This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (\*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **768/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption [SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | Proof of Concept
 | **858/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.3 | Authentication Bypass [SNYK-JS-HAWK-6969142](https://snyk.io/vuln/SNYK-JS-HAWK-6969142) | No | Proof of Concept
 | **661/1000** **Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Inefficient Regular Expression Complexity [SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit
(\*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: braces
The new version differs by 31 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
---
**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._
For more information:
🧐 [View latest project report](https://app.snyk.io/org/ayishagisel/project/2d0e6801-a727-4748-acbf-2e75d2b7bc1f?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/ayishagisel/project/2d0e6801-a727-4748-acbf-2e75d2b7bc1f?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"braces","from":"2.3.2","to":"3.0.3"},{"name":"browser-sync","from":"2.24.6","to":"2.26.4"},{"name":"chokidar","from":"2.0.4","to":"3.0.0"},{"name":"micromatch","from":"3.1.10","to":"4.0.6"},{"name":"npm","from":"6.2.0","to":"6.10.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":768,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HAWK-6969142","priority_score":858,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Authentication Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HAWK-6969142","priority_score":858,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Authentication Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":661,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MICROMATCH-6838728","priority_score":661,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Inefficient Regular Expression Complexity"}],"prId":"f003d953-ad2e-44ae-b858-2697505b6591","prPublicId":"f003d953-ad2e-44ae-b858-2697505b6591","packageManager":"npm","priorityScoreList":[768,858,661],"projectPublicId":"2d0e6801-a727-4748-acbf-2e75d2b7bc1f","projectUrl":"https://app.snyk.io/org/ayishagisel/project/2d0e6801-a727-4748-acbf-2e75d2b7bc1f?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-BRACES-6838727","SNYK-JS-HAWK-6969142","SNYK-JS-MICROMATCH-6838728"],"vulns":["SNYK-JS-BRACES-6838727","SNYK-JS-HAWK-6969142","SNYK-JS-MICROMATCH-6838728"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
---
**Note:** _This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our [documentation.](https://docs.snyk.io/scan-using-snyk/snyk-open-source/automatic-and-manual-prs-with-snyk-open-source/customize-pr-templates-closed-beta)_
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Uncontrolled resource consumption](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
🦉 [Authentication Bypass](https://learn.snyk.io/lesson/broken-access-control/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (\*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **768/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Uncontrolled resource consumption
[SNYK-JS-BRACES-6838727](https://snyk.io/vuln/SNYK-JS-BRACES-6838727) | Yes | Proof of Concept  | **858/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.3 | Authentication Bypass
[SNYK-JS-HAWK-6969142](https://snyk.io/vuln/SNYK-JS-HAWK-6969142) | No | Proof of Concept  | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Inefficient Regular Expression Complexity
[SNYK-JS-MICROMATCH-6838728](https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728) | Yes | No Known Exploit (\*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: braces
The new version differs by 31 commits.- 74b2db2 3.0.3
- 88f1429 update eslint. lint, fix unit tests.
- 415d660 Snyk js braces 6838727 (#40)
- 190510f fix tests, skip 1 test in test/braces.expand
- 716eb9f readme bump
- a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
- 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/36#issuecomment-2110820796)
- 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
- 98414f9 remove funding file
- 665ab5d update keepEscaping doc (#27)
- 3f8e7ff Failing test cases for issue \#29 (#30)
- 0c04d6f Create FUNDING.yml
- 2579151 3.0.2
- 3c51342 3.0.1
- 3d461a1 ensure brackets are matched
- abcf341 3.0.0
- 68a3fdf refactor
- bb5b5ba Remove appveyor from readme.
- 086008a travis: Drop sudo: false.
- 4ed704b add unit tests
- 60eb988 ranges
- 7b1abf0 Use proper nodejs versions for appveyor.
- 7b106b6 braces api
- 80eae1f Drop duplicate node v11 for travis.
See the full diffPackage name: browser-sync
The new version differs by 50 commits.- 47a4d1b v2.26.4
- 05a58db deps: fixes #1677 #1671 #1659 #1648
- 35035df deps: removed nodemon since it includes flat-stream (security)
- 1b2eab5 Merge pull request #1634 from mxschmitt/patch-1
- e35e5dc fix(ui): updated dead links and moved to https
- 85c4ba7 examples: server + proxy
- 924d5e7 v2.26.3
- d60cd91 fix: application/wasm support in Chrome - fixes #1598
- f95dd7a v2.26.2
- 9f3fea4 deps: npm audit fixes across all packages - fixes #1618
- cf7cb3e v2.26.1
- 0a2ff5a fix: deps - ensure previous users of browser-sync-client are not affected by new structure - fixes #1615
- ec7b82d v2.26.0
- f83ba7e lerna whitespace to allow publish
- d7ca182 v2.25.3-alpha.0
- 257fba6 fix: Removing default logger prefix [BS] - fixes #1607
- cc8dfad v2.25.2-alpha.0
- d4c58b8 Merge branch 'master' into 1591-prevent-reload
- abc0124 Merge branch 'johanblumenberg-patch-1'
- dacfc8b fix: proxy: case insensitive matching of cookie domain - fixes #1606
- 11729cc fix: bump chokidar fixing fsevents build - closes #1613
- 9eafa03 v2.25.1-alpha.0
- 0d4ab81 chore: move cypress to top-level dep
- 06ee1b7 fix: Unexpected Page Reload after Pausing in Debugger - fixes #1591
See the full diffPackage name: chokidar
The new version differs by 161 commits.- 7b8e02a Release 3.0.0.
- e7bfe2f Move stuff.
- df7f22e Remove changelog from npm, move to hidden dir.
- 3df7692 Improve naming.
- 6e94ca2 Clean-up.
- 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. (#833)
- 9e0965a Fix Windows tests in Travis CI (#832)
- c95a98f Update stuff.
- 187ff2b test: Trying to fix blinked tests for Travis CI. (#825)
- db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. (#824)
- 41f8782 fix(FsEvents): Remove situation with NaN depth. (#823)
- 7cf3f7e Update readdirp to stable.
- 0927a62 Bump packages.
- 11cd857 Update nyc.
- 99c14d7 Uncomment fsevents.
- cf330a5 Update fsevents.
- 0e4fca5 Fix deps.
- 9c575d4 Fix Windows version (#821)
- 3323d59 fix(Linux): Make event loop hack for keep testing valid. (#820)
- 06214c5 Update to latest readdirp.
- 793639f Rename osxfswatch.
- 078bc2d Refactor and fix freaking tests.
- 2b9bb41 Try node 11.
- 3fe3d4e Test travis.
See the full diffPackage name: npm
The new version differs by 250 commits.- ba7f146 6.10.1
- 5f0064d doc: update semver documentation
- 9a693d0 6.10.1-next.2
- 6ec8233 update AUTHORS
- 1db001f docs: changelog for 6.10.1
- ff5458a Replaced var with const for root.js
- 7c92800 Replace var with const for unbuild.js
- f52673f build: use /usr/bin/env to load bash
- a2ea7f9 semver@5.7.0
- 42d22e8 libnpm@3.0.0
- 7716ba9 libcipm@4.0.0
- c0d6113 npm-lifecycle@3.0.0
- ef4445a node-gyp@5.0.2
- c2a4aed 6.10.1-next.1
- 61b2beb update AUTHORS
- a7f1665 docs: add chownr@1.1.2 to 6.10.1 changelog
- f6164d5 chownr@1.1.2
- 08e0fa6 6.10.1-next.0
- 900e8f6 update AUTHORS
- 3013a2d doc: changelog for 6.10.1
- 027742e mailmap: Fix 'isaacs' for the gen-changelog script
- 172f9ac fix-xmas-underline
- a81a8c4 install: improve isOnly(Dev,Optional)
- 8dfbe86 readable-stream@3.4.0
See the full diff