[Snyk] Upgrade jpm from 1.1.4 to 1.3.1

[snyk-bot]

Snyk has created this PR to upgrade jpm from 1.1.4 to 1.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2017-03-29.

The recommended version fixes:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHMERGE-173732	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	No Known Exploit
	Remote Memory Exposure npm:request:20160119	No Known Exploit
	Prototype Pollution SNYK-JS-LODASHMERGE-173733	No Known Exploit

Release notes

Package name: jpm

• 1.3.1 - 2017-03-29
  

  Bug Fixes

  • Allow package.json to explicitly set em:multiprocessCompatible to false (#608) (b4c71fd)

  See all changes

• 1.3.0 - 2017-02-07
  

  Features

  • Added --api-proxy option to the sign command (#593) (723bbe1)

  See all changes for 1.3.0.

• 1.2.2 - 2016-10-10
  

  Bug Fixes

  • Fixed TypeError when running jpm post (66be4ff), closes #597

  See all changes

• 1.2.1 - 2016-10-06
  

  Bug Fixes

  • Fixed a bug where bootstrap.js and install.rdf were not generated for Firefox >=50.0a (a538c9d), closes #592
  • Fixed a possible jpm sign timeout if your connection was slow or the XPI file was very large (see mozilla/sign-addon#213)

  See all changes

• 1.2.0 - 2016-09-30
  

  Features

  • Added --dest-dir option to jpm xpi to specify an output directory for the XPI file (#544) (8059d86)
  • Added support for hybrid SDK / WebExtension addons (#578) (9502ff6)
  • Added a troubleshooting hint about invalid IDs (#576) (413022d)

  See all changes

• 1.1.4 - 2016-08-11
  

  Bug Fixes

  • Avoid JS errors from external file from normandy.cdn.mozilla.org during jpm run (#561) (73c9d41)
  • Exclude manifest.json from built XPIs. This also fixed an error which prevented mixing manifest.json into add-on source code. (#566) (aad5756)

  See all changes

from jpm GitHub release notes

Commit messages

Package name: jpm

• dc1aefb chore: bump version
• b4c71fd fix: Allow `package.json` to explicitly set `em:multiprocessCompatible` to `false` (fix(build): support transpile to commonjs angular/angular#608)
• f4f4070 docs: warn about future deprecation
• 63c2e50 chore: bump version for release
• 723bbe1 fix: Added `--api-proxy` option to the `sign` command (refactor(facade): remove dependency to rtts_assert angular/angular#593)
• 2dd7b6a chore: Drop node 5 build (Passing through static attributes for (some) components angular/angular#602)
• 55c96cc chore: bump version for release
• 66be4ff fix: Fixed TypeError when running `jpm post` (fix(compiler): elements with events only create binders but not protoEle... angular/angular#597)
• 1bf8438 chore: bump version for release
• f87ddee chore: upgrade sign-addon (Rename @Template -> to @Viewport angular/angular#595)
• a538c9d fix: Fixed bootstrap.js & install.rdf not generated for Firefox >=50.0a (Support array of arrays in TemplateConfig directives angular/angular#592)
• f075f6a test: fixed async and cleanup bugs with some XPI unit tests (Update docs to fix variable typos angular/angular#589)
• f6c66ed chore: bump version for release
• c403acb chore: Update request and sign-addon dependencies (feat(TemplateLoader): cssUrl angular/angular#580)
• 4561d48 chore: Remove odd Array coercion in lib/rdf's createUpdateRDF() (change detection: provide previous value when flipping from array -> null angular/angular#588)
• 4c1055b chore: Add ESLint no-console and max-len rules (feat(EventManager): implement the EventManager angular/angular#587)
• 9502ff6 feat: Added support for hybrid SDK addons (docs: lifecycle draft angular/angular#578)
• 5f7a5ac chore: Switch from JSHint/JSCS to ESLint (Update 01_templates.md angular/angular#581)
• 413022d feat: Added troubleshooting note about invalid IDs (Support different control types angular/angular#576)
• 8059d86 feat: Added option to specify output directory for XPI file (Execute HTML compiler outside of angular ZONE. angular/angular#544)
• e1f9f52 test: Update get-firefox to version that doesn't write archive to disk (fix(transpile): fix usage of int and references to assert module angular/angular#572)
• 503fac4 test: Use unbranded build on travis CI (feat(DirectiveParser): throw errors when expected directives are not... angular/angular#570)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs