commit f875e0122210f847132c5fcca188323c24a2be21
author Gunnar Mills <gmills@us.ibm.com> Tue Nov 27 13:39:27 2018 -0600
committer Gunnar Mills <gmills@us.ibm.com> Tue Nov 27 15:24:19 2018 -0600
tree f8c0665e18420005f88dab11099e9cb867eeebae
parent 1c43b312769fcf9fe4e41bf6d7336402d06bed6e

Downgrade event-stream package to 3.3.4

From the phosphor-webui alert:
"The NPM package flatmap-stream is considered malicious.
A malicious actor added this package as a dependency to the NPM
event-stream package in versions 3.3.6 and later. Users of
event-stream are encouraged to downgrade to the last non-malicious
version, 3.3.4."

More information can be found at:
https://github.com/dominictarr/event-stream/issues/116
https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/

Tested: Manually on a Witherspoon.
Change-Id: I2555ee04be69cc42f99cf3a5d18a99a4d5c26324
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

package-lock.json

diff --git a/package-lock.json b/package-lock.json
index eef6667..7670068 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3170,17 +3170,17 @@
       "dev": true
     },
     "event-stream": {
-      "version": "3.3.5",
-      "resolved": "https://registry.npmjs.org/event-stream/-/event-stream-3.3.5.tgz",
-      "integrity": "sha512-vyibDcu5JL20Me1fP734QBH/kenBGLZap2n0+XXM7mvuUPzJ20Ydqj1aKcIeMdri1p+PU+4yAKugjN8KCVst+g==",
+      "version": "3.3.4",
+      "resolved": "http://registry.npmjs.org/event-stream/-/event-stream-3.3.4.tgz",
+      "integrity": "sha1-SrTJoPWlTbkzi0w02Gv86PSzVXE=",
       "dev": true,
       "requires": {
         "duplexer": "0.1.1",
         "from": "0.1.7",
-        "map-stream": "0.0.7",
+        "map-stream": "0.1.0",
         "pause-stream": "0.0.11",
-        "split": "1.0.1",
-        "stream-combiner": "0.2.2",
+        "split": "0.3.3",
+        "stream-combiner": "0.0.4",
         "through": "2.3.8"
       }
     },
@@ -5597,9 +5597,9 @@
       "dev": true
     },
     "map-stream": {
-      "version": "0.0.7",
-      "resolved": "https://registry.npmjs.org/map-stream/-/map-stream-0.0.7.tgz",
-      "integrity": "sha1-ih8HiW2CsQkmvTdEokIACfiJdKg=",
+      "version": "0.1.0",
+      "resolved": "http://registry.npmjs.org/map-stream/-/map-stream-0.1.0.tgz",
+      "integrity": "sha1-5WqpTEyAVaFkBKBnS3jyFffI4ZQ=",
       "dev": true
     },
     "map-visit": {
@@ -7961,9 +7961,9 @@
       }
     },
     "split": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/split/-/split-1.0.1.tgz",
-      "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==",
+      "version": "0.3.3",
+      "resolved": "http://registry.npmjs.org/split/-/split-0.3.3.tgz",
+      "integrity": "sha1-zQ7qXmOiEd//frDwkcQTPi0N0o8=",
       "dev": true,
       "requires": {
         "through": "2.3.8"
@@ -8051,13 +8051,12 @@
       }
     },
     "stream-combiner": {
-      "version": "0.2.2",
-      "resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.2.2.tgz",
-      "integrity": "sha1-rsjLrBd7Vrb0+kec7YwZEs7lKFg=",
+      "version": "0.0.4",
+      "resolved": "http://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz",
+      "integrity": "sha1-TV5DPBhSYd3mI8o/RMWGvPXErRQ=",
       "dev": true,
       "requires": {
-        "duplexer": "0.1.1",
-        "through": "2.3.8"
+        "duplexer": "0.1.1"
       }
     },
     "stream-each": {