[Snyk] Fix for 19 vulnerabilities

[baby636]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • assets/vendor/clipboard/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-USERAGENT-174737	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babelify

The new version differs by 32 commits.

• b06b778 8.0.0
• ea73917 Remove path-is-absolute devDep
• 02f97ec drop node 0.10/0.12, add peerDep on babel-core instead of dep, drop object-assign, add package-lock
• 6d45fa8 Explicitly test Node 4, 5 and 6 in travis
• 9944a55 Explain the double negatives a bit better (Missing "patent grant" feature in AGPL github/choosealicense.com#197)
• d9e3029 babelify in quotes in example (Feature request: Choose a separate content license github/choosealicense.com#198)
• 2728279 7.3.0
• 268d0ad Use "path.join" instead of concating paths
• 6997ff5 Remove "sourceMapRelative" and add "sourceMapsAbsolute"
• 833dfc7 Test assumptions about babel's source maps
• dbe71d1 Test assumptions about browserify's source maps
• c29f70f Update devDependencies
• 5169334 Remove escape from CLI example
• 1b381da 7.2.0
• aadf060 Merge pull request Install all dependencies using Bower github/choosealicense.com#137 from babel/docs
• 1776228 Update docs (more Babel 6.0)
• 6dc85e1 Add test for "browserify" package.json field
• a5091db Rename "sourceMap" to "sourceMaps"
• d25deab Fix browserify cli subarg arrays
• bb660e5 Merge pull request LPPL 1.3c github/choosealicense.com#135 from bioball/patch-1
• 6e4f4ec Add note about installing presets via npm
• efd96d4 7.1.0
• 768f709 Use babel-core@^6.0.14 and re-enable options test
• a1dbc13 Merge pull request Adding OFL github/choosealicense.com#130 from babel/fix-unknown-base-underscore

See the full diff

Package name: karma

The new version differs by 250 commits.

• 1b48637 chore(release): 5.0.0 [skip ci]
• a5dbe89 Update issue templates (#3460)
• 1074f38 chore(ci): rely on karma-runnre/integration-tests for saucelabs config (#3462)
• 4d45cf0 chore(ci): remove more old connection security stuffs (#3459)
• be76fcc chore(ci): use travis UI for sauce config (#3458)
• a04a542 chore(ci): remove secure encryption var (#3457)
• 1eaf35e fix: install semantic-release as a regular dev dependency (#3455)
• 0647109 docs: Fix simple typo, overriden -> overridden (#3453)
• ec1e69a fix(server): replace optimist on yargs lib (#3451)
• ffad7fa refactor(launcher): use class syntax (#3437)
• 7166ce2 fix(server): detection new MS Edge Chromium (#3440)
• b8b2ed8 fix(ci): echo travis env that gates release after_success (#3446)
• 33a069f refactor: use native Promise instead of Bluebird (#3436)
• 131d154 refactor: drop safe-buffer dependency in favor of native Buffer (#3438)
• cb1bcbf fix(server): cleanup import of the removed method (#3439)
• 5c334f5 fix(server): createPreprocessor was removed (#3435)
• d7128d4 refactor(server): remove PromiseContainer class (#3416)
• 057d527 feat(docs): document `DEFAULT_LISTEN_ADDR` constant (#3443)
• a673aa8 ci: drop node 8, adopt node 12 (#3430)
• 9eb6436 chore(server): Convert PromiseContainer to object and remove (#3401)
• 0856234 chore(travis): release on node 10 success (#3428)
• 708ae13 feat(preprocessor): obey Pattern.isBinary when set (#3422)
• 00d536f chore(test): logLevel debug in proxy test (#3427)
• da9d8bd chore(docs): delete PULL_REQUEST_TEMPLATE.md

See the full diff

Package name: karma-browserify

The new version differs by 10 commits.

• 9081a68 chore(project): release v5.0.0
• 3417225 chore(project): add browserify 13 compatibility
• 47b8a43 docs(README): document browserify and watchify dependencies
• ffd145c chore(bro): make watchify an optional dependency
• 84138e2 chore(example): add explicit browserify/watchify versions
• b9ad424 chore(travis): test against stable Node.JS
• 6d91d86 chore(deps): depend on browserify + watchify as peer dependencies
• 1537cd7 Add missing dev dependencies
• 13e74e2 chore(deps): bump dependencies to latest version(s)
• ace2dfb feat(bro): throw bundle error in client

See the full diff

Package name: watchify

The new version differs by 9 commits.

• 7b27a3c 4.0.0
• 5d4842a bump deps (No clear message on why to choose an open source license github/choosealicense.com#380)
• b840f29 disable package-lock.json
• bae5e02 update chokidar and anymatch (Add list of projects using ISC (closes #377) github/choosealicense.com#378)
• 3445775 ci: use github actions (Curated with ❤️ github/choosealicense.com#379)
• f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" (Unmyth github/choosealicense.com#369)
• bd2f677 ci: run on more node versions
• 563a90d Merge pull request Test for markdown in fields that will cause it to be rendered unparsed github/choosealicense.com#367 from Trott/update-readme-badge
• bb2b429 chore: Fix Travis-CI badge in readme.markdown

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Improper Input Validation