[Snyk] Security upgrade truffle-hdwallet-provider from 1.0.12 to 1.0.17

[q1blue]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	170

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8597c6e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[guardrails]

⚠️ We detected 26 security issues in this pull request:

Vulnerable Libraries (26)

Severity	Details
N/A	pkg:npm/file-type@5.2.0 (t) upgrade to: 16.5.4,17.1.3
Low	pkg:npm/web3@1.0.0-beta.55 (t) - no patch available
N/A	pkg:npm/diff@3.3.1 (t) upgrade to: 3.5.0
Critical	pkg:npm/handlebars@4.5.3 (t) upgrade to: 4.7.7
High	pkg:npm/express@4.17.1 (t) - no patch available
High	pkg:npm/lodash@4.17.11 (t) upgrade to: 4.17.21,4.17.21
Critical	pkg:npm/uglify-js@3.6.0 (t) - no patch available
Medium	pkg:npm/ajv@6.10.0 (t) upgrade to: 6.12.3
Medium	pkg:npm/web3-eth-accounts@1.0.0-beta.55 (t) - no patch available
Medium	pkg:npm/elliptic@6.4.1 (t) upgrade to: 6.5.4
High	pkg:npm/shelljs@0.7.8 (t) upgrade to: 0.8.5
Critical	pkg:npm/decompress@4.2.0 (t) upgrade to: 4.2.1
Critical	pkg:npm/underscore@1.8.3 (t) upgrade to: 1.12.1
N/A	pkg:npm/thenify@3.3.0 (t) upgrade to: 3.3.1,3.3.1
Low	pkg:npm/request@2.88.0 (t) - no patch available
Critical	pkg:npm/json-schema@0.2.3 (t) upgrade to: 0.4.0
N/A	pkg:npm/tree-kill@1.2.1 (t) upgrade to: 1.2.2
Critical	pkg:npm/url-parse@1.4.4 (t) upgrade to: 1.5.8
High	pkg:npm/mocha@4.1.0 (t) - no patch available
High	pkg:npm/tar@2.2.2 (t) upgrade to: 3.2.2,4.4.14,5.0.6,6.1.1
Critical	pkg:npm/minimist@0.0.10 (t) upgrade to: 1.2.6
High	pkg:npm/mout@0.11.1 (t) upgrade to: 1.2.3
Medium	pkg:npm/bl@1.2.2 (t) upgrade to: 1.2.3,2.2.1,3.0.1,4.0.3
N/A	pkg:npm/got@7.1.0 (t) upgrade to: 12.1.0,11.8.5
High	pkg:npm/simple-get@2.8.1 (t) upgrade to: 4.0.1,3.1.1,2.8.2
High	pkg:npm/minimatch@3.0.4 (t) upgrade to: 3.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.