Democracia en Red is focusing on specific implementations of DemocracyOS. We are working now working with governments and activists all over Latin America. If you are interested in our online participation tools you can check them out on our site.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **658/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: gulp
The new version differs by 134 commits.
ac8088b fix: implications fails only displayed once (#954)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/democracyos/project/b2c0f40f-8ead-46f4-8359-eca44ac515a5?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/democracyos/project/b2c0f40f-8ead-46f4-8359-eca44ac515a5?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"ebac56a1-86f3-41ce-b90c-879c96c81786","prPublicId":"ebac56a1-86f3-41ce-b90c-879c96c81786","dependencies":[{"name":"gulp","from":"3.9.1","to":"4.0.0"},{"name":"passport-local-mongoose","from":"4.0.0","to":"6.0.0"},{"name":"stylus","from":"0.54.8","to":"0.56.0"},{"name":"yargs","from":"7.0.2","to":"10.0.0"}],"packageManager":"npm","projectPublicId":"b2c0f40f-8ead-46f4-8359-eca44ac515a5","projectUrl":"https://app.snyk.io/org/democracyos/project/b2c0f40f-8ead-46f4-8359-eca44ac515a5?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SEMVER-3247795"],"upgrade":["SNYK-JS-SEMVER-3247795"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **658/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gulp
The new version differs by 134 commits.- 55eb23a Release: 4.0.0
- 173a532 Docs: Fix the installation instructions
- ec54d09 Docs: Improve note about out-of-date docs
- 03b7c98 Docs: Update recipes to install gulp@next
- 2eba29e Docs: Remove run-sequence from recipes
- 76eb4d6 Docs: Add installation instructions & update badges
- fbc162f Docs: Remove references to gulp-util
- 3011cf9 Scaffold: Normalize repository
- f27be05 Update: Remove graceful-fs from test suite
- 361ab63 Upgrade: Update glob-watcher
- 064d100 Build: Avoid broken node 9
- 057df59 Release: 4.0.0-alpha.3
- c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
- 89acc5c Docs: Improve ES2015 task exporting examples (#1999)
- 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (#1859)
- 723cbc4 Docs: Fix syntax in recipe example (#1715)
- d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (#1828)
- 29ece6f Upgrade: Update undertaker
- e931cb0 Docs: Fix changelog typos (#1696)
- 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (#1659)
- d4ed3c7 Docs: Add options.cwd for gulp.src API (#1645)
- 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
- 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
- c3dbc10 Docs: Clarify incremental builds example (#1609)
See the full diffPackage name: passport-local-mongoose
The new version differs by 133 commits.- 7ae942a chore(release): 6.0.0
- a5cc105 chore: switch to prettier and prettify
- e37894e chore: switch to latest 4x version on fastdl downloads
- 2c5d46d chore: renovate build matrix
- 6e5297e chore: remove cross-env and revert version to last released version
- b76a22e chore: remove default option for npm i
- 09d6c2b chore: bump dependencies in example package-lock.json
- 2e66b35 chore: bump dependencies in example
- feb196a chore: update dependencies
- 63ad94e chore: remove the never released 6.0.0 version from the changelog
- bc3122d chore: move updating from 1.0 to 2.0 near to end of readme
- 10f522a chore: remove codellama badge
- 1b74a3d chore: fix deprecated connect
- e190a3a chore: update drop-mongodb-collections
- c9b0a78 fix: make debug a dev dependency
- 83e5ad3 chore: add error messages to login form of example (#284)
- 40a1fc2 chore: more descriptive customValidator docs in readme (#285)
- aa3d16f chore: Add convenient link to API documentation (#287)
- ff7d718 chore: switch example from jade to pug
- 8215074 chore: update dependencies, npm audit fix (#282)
- 9ff1921 chore: update login example dependencies (#281)
- faa856a chore(release): 6.0.0
- 37375b8 fix: use Buffer.from instead of new Buffer
- 807d9cf fix: update dependencies and specify server port in tests
See the full diffPackage name: stylus
The new version differs by 27 commits.- fc2e630 chore: add url parse guard (#2600)
- 3329f5b deps: remove semver and mkdirp deps and add node17 test (#2641)
- e64ae7d feat: upgrade debug version from v3 to v4 (#2643)
- 33a5fd9 Fix: variable names beginning with a keyword and dash (#2634)
- d2cddcf Fix: `@ import` url() error in dependency resolver (#2632)
- 9cb7635 chore: add new npm ugnore config (#2631)
- dde9868 0.55.0 (#2630)
- fe5bde1 Replace dependency css-parse with css (#2554)
- 7334567 Add deg and fr as exceptions for 0 value unit omission (#2578)
- 57480a4 chore: update history.md and readme.md (#2628)
- f5a02e8 chore: add macos platform test (#2624)
- 1f7f419 fix yaml front matter (#2617)
- 6a96c0f [skip ci]chore: update reademe.md content (#2602)
- 99b05a9 chore: add issue and pull request template (#2606)
- ae9d267 chore: add github actions ci and improve test (#2601)
- 11a0735 Bump lodash from 4.17.19 to 4.17.21 (#2589)
- 7a8e777 Bump glob-parent from 5.1.1 to 5.1.2 (#2592)
- 23d3295 Merge pull request #2571 from dthadi3/ppc64le
- f546669 Travis-ci: Updated nodejs versions 10, 12, 14
- 5b90e45 Travis-ci: added support for ppc64le
- 59bc665 Merge pull request #2549 from mockee/dev
- 96c02de Bug fixes of encoding png image in `url` lib function.
- 8f42760 Merge pull request #2186 from royels/1567
- 775537b Create SECURITY.md
See the full diffPackage name: yargs
The new version differs by 69 commits.- 8515e4f docs: nit in CHANGELOG
- 4b8cfa9 docs: slight tweaks to CHANGELOG
- c809cbe chore(release): 10.0.0
- fc13dcd chore: new translations for command API overhaul (#976)
- 7269531 feat: .usage() can now be used to configure a default command (#975)
- 3757194 chore: add id translation to #976 (#986)
- 47b3078 chore: update Dutch Translation (#981)
- 20bb99b feat: replace /bin/bash with file basename (#983)
- 5a9c986 feat(translation): Update pl-PL translations (#985)
- 02cc11d docs: whoops, forgot to call out a breaking change introduced into parse()
- 7e58453 fix: the positional argument parse was clobbering global flag arguments (#984)
- a06b67d chore: update tr.json (#982)
- b2d11b3 chore: add ja translations (#979)
- 1598a7f docs: switch to using .positional() in example (#973)
- 280d0d6 feat: hidden options are now explicitly indicated using "hidden" flag (#962)
- 8c1d7bf fix: less eager help command execution (#972)
- db77c53 chore: switch to find-up from read-pkg-up (#970)
- cb16460 feat: introduce .positional() for configuring positional arguments (#967)
- 3bb8771 fix: config and normalise can be disabled with false (#952)
- c649415 chore(release): 9.1.0
- 7b22203 fix(command): Run default cmd even if the only cmd (#950)
- 74a38b2 feat: multiple usage calls are now collected, not replaced (#958)
- d1b23f3 chore(release): 9.0.1
- ac8088b fix: implications fails only displayed once (#954)
See the full diff