[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	No	No Known Exploit
	748/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ramda

The new version differs by 250 commits.

• 1a5d40b Version 0.27.2
• 4d8e8f0 Merge pull request #3212 from ramda/davidchambers/trim
• 94d0570 Security fix for ReDoS (#3177)
• 8ae355e update test string for trim
• 6bb8eea Version 0.27.1
• ed191e6 Merge pull request #2832 from kibertoad/chore/update-dependencies-2
• 20ba763 Update dependencies
• a6620f6 Update Babel to v7 (#2829)
• 2705518 Execute tests on Node 12 (#2828)
• c45208e hasPath return false for non-object checks (#2825)
• 0baeda1 updated invoker.js documentation (#2821)
• 072d417 Including BR translation. (#2621)
• ca1e2b5 add an example which covers error and value (#2806)
• 271b044 docs: Add @ since where it is missing (#2793)
• ac58c96 Update `pathSatisfies` to handles empty `path` arguments (#2791)
• b25ac73 Fix typo in split docs (#2792)
• 7d55e91 Add R.xor (Exclusive OR) (#2646)
• efd899b feature: adding paths operator - #2740 (#2742)
• 235a370 fix: rename then to andThen (#2772)
• 8d59032 Fix broken link in readme (#2768)
• 38feed2 remove erroneous quotes in tryCatch documentation (#2765)
• ce4f936 fix `@ since` in `includes` (#2764)
• 626762b Reference to Ramda Conventions wiki page (#2718)
• 878cacd Add prebench script (#2759)

See the full diff

Package name: yeoman-generator

The new version differs by 83 commits.

• d8253fc 2.0.3
• 971c1a8 Fix issue #1050 regarding unsecured dependencies (#1056)
• 150053c Update Travis version support
• 967cb0f 2.0.2
• d291b78 Bump dependencies
• f7b8167 fix: Do not apply user defaults when question.choices is a function. Fix #1051
• 825305e Fix typo in comment (#1044)
• 28cbab2 2.0.1
• 2955a84 Bump dependencies (+ security fix of debug)
• 9e4ccf5 2.0.0
• a29e5d9 Bump dependencies
• 96da393 Bump package-lock.json
• 4b1b841 Replace gulp with raw Mocha
• 6effbfe Use raw nsp
• 183b3a8 Get rid of before/after (toward jest migration)
• 68d59c1 Add package-lock.json
• f8e46b0 Don't die on diffing file deletions (again) (#1028)
• edc2bf2 [comments] Change wrong param name in description (#1018)
• 364606e Switch to `make-dir`
• eaf1ade New: option shorthand on installDependencies method (#1015)
• e296e52 Bump XO and minor style tweaks
• 9da7391 Bump dependencies
• b010701 More ES2015ifing
• cfd2a8e Refactor install methods to handle promises - ref #1006

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic