[Snyk] Fix for 3 vulnerabilities

[gvilarino]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-BROWSERSLIST-1090194](https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194) | Yes | Proof of Concept  | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-D3COLOR-1076592](https://snyk.io/vuln/SNYK-JS-D3COLOR-1076592) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
• 723cbc4 Docs: Fix syntax in recipe example (#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (#1609)

See the full diff

Package name: gulp-autoprefixer

The new version differs by 17 commits.

• dfe3919 6.0.0
• c225cbd Upgrade `autoprefixer` and `postcss`
• ea0b7f8 Require Node.js 6
• 18a27be 5.0.0
• e526a78 Meta tweaks
• e954e6e Update sourcemap paths to be relative to `file.base` (#92)
• 7828646 Upgrade to Autoprefixer 8 (#96)
• d008588 4.1.0
• 27816c3 Meta tweaks
• 94f3447 Drop dependency on deprecated gulp-util (#94)
• 60aead3 Test against Node.js v8 (#90)
• 5188604 4.0.0
• 04814b7 Rewrite tests to use AVA
• 7df69ba ES2015ify, bump postcss, require Node.js 4
• 0a92d79 Update to Autoprefixer 7 (#80)
• cd022c8 Fix tests
• 90f8f7c Improve the tip (#75)

See the full diff

Package name: transliteration

The new version differs by 95 commits.

• 2c33fde Update dependencies
• f2bfb2a Update dependency rollup-plugin-hashbang to v2
• 2d6e380 2.1.2
• 76286c3 Update README.md
• e45aa7f Update README.md
• eae2688 update README.md
• 1c07358 Bump to 2.1.1
• 387b9d8 Update README.md
• 90e33b5 Update README.md
• 9ee6cab Merge branch 'master' of https://github.com/dzcpy/transliteration
• 8b17b81 Use the same name for the transliterate function
• e734662 Update README.md
• 7c02ee0 Update README.md
• eb67dca Update dependency rollup-plugin-typescript2 to ^0.19.0
• 8fa4407 Update README.md
• 724cbeb fix a few issues and bump to 2.0.4
• befddfa fix a few issues and bump to 2.0.4
• 97834a3 update README.md
• 843454b bump
• 5def5ce update ie support
• c823e1d bump to 2.0.2
• da3707a fix badge
• c6488a4 Fix coverage badge
• 168fd03 fix coverage

See the full diff

Package name: victory

The new version differs by 250 commits.

• 0f9e082 v36.0.0
• 8e9bf64 update changelog
• 363ac3d Merge pull request #1961 from FormidableLabs/revert-1949-revert-1940-feature/refactor-and-memoize-parent-components
• 5f18e56 Revert "Revert "Refactor and memoize parent components (VictoryGroup, VictoryStack, VictoryChart)""
• 59ec44a v35.11.4
• aea3612 Merge pull request #1958 from FormidableLabs/revert-d3-change
• 871fa0e revert d3-interpolate while updating only d3-color
• a66afca v35.11.3
• 9d10e0b Merge pull request #1956 from FormidableLabs/bug/package-script-typo
• 65b80f6 remove dulicate yarn run
• 03c8f3c Merge pull request #1955 from FormidableLabs/bug/lerna-publish
• 0810f7f add notes
• 1fb536f link parent bin for lerna scripts
• e94eea6 Merge pull request #1954 from FormidableLabs/chore/lerna-changes
• e660492 modify version scripts in individual packages
• c0daefa update changelog
• 3213be7 Merge pull request #1928 from FormidableLabs/dependabot/npm_and_yarn/path-parse-1.0.7
• 188886e Merge pull request #1950 from FormidableLabs/chore/upgrade-d3-interpolate
• f14da75 Merge pull request #1953 from 2metres/main
• 7775396 Merge pull request #1952 from FormidableLabs/chore/update-lerna
• 10b6fde Add histogram to VictoryThemeDefinition interface
• e9d206c prettier
• 07fa899 typos
• e9bed6a update contributor notes about lerna-dry-run

See the full diff

Package name: yargs

The new version differs by 211 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (#1330)
• c294d1b test: accept differently formatted output (#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (#1320)
• 0295132 fix: address issues with dutch translation (#1316)
• 9f2468e doc: clarify parserConfiguration object structure (#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/democracyos/project/b2c0f40f-8ead-46f4-8359-eca44ac515a5?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/democracyos/project/b2c0f40f-8ead-46f4-8359-eca44ac515a5?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"3ffa0aa8-6886-452a-ab0f-d611733716b8","prPublicId":"3ffa0aa8-6886-452a-ab0f-d611733716b8","dependencies":[{"name":"gulp","from":"3.9.1","to":"4.0.0"},{"name":"gulp-autoprefixer","from":"3.1.1","to":"6.0.0"},{"name":"transliteration","from":"1.5.4","to":"2.1.3"},{"name":"victory","from":"0.26.1","to":"36.0.0"},{"name":"yargs","from":"7.0.2","to":"13.2.4"}],"packageManager":"npm","projectPublicId":"b2c0f40f-8ead-46f4-8359-eca44ac515a5","projectUrl":"https://app.snyk.io/org/democracyos/project/b2c0f40f-8ead-46f4-8359-eca44ac515a5?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-D3COLOR-1076592"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BROWSERSLIST-1090194","SNYK-JS-D3COLOR-1076592"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,586,479]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc=fix-pr)