[Security] Fix 195 known vulnerabilities

This is a big can of worms to open up, but there are a bunch of security issues in this project's dependencies (mostly `mocha` and `ember-cli`). Unfortunately, upgrading `ember-cli` to the point where these issues are patched causes problems in this project's tests (which depend on now-removed private cli internals) 

#### Don't use private internals of packages you depend on

Since this package was originally written, the terminal I/O stuff has been extracted to [console-ui](https://github.com/ember-cli/console-ui), and a feature that `ember-cli-release`'s tests heavily rely on [has been removed due to e-cli's own tests no longer needing it](https://github.com/ember-cli/console-ui/issues/1#issuecomment-383685483).

Through subclassing `MockUI` (once obtained from `console-ui`), we can get these back

```js
function TestUI() {}
TestUI.prototype = new MockUI();

TestUI.prototype.waitForPrompt = function() {
  if (!this._waitingForPrompt) {
    var promise, resolver;
    promise = new Promise(function(resolve){
      resolver = resolve;
    });
    this._waitingForPrompt = promise;
    this._promptResolver = resolver;
  }
  return this._waitingForPrompt;
};

TestUI.prototype.prompt = function(opts, cb) {
  if (this._waitingForPrompt) {
    this._waitingForPrompt = null;
    this._promptResolver();
  }
  return MockUI.prototype.prompt.call(this, opts, cb);
}

```


#### Inquirer is annoying

I've spent a few hours digging really deep into this, and am at the point where we can no longer reliably mock answers to [inquirer](https://github.com/SBoudrias/Inquirer.js) questions. Inquirer's own tests are a shining example of why mocking and stubbing out the whole world is a bad idea (tests aren't even run against real input/output streams, and use tons of testing helpers that aren't easily available to consumers). Because inquirer is a dependency of ember-cli (and we don't really interact with it directly), we're _even farther_ removed from this thing that we need to alter in big ways to test effectively.

**I have escalated this to the ember-cli team, and can resume working on this once I have an answer, and more OSS time**

#### Backup plan

If beating inquirer into submission proves to time consuming or difficult, we should explore rewriting the tests in such a way that the console-ui is mocked entirely. This would be a regrettable, result of working with test-hostile dependencies of dependencies.

---

found 195 vulnerabilities (27 low, 112 moderate, 54 high, 2 critical)

* https://nodesecurity.io/advisories/98
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/46
* https://nodesecurity.io/advisories/46
* https://nodesecurity.io/advisories/46
* https://nodesecurity.io/advisories/46
* https://nodesecurity.io/advisories/46
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/76
* https://nodesecurity.io/advisories/76
* https://nodesecurity.io/advisories/76
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/93
* https://nodesecurity.io/advisories/93
* https://nodesecurity.io/advisories/93
* https://nodesecurity.io/advisories/93
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/57
* https://nodesecurity.io/advisories/597
* https://nodesecurity.io/advisories/61
* https://nodesecurity.io/advisories/39
* https://nodesecurity.io/advisories/48
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/577
* https://nodesecurity.io/advisories/528
* https://nodesecurity.io/advisories/98
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/338
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/309
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/596
* https://nodesecurity.io/advisories/76
* https://nodesecurity.io/advisories/76
* https://nodesecurity.io/advisories/76
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/77
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/566
* https://nodesecurity.io/advisories/606
* https://nodesecurity.io/advisories/606
* https://nodesecurity.io/advisories/606
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/664
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/130
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/525
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/598
* https://nodesecurity.io/advisories/597
* https://nodesecurity.io/advisories/118
* https://nodesecurity.io/advisories/534
* https://nodesecurity.io/advisories/146

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security] Fix 195 known vulnerabilities #72

Don't use private internals of packages you depend on

Inquirer is annoying

Backup plan

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Security] Fix 195 known vulnerabilities #72

Description

Don't use private internals of packages you depend on

Inquirer is annoying

Backup plan

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions