxy-agent for proxying
• 348ea15 chore: update .nvmrc to 4
• ff777dd feat: better url-opening ability for `snyk auth` flow
• c6f467e fix: code styling issues detected by lgtm
• 9bc11d1 feat: bail out on unsupported nodejs runtime versions
• aa6040e fix: pin snyk-policy version
• 42796e7 feat: drop support for Node < 4
• 933f3f1 feat: update snyk-resolve-deps to reduce size of dependencies
• 042c476 feat: remove update notifier
• 7e10aae feat: support yarn for protect scripts
• 6b6ce94 fix: dont suggest reinstallation for yarn projects
• 80e49fd fix: update test fixures expected version
• 38f993f fix: compatability with new pip version (10.0.0)
• db91114 feat: a seperate spinner for "Analyzing deps ..."
• 6a77349 fix: update snyk-go-plugin 1.4.5 -> 1.4.6
• 334f8b1 fix: remove vulns from analytics payload if present
• 58b5437 chore: adds security document
• b3d241a fix: bump snyk-python-plugin to better handle editable fragments
• 66d658a fix: analytics report includes duration of execution

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)