[Snyk] Upgrade browserify from 16.2.3 to 16.5.2

[snyk-bot]

Snyk has created this PR to upgrade browserify from 16.2.3 to 16.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 2 years ago, on 2020-08-03.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	405/1000 Why? CVSS 8.1	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-CACHEDPATHRELATIVE-2342653	405/1000 Why? CVSS 8.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	405/1000 Why? CVSS 8.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	405/1000 Why? CVSS 8.1	Proof of Concept
	Timing Attack SNYK-JS-ELLIPTIC-511941	405/1000 Why? CVSS 8.1	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	405/1000 Why? CVSS 8.1	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	405/1000 Why? CVSS 8.1	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	405/1000 Why? CVSS 8.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: browserify

• 16.5.2 - 2020-08-03
  

  16.5.2

• 16.5.1 - 2020-03-30
  

  Remove deprecated mkdirp version in favour of mkdirp-classic.

  00c913f

  Pin dependencies for Node.js 0.8 support.

  #1939

• 16.5.0 - 2019-08-09
  

  Support custom name for "browser" field resolution in package.json using the browserField option.

  #1918

• 16.4.0 - 2019-08-08
  

  Upgrade stream-http to v3. This version drops support for IE10 and below.

  #1916

• 16.3.0 - 2019-07-05
  

  add empty stub for the http2 builtin module.

  #1913

  update license text to remove references to code that is no longer included.

  #1906

  add more tests for folder resolution.

  #1139

• 16.2.3 - 2018-09-25
  

  add empty stub for the inspector builtin module.

  #1854

  change the "browser" field link to the browser-field-spec repo instead of the old gist.

  #1845

from browserify GitHub release notes

Commit messages

Package name: browserify

• c94b4d5 16.5.2
• 678d650 Merge pull request #1973 from browserify/browser-resolve-2
• fc324b5 update browser-resolve to v2
• da0f1e1 16.5.1
• dc71ea0 Use non-deprecated mkdirp package.
• c53f841 gitignore - add node_modules
• 2b50632 Update package.json
• 249f54b Update package.json
• 985dad9 deps - pin deps for node v0.8 support
• 86c3a00 fixes swapped changelog PR references in 10.2.0
• a245fe6 Add security.md
• 506533c 16.5.0
• 85489cc Update changelog.markdown
• 4c04949 Merge pull request #1918 from browserify/custom-browser-field
• 8213b64 Support custom names for "browser" field resolution
• 8980670 16.4.0
• f871a85 Update changelog.markdown
• 52de2c4 Merge pull request #1916 from browserify/stream-http
• 5dc1bf2 Upgrade stream-http to v3
• 4a5ea7e Add funding.yml
• 9824fae 16.3.0
• 9e3397b Add http2 to builtins (#1913)
• d2ade25 Add http2 to builtins
• 876182d Tweak license text so Github detects it correctly

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs