[Snyk] Fix for 7 vulnerabilities

[aliscco]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/bluebird/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASHBASEMERGE-450200	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASHBASEMERGE-450201	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper minification of non-boolean comparisons npm:uglify-js:20150824	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: browserify

The new version differs by 19 commits.

• 26c58a9 forgot the "has" dep
• 9a3864e more changelog info about browser field mappings
• 42c2052 fix now works with the latest resolve
• 29d917e failing browser field file test
• ef257ed remove dnode test, was causing issues
• 16611da some upgrades
• ee3be4a more info on v9 fixes
• e6438ea failing cases in pkg_event
• 145ea52 failing pkg_event test
• 97203b3 upgrades for 9.0.0
• fbd6e2e Merge branch 'fix-expose' of https://github.com/jmm/node-browserify
• dbe2c71 9.0.0
• 53821dd Merge branch 'remove-unused-umd-dep' of https://github.com/zertosh/node-browserify
• f6593fb Update browser-pack to ^4.0.0
• 7ff5676 Merge branch 'remove-unused-umd-dep' of https://github.com/zertosh/node-browserify
• ab4b4b8 Remove unused "umd" dep
• d938408 failing relative dedupe case
• c14da43 Eliminate path resolution and set row.expose.
• bdf78c8 Pass this._expose to mdeps.

See the full diff

Package name: grunt-saucelabs

The new version differs by 41 commits.

• 27d49af version 8.6.3
• a0643c9 fix use of promises with requestretry module
• 0b6d2a9 fix typo
• 7deed62 Merge pull request [Snyk] Security upgrade nodemailer from 0.7.1 to 1.0.0 #204 from Nycto/master
• e865bb2 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 5.2.6.2 #206 from andreas-marschke/fix-bump-saucetunnel-version
• 7f75238 Bump version number of sauce-tunnel dependency
• db0d789 Merge pull request [Snyk] Security upgrade snyk from 1.101.1 to 1.230.7 #205 from steveoh/patch-1
• 2159acc get ready for grunt v1.0.0
• b88b6e7 Ensure key option isn't printed to console
• 1877a73 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5.2 #201 from evilaliv3/update-dependencies
• cbab78a Move unsupportedPort function definition before its usage solving strict error
• 647004c Update dependencies to latest versions
• 4f8827e Merge pull request [Snyk] Security upgrade django from 2.0.1 to 2.2.27 #197 from evilaliv3/update-dependencies
• 9a7ca1e Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.27 #199 from evilaliv3/unit-testing-improvements
• 5fbb6b4 Improve configuration of .travis.yml
• 34b27fc Update dependencies to latest versions
• a5885f1 v8.6.2
• 537fda2 update sauce-tunnel, so now using sauce connect v4.3.12
• 4452b0a v8.6.1
• 43a2dcd update deps, update sauce tunnel to v4.3.7, updates result parsers for YUI and Qunit
• 8d18b7c add build number for running locally
• 8587a95 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.27 #188 from cvrebert/more-info-on-retry
• 541e99f Output URL and browser when retrying
• 591d003 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.27 #186 from Nycto/master

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn