[Snyk] Security upgrade node-sass-chokidar from 0.0.3 to 2.0.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: node-sass-chokidar

The new version differs by 98 commits.

• 59f7dfd 2.0.0
• 05cca3f Update travis config and README
• e6616fa Upgrade node-sass to latest
• dea8bdc Merge pull request #113 from michaelwayman/dependabot/npm_and_yarn/path-parse-1.0.7
• a4063fb Merge pull request #112 from michaelwayman/dependabot/npm_and_yarn/glob-parent-5.1.2
• 9918d1e Merge pull request #109 from michaelwayman/dependabot/npm_and_yarn/hosted-git-info-2.8.9
• ae332ce Merge pull request #108 from michaelwayman/dependabot/npm_and_yarn/lodash-4.17.21
• 81d6c73 Merge pull request #107 from michaelwayman/dependabot/npm_and_yarn/y18n-3.2.2
• 6807f07 Bump path-parse from 1.0.6 to 1.0.7
• 7f27b9e Bump glob-parent from 5.1.1 to 5.1.2
• 61d46cf Bump hosted-git-info from 2.8.8 to 2.8.9
• bd01b8c Bump lodash from 4.17.19 to 4.17.21
• 44c91ba Bump y18n from 3.2.1 to 3.2.2
• 042f1ce Merge pull request #105 from michaelwayman/master
• 8d09f12 Merge pull request #104 from michaelwayman/develop
• a31ab39 Merge branch 'master' into develop
• 4f69ddc Update README.md
• 60bdd3f Merge pull request #102 from michaelwayman/dependabot/npm_and_yarn/lodash-4.17.19
• 70a6df9 Bump lodash from 4.17.15 to 4.17.19
• da989ad Merge pull request #101 from michaelwayman/develop
• ce4d70a Update readme
• a576367 Develop
• cc32666 Merge pull request #100 from michaelwayman/develop
• 74e8874 Remove travis before/after jobs

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary File Overwrite
🦉 Arbitrary File Overwrite
🦉 Arbitrary File Write
🦉 More lessons are available in Snyk Learn