update deps

node_modules/request-promise-native/.npmignore

@@ -1,13 +0,0 @@
-/.idea/
-/coverage/
-/test/
-
-/.editorconfig
-/.eslintrc.json
-/.gitignore
-/.publishrc
-/.travis.yml
-/gulpfile.js
-
-.DS_Store
-npm-debug.log

node_modules/request-promise-native/LICENSE

@@ -1,6 +1,6 @@
 ISC License
 
-Copyright (c) 2017, Nicolai Kamenzky and contributors
+Copyright (c) 2019, Nicolai Kamenzky and contributors
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above

node_modules/request-promise-native/README.md

@@ -10,11 +10,11 @@
 [![Dependency Status](https://img.shields.io/david/request/request-promise-native.svg?style=flat-square&maxAge=2592000)](https://david-dm.org/request/request-promise-native)
 [![Known Vulnerabilities](https://snyk.io/test/npm/request-promise-native/badge.svg?style=flat-square&maxAge=2592000)](https://snyk.io/test/npm/request-promise-native)
 
-This package is similar to [`request-promise`](https://www.npmjs.com/package/request-promise) but uses native ES6 promises.
+This package is similar to [`request-promise`](https://www.npmjs.com/package/request-promise) but uses native ES6+ promises.
 
 Please refer to the [`request-promise` documentation](https://www.npmjs.com/package/request-promise). Everything applies to `request-promise-native` except the following:
-- Instead of using Bluebird promises this library uses native ES6 promises.
-- Mind that native ES6 promises have fewer features than Bluebird promises do. In particular, the `.finally(...)` method is not available.
+- Instead of using Bluebird promises this library uses native ES6+ promises.
+- Native ES6+ promises may have fewer features than Bluebird promises do. In particular, the `.finally(...)` method was not included until Node v10.
 
 ## Installation
 
@@ -49,6 +49,9 @@ If you want to debug a test you should use `gulp test-without-coverage` to run a
 
 ## Change History
 
+- v1.0.8 (2019-11-03)
+    - Security fix: bumped `request-promise-core` which bumps `lodash` to `^4.17.15`. See [vulnerabilty reports](https://snyk.io/vuln/search?q=lodash&type=npm).
+      *(Thanks to @aw-davidson for reporting this in issue [#49](https://github.com/request/request-promise-native/issues/49).)*
 - v1.0.7 (2019-02-14)
     - Corrected mistakenly set `tough-cookie` version, now `^2.3.3`
       *(Thanks to @evocateur for pointing this out.)*

node_modules/request-promise-native/package.json

@@ -1,8 +1,8 @@
 {
   "_from": "request-promise-native@^1.0.5",
-  "_id": "request-promise-native@1.0.7",
+  "_id": "request-promise-native@1.0.8",
   "_inBundle": false,
-  "_integrity": "sha512-rIMnbBdgNViL37nZ1b3L/VfPOpSi0TqVDQPAvO6U14lMzOLrt5nilxCQqtDKhZeDiW0/hkCXGoQjhgJd/tCh6w==",
+  "_integrity": "sha512-dapwLGqkHtwL5AEbfenuzjTYg35Jd6KPytsC2/TLkVMz8rm+tNt72MGUWT1RP/aYawMpN6HqbNGBQaRcBtjQMQ==",
   "_location": "/request-promise-native",
   "_phantomChildren": {},
   "_requested": {
@@ -18,10 +18,10 @@
   "_requiredBy": [
     "/jsdom"
   ],
-  "_resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.7.tgz",
-  "_shasum": "a49868a624bdea5069f1251d0a836e0d89aa2c59",
+  "_resolved": "https://registry.npmjs.org/request-promise-native/-/request-promise-native-1.0.8.tgz",
+  "_shasum": "a455b960b826e44e2bf8999af64dff2bfe58cb36",
   "_spec": "request-promise-native@^1.0.5",
-  "_where": "F:\\projects\\vanillajs-seed\\node_modules\\jsdom",
+  "_where": "/home/s2/Code/vanillajs-seed/node_modules/jsdom",
   "author": {
     "name": "Nicolai Kamenzky",
     "url": "https://github.com/analog-nico"
@@ -31,7 +31,7 @@
   },
   "bundleDependencies": false,
   "dependencies": {
-    "request-promise-core": "1.1.2",
+    "request-promise-core": "1.1.3",
     "stealthy-require": "^1.1.1",
     "tough-cookie": "^2.3.3"
   },
@@ -82,5 +82,5 @@
     "test": "gulp ci",
     "test-publish": "gulp ci-no-cov"
   },
-  "version": "1.0.7"
+  "version": "1.0.8"
 }