This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **768/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution [SNYK-JS-LODASH-6139239](https://snyk.io/vuln/SNYK-JS-LODASH-6139239) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: yeoman-generator
The new version differs by 94 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
π§ [View latest project report](https://app.snyk.io/org/mean.js/project/918a96e5-f1bd-4b90-b3fc-f98c47cb67d6?utm_source=github&utm_medium=referral&page=fix-pr)
π [Adjust project settings](https://app.snyk.io/org/mean.js/project/918a96e5-f1bd-4b90-b3fc-f98c47cb67d6?utm_source=github&utm_medium=referral&page=fix-pr/settings)
π [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"cb81269d-6a49-4510-aa31-18b4ef00ada4","prPublicId":"cb81269d-6a49-4510-aa31-18b4ef00ada4","dependencies":[{"name":"lodash","from":"4.0.1","to":"4.17.17"},{"name":"yeoman-generator","from":"0.21.2","to":"1.0.0"},{"name":"yo","from":"1.5.1","to":"2.0.3"}],"packageManager":"npm","projectPublicId":"918a96e5-f1bd-4b90-b3fc-f98c47cb67d6","projectUrl":"https://app.snyk.io/org/mean.js/project/918a96e5-f1bd-4b90-b3fc-f98c47cb67d6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-LODASH-6139239"],"upgrade":["SNYK-JS-LODASH-6139239"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[768],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
π¦ [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **768/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-LODASH-6139239](https://snyk.io/vuln/SNYK-JS-LODASH-6139239) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: yeoman-generator
The new version differs by 94 commits.- 138ed98 v1.0.0
- 871ed39 v1.0.0-rc1
- df7012f Fix composeWith to allow passing explicit arguments for yeoman-generator@<1.0
- 9aa4e02 Alias desc to description in argument/option config
- 1b6eede Remove Gruntfile api - Fix #744
- fedb2fb Update composeWith to take path or namespace as first argument - Fix #983
- 1885dec Single way of passing both arguments and options to composed generator
- a852f62 Allow passing arguments to a Generator constructor in the same way as we pass options
- f6f4dda Fix issue #947 (#982)
- e1b95d8 Refactor arguments and options parsing
- a3cab64 Disambiguate cli options from spawn options - Fix #754
- 687b9be Conflicter to handle null file.contents - Fix #950
- d6345f7 Pass default options to composed generators automatically - Fix #745
- bddb942 Fix yarnInstall to add new package - Fix #980
- cd5e34d Simplify root exports
- 3601531 Get rid of yeoman-environment proxying
- 006577a Update tes matrix
- f633dae Remove NamedBase
- 16084c6 Remove jshintrc
- ec9c448 Remove legacy files functions
- 49ce5f3 Remove deprecated modules
- f3fb1d5 Save current config to .yo-rc.json (#963)
- 4eccb2a Add yarnInstall method
- f632f01 Add version number to generated docs (#978)
See the full diffPackage name: yo
The new version differs by 66 commits.- 4aafcab 2.0.3
- 2c478a4 Audit fix
- ae35426 Fix generator description returning undefined (#587)
- 4f4c36e Update dependencies
- 7ad1609 Ensure the same npm version is used for testing
- 9053bbd Remove the `nsp` task
- dab9337 Require Node.js 6
- 479250a 2.0.2
- 725461b Added global-tunnel-ng to allow usage behind a proxy (#573)
- 3134157 Spelling (#568)
- 6153a0d 2.0.1
- f40c521 Update got and its dependents (#563)
- 649200a Add BSD 2-Clause license (#555)
- 4142ca9 Fixes ParseError (#554)
- 035faf7 Proper OpenCollective badge
- bfa4ef2 Fix open collective badge in readme.md (#548)
- 77bdb9b Add documentation for running local generators (#547)
- ab77908 2.0.0
- 11af8d6 Bump yeoman-environment to 2.0
- a75d174 Better error handling when 'generator-' prefix is specified (#520)
- 6e1a870 Bump dependencies
- ecd7ffa ES2015ify
- 018cd95 Bump dependencies
- b41958c Bump `async`. (#506)
See the full diff