[Snyk] Fix for 25 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:concat-stream:20160901	Yes	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:http-proxy-agent:20180406	No	Mature
	796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	No	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp-uncss

The new version differs by 24 commits.

• 0432b6c 1.0.6
• e0dd5d3 Bump UnCSS to 0.14.1.
• 215bd8e Update CI environments.
• f23e32a 1.0.5
• 0f198fb chore(package): update dependencies
• 7fa3fb4 1.0.4
• 915b667 Pass through on empty files. Resolves [Snyk] Fix for 1 vulnerabilities #39.
• 7b085cf Bump dependencies.
• b95c125 1.0.3
• fdfae00 More tweaks.
• fb7392c 1.0.2
• 1a12006 Tidy up, bump dependencies.
• 1f69f4f 1.0.1
• 96ac683 Tidy up.
• 55ddf82 Update build environments.
• 85a7132 1.0.0
• dbc4c14 Merge pull request [Snyk] Fix for 1 vulnerabilities #23 from ben-eb/1.0.0-beta
• 2124cf7 Bump UnCSS to 0.12.0.
• ad28362 Add silent reporter to dev deps.
• f35056f Documentation improvements for 0.11.0.
• af1fa90 Pass through full options object.
• a7343b6 Index superfluous.
• 6df4540 Update build process.
• 98cb9c2 Bump dev deps.

See the full diff

Package name: gulp-util

The new version differs by 84 commits.

• 28c2aa2 3.0.8
• 1034a68 Upgrade: bump dateformat, per https://github.com/removes CLI felixge/node-dateformat#53#issuecomment-245782776 (#130)
• 5a417cf Merge pull request #125 from jmeas/patch-1
• 8cdbc07 Remove gutil.beep() from README example
• b74a5ff 3.0.7
• 5c0c5cf bump logger versions
• 3879b24 Merge pull request #106 from stevelacy/patch-1
• 7bba70f Update package repo link
• 194248a Merge pull request #105 from gulpjs/gulplog
• 65c210a add branching logic to support new gulplog stuff
• 4656163 Merge pull request #100 from makky3939/clean_up_template_js
• 878c95b fix
• 385b059 more readable
• 7e1336e 3.0.6
• 64325ae Merge pull request #99 from TrySound/master
• 5755bb3 Updated dependencies
• 1c96495 Merge pull request #97 from arthurvr/patch-1
• de9c310 Update node version in readme
• d9ac713 3.0.5
• 5155266 Merge pull request #94 from pgilad/patch-1
• d666893 update license attribute
• 81a61ce Merge pull request #92 from stringparser/fix-log-formatting
• c107206 missing quotes on previous test and space for object in current
• 0c4f90f fix tests logging

See the full diff

Package name: mailgun-js

The new version differs by 184 commits.

• ba44aef 0.22.0
• 106420e Add test mode (#225)
• 294843f Merge pull request #224 from petereitz/address215
• ba3a9d6 Update README.md
• 81e0d12 Merge pull request #222 from developedbyme/patch-1
• 1d02e8b Added note about EU region usage
• 5550948 Merge pull request #220 from captDaylight/patch-1
• 8371c5e typo
• 09c3c43 0.21.0
• 339ea2a update dependencies
• 81977d3 Update README.md
• e59794d Update README.md
• f8b0e41 0.20.0
• a707acb Merge pull request #213 from Donky-Network/relax-attachment-validation
• d43b32e Relaxed validation around stream attachments, allowing a filename to be specified
• 8b78344 0.19.0
• b880f5a update deps. Fixes #210
• 0463a15 Merge pull request #211 from aaronosher/patch-1
• 0594ddd Update schema.js
• 373a858 0.18.1
• 73d48a4 Merge pull request #209 from getconversio/hotfix/smtp-password
• f348f4f Remove smtp password requirement
• e594a1a 0.18.0
• f2db0e4 Add special case to support multiple unsubscribes. Fixes #203

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn