[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change
	Prototype Pollution SNYK-JS-LODASH-450202	No
	Prototype Pollution SNYK-JS-LODASH-73638	No
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No

Commit messages

Package name: snyk

The new version differs by 42 commits.

• 1819ace Merge pull request #356 from snyk/fix/bump-nodejs-lockfile-parser-vulnerable-deps
• c311382 fix: bump nodejs-lockfile-parser to update vulnerable deps
• 0006647 Merge pull request #353 from snyk/feat/remove-semver-use-for-os-packages
• a38167c feat: move fixed in calculation for os packages to phoenix
• f229c28 Merge pull request #349 from snyk/feat/remove-semver-use
• 97a2d63 feat: remove semver for binaries and use nearestFixedInVersion instead
• 5160c55 Merge pull request #346 from snyk/lirantal-composer-lockfile-help
• f66d1b9 fix(docs): add missing composer.lock file
• e98739a Merge pull request #318 from snyk/refactor/commands-test
• 2080fa0 refactor: test command rewritten to TS
• 7a4a915 Merge pull request #342 from snyk/chore/remove-build-from-toc
• 6d2feb0 chore: remove build from TOC
• 6b07600 Merge pull request #337 from snyk/fix/php-plugin-bump
• 319cf35 fix: bump php plugin to better support file paths
• f773c77 Merge pull request #338 from snyk/fix/bump-docker-plugin
• b4ba234 Merge pull request #341 from snyk/test/revert-a-fixture-change
• bbfd700 test: remove a fixture change done in https:/fix: pin proxy-agent & get-uri deps to not-break node 4 snyk/cli#340
• 3667dcd fix: bump docker plugin
• 567e3b3 Merge pull request #340 from snyk/fix/pin-deps-to-unbreak-node-4
• c7966f8 test: pin `get-uri` to 2.0.2 in a fixture
• 8bfae15 fix: pin proxy-agent & get-uri deps to not-break node 4
• a8c561d Merge pull request #327 from snyk/fix/undefined-base-image
• 962810a fix: Undefined base image
• bc82842 Merge pull request #325 from snyk/chore/run-travis-on-node-10

See the full diff

With a Snyk patch:

Severity	Issue
	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131
	Prototype Pollution SNYK-JS-LODASH-450202
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic