[Snyk] Fix for 2 vulnerabilities

[Someguy123]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: sequelize-cli

The new version differs by 28 commits.

• f409094 3.0.0
• df04135 changelog: v3
• 5633648 refactor: use single log/warn/error methods, make output pretty (#552)
• e5a9b15 fix(db:create/drop): properly quote database name, fixed #545
• 20d17ee chore(package): update js-beautify to version 1.7.1 (#547)
• 0846642 docs(migrations): point to docs site
• 6d583d2 fix: use directive for __filename, fixes #527
• 98613d2 Minor grammar fix (#541)
• 7c169b0 docs: how to use with SSL
• db51c18 docs: how to use with SSL
• 51bd094 3.0.0-3
• d87a71c changelog: v3.0.0-3 update
• c035f54 added: db:create / db:drop tasks (#540)
• 88ab111 fix: error when creating nested config (#539)
• bc980ed 3.0.0-2
• 6fae353 docs: changelog v3.0.0-2
• 2dcefdf fix(.sequelizerc): options files is not used by all commands (#537)
• f0911cf changelog v3.0.0-1
• 623e1db 3.0.0-1
• 733ced9 fix: update skeletons to use es6, closes #482
• c70231e added: warn when using with Sequelize v4
• a6290fd Docs (#535)
• e731a26 changelog: v3.0.0-0
• 05419ab 3.0.0-0

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption