[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/gitbook/package.json
  • packages/gitbook/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	Prototype Pollution npm:deep-extend:20180409	Yes	No Known Exploit
	Prototype Pollution npm:hoek:20180212	No	No Known Exploit
	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No	No Known Exploit
	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept

Commit messages

Package name: juice

The new version differs by 74 commits.

• 09fd4d5 Merge pull request Syntax Error when installing GitBook on Ubuntu 14.04 x64 GitbookIO/gitbook#267 from jrit/master
• 90882b5 bump dep deep-extend, add gitattributes for eol=lf
• cacc8b7 Merge branch 'master' of https://github.com/Automattic/juice
• 58cb71a include browserify script to generate client version, prune contributor info, bump to 4.1.0
• d3a12ae minor linting
• 194ddf8 remove reference to os module
• 6fdd388 improve explanation of codeBlocks
• 32a0505 Merge pull request (Question) Images in chapters GitbookIO/gitbook#264 from Haroenv/patch-1
• c372a8f fix(readme): use svg badges
• 86d2d87 Merge pull request Minor typo, grammar and style corrections. GitbookIO/gitbook#263 from koistya/patch-1
• f5a5829 Add nodejs-api-starter, a project using Juice
• a74fbcc Merge pull request Downloaded books have not extension GitbookIO/gitbook#261 from giles-v/fix/255-media-query-order
• 76b5785 Added test
• 92f4833 Retain the original order of preserved text. Fixes Do not unlink target directory (regression) GitbookIO/gitbook#255.
• de6a320 bump version to 4.0.2
• 5236265 Merge pull request Add publish command to support publishing to GitBook.io GitbookIO/gitbook#250 from StanislavBelyakov/master
• f0a7e73 Remove ES6 lambda feature occurrences
• 54a45c4 Merge pull request “/” turns into “\” in .md links  GitbookIO/gitbook#249 from jrit/master
• f7765d2 v4.0.1 release info
• 1ef204a Merge pull request Title error occurs when not using english title. GitbookIO/gitbook#247 from knikel/master
• fdb442d Add juice.codeBlocks to type definitions
• b6a626d Merge pull request Font embed in PDF and EPUB GitbookIO/gitbook#246 from jrit/master
• 894b2d4 dropping old versions of node from support
• 280c311 Add `juice.codeBlocks`

See the full diff

Package name: markup-it

The new version differs by 72 commits.

• c5fe35e Bump version to 8.0.0 🚀
• 1441387 Remove unused dependencies and limit files published
• eedd06f Remove asciidoc support
• cc84a20 Bump version to 7.0.4 🚀
• 0ed0183 Fix decoding of HTML entities (emojis) (Removed duplicate line of readme GitbookIO/gitbook#105)
• af9f3b6 Bump version to 7.0.3 🚀
• be54672 Fix merge
• d9a3585 Merge branch '6.x.x'
• 8f857cd Bump version to 6.0.6 🚀
• 2f53fd5 Update HISTORY
• cdceb46 Fix empty custom block serialization (Usability improvements  GitbookIO/gitbook#102)
• e5ee063 Fix invalid liquid tag parsing (Bad auto highlighting GitbookIO/gitbook#103)
• 80e2fb9 Bump version to 7.0.2 🚀
• 5646347 Update HISTORY
• 8201741 Merge improvements from branch 6.x.x (Inline Images not supported GitbookIO/gitbook#101)
• 8918377 Update HISTORY
• c14f27f Bump version to 6.0.5 🚀
• 651e9ed Fix empty liquid tag parsing (Error checking if a section is a quiz GitbookIO/gitbook#100)
• c8ca6ac Bump version to 6.0.4 🚀
• cf8ce88 Update HISTORY
• 2e3a04c Fix soft line breaks parsing in paragraphs (image src is not correct GitbookIO/gitbook#99)
• 178c075 Bump version to 6.0.3 🚀
• 7c9453b Update HISTORY
• d59f8c2 Fix link reference parsing after HTML (Introduction on TOC should include filename GitbookIO/gitbook#98)

See the full diff

Package name: request

The new version differs by 188 commits.

• 0ab5c36 2.82.0
• ffdf0d3 Updating deps.
• 4386836 Merge branch 'master' of github.com:request/request
• 1527407 Merge pull request http://localhost:3000/jin-fu-lai-ke-jisorganization.gitbook.io/easyone Internal Server Error GitbookIO/gitbook#2703 from ryysud/add-nodejs-v8-to-travis
• 3afcbf8 Merge branch 'master' of github.com:request/request
• 479143d Update of hawk and qs to latest version (Fix error when accessing some not found pages GitbookIO/gitbook#2751)
• 169be11 Add Node.js v8 to Travis CI
• 643c43a Fixed some text in README.md (Track site insight event when opening scalar client GitbookIO/gitbook#2658)
• e8fca51 chore(package): update aws-sign2 to version 0.7.0 (Pass down ancestors instead of computing them GitbookIO/gitbook#2635)
• e999203 Update README to simplify & update convenience methods (Prepare @gitbook/proxy to support serving under sub-directory GitbookIO/gitbook#2641)
• 6f286c8 lint fix, PR from pre-standard was merged with passing tests
• a765593 Add convenience method for HTTP OPTIONS (Add support for search in a sections site GitbookIO/gitbook#2541)
• 52d6945 Add promise support section to README (Add tint color GitbookIO/gitbook#2605)
• b12a624 refactor(lint): replace eslint with standard (Restyle hint block GitbookIO/gitbook#2579)
• 29a0b17 Merge pull request Ask AI now goes through the site API instead of spaces. GitbookIO/gitbook#2598 from request/greenkeeper-codecov-2.0.2
• e7b4a88 Merge pull request Fix hint block decoration color GitbookIO/gitbook#2590 from nicjansma/timings-tests
• dd5c02c Updated comment
• 087de94 Merge pull request Fix canonical in a safe way GitbookIO/gitbook#2589 from odykyi/fix-tabulation
• 3d5e50d Merge pull request Fix whitespace added with image GitbookIO/gitbook#2594 from ahmadnassri/patch-1
• 0951f47 chore(package): update codecov to version 2.0.2
• baf9c1f chore(dependencies): har-validator -> 5.0.2
• 21b1112 chore(dependencies): har-validator -> 5.0.1
• 51806f8 chore(dependencies): har-validator to 5.x [removes babel dep]
• c57fb72 2.81.1

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Prototype Pollution npm:hoek:20180212	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic