[Snyk] Security upgrade x-ray from 2.3.0 to 2.3.4

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: x-ray

The new version differs by 102 commits.

• ed875ef Merge branch 'master' into master
• 6d54479 Fix array stream to account for empty arrays (#337)
• d6fba8a Merge pull request #339 from leonardodino/fix-promise-then
• 6167fc0 Add test checking error being passed to promise handler
• 7ed40fa Add promise interface testing
• 0741ec1 Fix promise compatibility
• e08f154 Update dependency isobject to v4 (WS-2018-0210 Low Severity Vulnerability detected by WhiteSource #28)
• 6db0755 Update dependency debug to v4 (CVE-2017-16137 (Medium) detected in debug-2.2.0.tgz #25)
• c0afaef Update dependency rimraf to v2.6.3 (Sincronización y CRON Jobs con Appengine #21)
• c060cdc Update dependency object-assign to ~4.1.0 (Datos de internet (scraping): Betabeers #20)
• bcc2aed Update dependency chalk to v2 (¡Nuevo intento de salvamento! Guild24 al rescate #22)
• 02a0972 Update dependency coveralls to v3 (WS-2017-0247 (Low) detected in ms-0.7.1.tgz #24)
• b6fc103 Update dependency mocha-lcov-reporter to v1.3.0 (Datos de internet (scraping): Domestika #19)
• 6fbe333 Merge pull request Datos de internet (scraping): angel.co #18 from lathropd/renovate/isobject-2.x
• 22b8627 Merge pull request Backend con Firebase (Serverless) #17 from lathropd/renovate/debug-2.x
• e1bc418 Update dependency debug to ~2.6.0
• 40437fe Merge pull request Google Analytics #16 from lathropd/renovate/coveralls-2.x
• c252d4a Merge branch 'master' into renovate/coveralls-2.x
• 4bb8fc2 Merge pull request Proceso de subida de ofertas por Google Sheets con formulario (o no) #15 from lathropd/renovate/concat-stream-1.x
• ecbc02f Merge pull request Logo lupa con forma de C. #14 from lathropd/renovate/cheerio-0.x
• 15c72fd Merge pull request v1.0.0 Curratelo: IDEAS #13 from lathropd/renovate/batch-0.x
• 3c15d16 update package.json version
• 1a04da3 Merge pull request Metamos Travis! :yay: #6 from matthewmueller/master
• 96685eb Merge pull request #338 from leonardodino/fix-repo

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Denial of Service (DoS) npm:qs:20140806-1	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) npm:validator:20130705-1	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic