[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nconf

The new version differs by 26 commits.

• 85229df chore: enable circleci
• 91e9106 chore: update changelog
• 4122731 0.11.0
• 56794d1 chore: upgrade deps to fix security vulns
• 1392ac4 0.10.0
• 01f25fa Regex as env separator (#288)
• 16667be Argv store separator (#291)
• bac910a 0.9.1
• 2bdf7e1 Clean Argv Store options (#290)
• b9321b2 transformer can now return an undefined key (#289)
• 81ce0be Update changelog
• b1ee63c fix error in transform function when dealing with dropped entries (#287)
• 9f70ba1 [doc] Update changelog
• 8afcf99 [dist] Version bump. 0.9.0
• b41c505 Save conf to dedicated file (#283)
• 52e0a35 Update changelog
• fa215a4 add tests for the normal configuration of yargs via argv
• 802a8d6 test for yargs custom instance (more flexible check isYargs)
• 3e26bb2 Add posibility to pass a yargs instance to argv() method
• 856fdf8 First pass at transform functions (#279)
• b9c345b Fix `parseValues` option name
• 35088a3 Added nconf.any method (#278)
• ca10d0e Add basic linting rules
• bfb0220 Remove unused module (#277)

See the full diff

Package name: nock

The new version differs by 9 commits.

• c7b156a v8.0.0
• 43e9b2f added missing dep
• 1735038 Merge branch 'greenkeeper-request-2.70.0'
• 568cd04 Merge branch 'master' into greenkeeper-request-2.70.0
• ca251b3 making the latest version of lodash work
• 6d997a6 Merge pull request #521 from node-nock/greenkeeper-update-all
• 149d7ab fixes for latest tap version
• 361dc21 chore(package): update request to version 2.70.0
• d4877f7 chore(package): update dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.