This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **551/1000** **Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: jscs
The new version differs by 250 commits.
a4017f9 Fix test added in https://github.com/balderdashy/waterline-adapter-tests//commit/9bad9416f19040feeb1880b410e760dece4f921e to not expect the taxi ID to always be 1
9bad941 Add test to ensure that child criteria are disambiguated in many-to-many joins
19dbf70 Add a couple of tests that check that values aren't over-escaped.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/postman/project/0b364ecf-41fb-4fae-a612-0e63e5fef6bc?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/postman/project/0b364ecf-41fb-4fae-a612-0e63e5fef6bc?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"73cf32f5-bb8a-4e8f-a690-c77e19dd671a","prPublicId":"73cf32f5-bb8a-4e8f-a690-c77e19dd671a","dependencies":[{"name":"jscs","from":"1.13.1","to":"2.5.0"},{"name":"mocha","from":"2.5.3","to":"3.0.0"},{"name":"waterline-adapter-tests","from":"0.10.19","to":"1.0.0"}],"packageManager":"npm","projectPublicId":"0b364ecf-41fb-4fae-a612-0e63e5fef6bc","projectUrl":"https://app.snyk.io/org/postman/project/0b364ecf-41fb-4fae-a612-0e63e5fef6bc?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MINIMATCH-3050818"],"upgrade":["SNYK-JS-MINIMATCH-3050818"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[551]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript//?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **551/1000****Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jscs
The new version differs by 250 commits.- 7a85716 2.5.0
- 0eaaf8f Prepare for version 2.5.0
- 214cf9f Misc: update dependencies
- cdb0af4 Misc: fix code style violations
- 2481d63 Configuration: allow default preset override
- 5047150 Preset: use wikimedia preset as dependency
- cf60723 Fix: Sparse arrays in rules with spacing and commas
- 1788d59 Update: `requireCurlyBraces`: make rule more flexible
- 9469688 Misc: fix code style issues
- 706495b Update: `{ allExcept: ['trailing'] }` for "requireSpaceAfterComma"
- 8eb92b6 Configuration: correct config dir detection
- 5eb8fbd Docs: Fixed missing markdown codeblock closing
- ec55656 Docs: fixed CHANGELOG.md links to some rules
- f418a5c Misc: `requireSpacesInGenerator` refactor
- ad82a43 New Rule: requireSpacesInGenerator
- 3d0ae58 Docs: Added hzoo and chat room
- 37fc3fe Misc: optimize lint execution in package.scripts
- 8eb05e2 Misc: update 2.4.0 changelog with bug fix
- 65f6df1 2.4.0
- 9ef33c3 Misc: Prepare for version 2.4.0
- 98812c4 Fix: block statements rules - account for bare blocks
- 2c8d58e New rule: requireAlignedMultilineParams:
- 077c2f6 Fix: rename "requireCapitalizedComments" option
- 5ee3120 Tests: fix merge artefact
See the full diffPackage name: mocha
The new version differs by 107 commits.- e8cda73 Release v3.0.0
- 4944e31 rebuild mocha.js
- 16762d1 fix bad merge of karma.conf.js
- 2f9a409 add note about spec reporter to CHANGELOG.md [ci skip]
- 7c0284b fixed typo in mocha.css introduced by 185c0d902e272216232630fe4e2577268456dd9a [ci skip]
- 8741506 Remove carriage return before each test line in spec reporter. Served no purpose
- 309b8f2 add "logo" field to package.json [ci skip]
- 740a511 fix incorrect executable name with new version of commander
- 0e2e49b add bower.json to published package for npmcdn support [ci skip]
- d367bc7 fix broken/wrong URLs in CHANGELOG.md [ci skip]
- 6184529 Release v3.0.0-2
- 4b4009b rebuild mocha.js
- 15c344c add browser-stdout to dependencies
- e3ab4ec update CHANGELOG [ci skip]
- 0cd9dc9 let child suites run if parent is exclusive; closes #2378 (#2387)
- f0b184e Upgrade eslint package to 2.13 version (#2389)
- cab1e43 markdown fixes for CHANGELOG.md [ci skip]
- d0d5e50 fix bad reference to to-iso-string in test
- 517020b suppress warning about .eslintignore when running ESLint
- 08a6ccf copy to-iso-string; closes #2378
- 74940ef added changes to CHANGELOG.md [ci skip]
- bf216d5 tweak wording on "overspecification" exception
- 3a3a699 wip CHANGELOG update
- 5c34451 display executed commands in Makefile for debugging
See the full diffPackage name: waterline-adapter-tests
The new version differs by 169 commits.- 944f2b7 1.0.0
- 0eb219f 1.0.0-13
- 26f2034 Fix misconfigured many-to-many association
- 354007d Remove errant log
- aaa500c 1.0.0-12
- cf24518 Add tests for `omit`
- 8770d6e Add `archiveModelIdentity: false` where necessary to avoid errors re: Archive model in tests.
- f03938d 1.0.0-11
- 9e76b38 Test "json" attribute creation against all valid JSON types
- 795da10 Test that `replaceCollection` doesn't allow > 1 parent record IDs when operating on a one-to-many relationship
- d9371e4 1.0.0-10
- 23f2fb9 Test that child records aren't processed > 1 time and aren't attached by reference
- f101d92 Use correct fixtures for `belongsTo` find+populate tests
- 066d6d9 Add json attribute to `belongsTo` parent fixture
- 561141d 1.0.0-9
- 875c6d9 Add test for correctly removing unnecessary conjuncts/disjuncts
- e389d1a Don't set `id` in the "update unique to the same value" test
- 2e77032 Whitespace
- a4017f9 Fix test added in https://github.com/balderdashy/waterline-adapter-tests//commit/9bad9416f19040feeb1880b410e760dece4f921e to not expect the taxi ID to always be 1
- 9bad941 Add test to ensure that child criteria are disambiguated in many-to-many joins
- 19dbf70 Add a couple of tests that check that values aren't over-escaped.
- a8f1dac 1.0.0-8
- 4d6b45e Don't run "update PK" test on sails-disk.
- 402bd89 Use roadstead versions
See the full diff