update mammoth version to avoid vuln

[mattburlage]

mammoth 1.3.6 uses an vulnerable version of xmlbuilder (via lodash). This updates it to a non-vulnerable version.

Issue: #112

[CLAassistant]

All committers have signed the CLA.

[pg-infosec]

Vulnerable Package: mime
Affected Range: < 1.4.1
Fixed Version: 1.4.1
Related CVE: CVE-2017-16138
Severity: HIGH

More Information: Please consider upgrading mime to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2017-16138, or visit the FAQ

[pg-infosec]

Vulnerable Package: lodash
Affected Range: < 4.17.5
Fixed Version: 4.17.5
Related CVE: CVE-2018-3721
Severity: MODERATE

More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-3721, or visit the FAQ

[pg-infosec]

Vulnerable Package: webpack-dev-server
Affected Range: < 3.1.11
Fixed Version: 3.1.11
Related CVE: CVE-2018-14732
Severity: LOW

More Information: Please consider upgrading webpack-dev-server to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-14732, or visit the FAQ

[pg-infosec]

Vulnerable Package: lodash
Affected Range: < 4.17.11
Fixed Version: 4.17.11
Related CVE: CVE-2018-16487
Severity: LOW

More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-16487, or visit the FAQ

[pg-infosec]

Vulnerable Package: tar
Affected Range: < 2.2.2
Fixed Version: 2.2.2
Related CVE: CVE-2018-20834
Severity: HIGH

More Information: Please consider upgrading tar to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2018-20834, or visit the FAQ

[pg-infosec]

Vulnerable Package: fstream
Affected Range: < 1.0.12
Fixed Version: 1.0.12
Related CVE: WS-2019-0100
Severity: MODERATE

More Information: Please consider upgrading fstream to prevent deploying vulnerable code into production. For more information, visit: npm/fstream@6a77d2f, or visit the FAQ

[pg-infosec]

Vulnerable Package: js-yaml
Affected Range: < 3.13.1
Fixed Version: 3.13.1
Related CVE: WS-2019-0063
Severity: HIGH

More Information: Please consider upgrading js-yaml to prevent deploying vulnerable code into production. For more information, visit: nodeca/js-yaml#480, or visit the FAQ

[pg-infosec]

Vulnerable Package: js-yaml
Affected Range: < 3.13.0
Fixed Version: 3.13.0
Related CVE: WS-2019-0032
Severity: MODERATE

More Information: Please consider upgrading js-yaml to prevent deploying vulnerable code into production. For more information, visit: nodeca/js-yaml#475, or visit the FAQ

[pg-infosec]

Vulnerable Package: braces
Affected Range: < 2.3.1
Fixed Version: 2.3.1
Related CVE: WS-2019-0019
Severity: MODERATE

More Information: Please consider upgrading braces to prevent deploying vulnerable code into production. For more information, visit: micromatch/braces@abdafb0, or visit the FAQ

[pg-infosec]

Vulnerable Package: eslint
Affected Range: < 4.18.2
Fixed Version: 4.18.2
Related CVE: WS-2018-0592
Severity: MODERATE

More Information: Please consider upgrading eslint to prevent deploying vulnerable code into production. For more information, visit: eslint/eslint@f6901d0, or visit the FAQ

[pg-infosec]

Vulnerable Package: mem
Affected Range: < 4.0.0
Fixed Version: 4.0.0
Related CVE: WS-2018-0236
Severity: MODERATE

More Information: Please consider upgrading mem to prevent deploying vulnerable code into production. For more information, visit: sindresorhus/memoize@da4e439, or visit the FAQ

[pg-infosec]

Vulnerable Package: lodash
Affected Range: < 4.17.13
Fixed Version: 4.17.13
Related CVE: CVE-2019-10744
Severity: CRITICAL

More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: lodash/lodash#4336, or visit the FAQ

[pg-infosec]

Vulnerable Package: lodash.mergewith
Affected Range: < 4.6.2
Fixed Version: 4.6.2
Related CVE: CVE-2019-10744
Severity: CRITICAL

More Information: Please consider upgrading lodash.mergewith to prevent deploying vulnerable code into production. For more information, visit: lodash/lodash#4336, or visit the FAQ

[pg-infosec]

Vulnerable Package: handlebars
Affected Range: >= 4.0.0, < 4.0.14
Fixed Version: 4.0.14
Related CVE: WS-2019-0064
Severity: HIGH

More Information: Please consider upgrading handlebars to prevent deploying vulnerable code into production. For more information, visit: handlebars-lang/handlebars.js@v4.1.1...v4.1.2, or visit the FAQ

[pg-infosec]

Vulnerable Package: lodash
Affected Range: < 4.17.11
Fixed Version: 4.17.11
Related CVE: CVE-2019-1010266
Severity: MODERATE

More Information: Please consider upgrading lodash to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2019-1010266, or visit the FAQ

[pg-infosec]

Vulnerable Package: mixin-deep
Affected Range: < 1.3.2
Fixed Version: 1.3.2
Related CVE: CVE-2019-10746
Severity: CRITICAL

More Information: Please consider upgrading mixin-deep to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2019-10746, or visit the FAQ

[pg-infosec]

Vulnerable Package: set-value
Affected Range: < 2.0.1
Fixed Version: 2.0.1
Related CVE: CVE-2019-10747
Severity: CRITICAL

More Information: Please consider upgrading set-value to prevent deploying vulnerable code into production. For more information, visit: https://nvd.nist.gov/vuln/detail/CVE-2019-10747, or visit the FAQ