[Snyk] Fix for 1 vulnerabilities

[181149]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 43 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (merge new curriculum, help/pair/bug functionality, jobs page freeCodeCamp/freeCodeCamp#486)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (Challenge http://www.freecodecamp.com/challenges/waypoint-line-up-form-elements-responsively-with-bootstrap has an issue  freeCodeCamp/freeCodeCamp#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request Challenge http://www.freecodecamp.com/challenges/zipline-build-a-pomodoro-clock has an issue  freeCodeCamp/freeCodeCamp#496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (Challenge http://www.freecodecamp.com/challenges/waypoint-link-to-external-pages-with-anchor-elements has an issue  freeCodeCamp/freeCodeCamp#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`
• 402c856 fix lint
• 87e7399 readme++

See the full diff

Package name: fetchr

The new version differs by 42 commits.

• f08e93f chore: v0.5.40
• b98ce2f Add setImmediate polyfill (Fix no user comment display freeCodeCamp/freeCodeCamp#215)
• be97b29 Bump sinon from 9.2.0 to 9.2.1 (User password hash in Stories freeCodeCamp/freeCodeCamp#213)
• 7ae280b Bump supertest from 4.0.2 to 5.0.0 (Camper News doesn't show comments unless authenticated freeCodeCamp/freeCodeCamp#209)
• 26425d9 Bump sinon from 9.1.0 to 9.2.0 (Camper News comments should be editable by their author for at least some duration of time freeCodeCamp/freeCodeCamp#211)
• 45a1742 Bump sinon from 9.0.3 to 9.1.0 (Upvote button isn't sufficiently clear as to whether you've successfully upvoted an article freeCodeCamp/freeCodeCamp#210)
• a8557db Bump debug from 4.1.1 to 4.2.0 (Comment overflow in News fix freeCodeCamp/freeCodeCamp#208)
• f7e28d5 Bump sinon from 9.0.2 to 9.0.3 (Dev server crash fix freeCodeCamp/freeCodeCamp#204)
• 8aa6676 Bump mocha from 8.1.2 to 8.1.3 (Feature: Board to find people to live pair with freeCodeCamp/freeCodeCamp#207)
• 2bcc1e8 Bump mocha from 8.1.1 to 8.1.2 (Possible Memory Leak freeCodeCamp/freeCodeCamp#206)
• c27af5e Bump lodash from 4.17.19 to 4.17.20 (Comment overflow in News. freeCodeCamp/freeCodeCamp#205)
• 04a9232 Bump mocha from 8.1.0 to 8.1.1 (There should be a resource section where all sites that have been listed in challenges should be there in alphabetical order freeCodeCamp/freeCodeCamp#203)
• ca131b6 Bump jshint from 2.11.2 to 2.12.0 (Move from Compose.io to MongoLab freeCodeCamp/freeCodeCamp#202)
• 3e579d4 Bump mocha from 8.0.1 to 8.1.0 (Remove bower_components from source and use bower.json freeCodeCamp/freeCodeCamp#201)
• 920941f Create Dependabot config file (Challenge point save fix. freeCodeCamp/freeCodeCamp#200)
• c727cbd Bump jshint from 2.11.1 to 2.11.2 (Fixed bonfire selected tab bug freeCodeCamp/freeCodeCamp#198)
• 49bfa4b Bump lodash from 4.17.17 to 4.17.19 (Codemirror multiline indent fix freeCodeCamp/freeCodeCamp#197)
• 0bb7038 Bump lodash from 4.17.15 to 4.17.17 (Selecting text and tab indenting it freeCodeCamp/freeCodeCamp#196)
• ba305a5 Bump mocha from 7.2.0 to 8.0.1 (After completing a challenge all points from bonefires are removed freeCodeCamp/freeCodeCamp#194)
• df857ac Bump mocha from 7.1.2 to 7.2.0 (/challenges results in occasional 404 errors freeCodeCamp/freeCodeCamp#193)
• c7bd173 Bump supertest from 3.4.2 to 4.0.2 (Fix #187 by updating reference to Trello board freeCodeCamp/freeCodeCamp#192)
• 20a16ad fix: registry
• 18c29d0 Bump fumble from 0.1.5 to 0.1.6 (Allow quotation marks freeCodeCamp/freeCodeCamp#190)
• 87a43f7 Bump fumble from 0.1.3 to 0.1.5 (Quotation marks in camper news freeCodeCamp/freeCodeCamp#189)

See the full diff

Package name: loopback-boot

The new version differs by 3 commits.

• bb5d423 2.28.0
• 07c0b01 Merge pull request Create Wiki controller to replace our static pages freeCodeCamp/freeCodeCamp#288 from strongloop/upgrade-2.x-deps
• bea9a5f chore: upgrade deps to fix npm audit complaints

See the full diff

Package name: loopback-connector-mongodb

The new version differs by 9 commits.

• b977cb4 3.4.0
• c5d8549 Merge pull request Tests in Friendly Date Ranges Bonfire  freeCodeCamp/freeCodeCamp#410 from strongloop/mongodb-driver-3.x
• 4b957d3 upgrade to mongodb driver 3.x
• ec7c721 Merge pull request Merge branch 'mobile-news' freeCodeCamp/freeCodeCamp#407 from strongloop/feat/alias-findById
• 0f9b573 Alias find as findById
• 42025d5 3.3.1
• b40d998 Switch to bson.ObjectID (Twitter zipline API endpoints freeCodeCamp/freeCodeCamp#401)
• 669ade3 Merge pull request Notify unauthenticated user when trying in vane to upvote something freeCodeCamp/freeCodeCamp#399 from strongloop/license
• e055da4 chore: update license

See the full diff

Package name: method-override

The new version differs by 19 commits.

• 5b83d4f 3.0.0
• 0aef6c8 deps: debug@3.1.0
• ddb4bcc build: supertest@1.2.0
• baed633 build: mocha@3.5.3
• b357d8e Drop support for Node.js below 0.10
• 09582af build: support Node.js 10.x
• 7579004 lint: apply standard 11 style
• 00ca04a build: support Node.js 9.x
• c92384c build: eslint-plugin-promise@3.7.0
• 4947f58 build: eslint-plugin-import@2.11.0
• 6fb651a build: support Node.js 8.x
• 21c08c3 build: Node.js@6.14
• 254b6ef build: Node.js@4.9
• 26ba0ce build: eslint-plugin-node@5.2.1
• 4aef9e5 build: eslint-plugin-import@2.8.0
• 7aced59 docs: remove gratipay badge
• b232f67 build: eslint-plugin-promise@3.6.0
• d96eb1f build: Node.js@6.12
• 78421d2 build: fix Node.js 0.8 npm install

See the full diff

Package name: rollbar

The new version differs by 250 commits.

• d198244 Release v2.19.0
• 6c59bba fix: remove buffer-from and use node's Buffer.from (issue 782 freeCodeCamp/freeCodeCamp#878)
• 83632a8 fix: add ts definition for config.host in node/server env (Alt tag glitch freeCodeCamp/freeCodeCamp#879)
• 1f014fd Merge pull request Bonfire: Make a Person: expect(Object.keys(bob).length) to equal 3 instead of 6. freeCodeCamp/freeCodeCamp#877 from rollbar/wj-remove-const
• f2e7502 fix: remove const declarations
• 522d4ce Merge pull request Make sure your i element has a closing tag freeCodeCamp/freeCodeCamp#817 from rollbar/wj-package-size
• fcc5156 rename scrub -> scrubFn
• df2350f build(deps): bump lodash from 4.17.15 to 4.17.19 (The Image link is broken freeCodeCamp/freeCodeCamp#875)
• 129c77b test: add tests for core browser js
• 87f03bd fix: add guard for undefined
• 83e0b3a Add "addErrorContext" in config type (Input field missing to input your CodePen Link into. freeCodeCamp/freeCodeCamp#874)
• 1bd38d9 refactor: prevent including all of package.json when building from src
• d332396 feat: enable componentized truncation
• 0dae97b feat: enable componentized scrubber
• 6a7c1ea test: add test for globals wrappers
• c275c6c feat: enable componentized global wrappers
• 8a3fe91 add baseURL for nested routes (Fixed regexp on both ul and li opening tags freeCodeCamp/freeCodeCamp#872)
• a8b01dd feat: enable componentized browser js
• b456224 feat: export setupJSON and make optional
• f1b7f23 Remove debug from dependency (First box unchecked at html waypoint 38 freeCodeCamp/freeCodeCamp#871)
• 29ee9e3 Release v2.18.0
• aaf6770 feat: send error context as custom data (Update incorrect (older) reference to "Field Guide" freeCodeCamp/freeCodeCamp#870)
• d50272d Allow scrubbing by full path in payload (Wrapping my a element in my new p element freeCodeCamp/freeCodeCamp#869)
• 4d61175 Merge pull request font awesome trash icon closing brackets complete waypoint un-closed freeCodeCamp/freeCodeCamp#868 from rollbar/wj-clone-fetch-response

See the full diff

Package name: snyk

The new version differs by 50 commits.

• adf9b7b feat: update deps
• 6b9b538 feat: add payload size to analytics
• 91893f6 feat: don't send `from` arrays in pkg trees
• f5c99b2 chore: node4 compatible syntax in test
• 4af5792 chore: drop babel
• 439195c feat: use proxy-agent for proxying
• 348ea15 chore: update .nvmrc to 4
• ff777dd feat: better url-opening ability for `snyk auth` flow
• c6f467e fix: code styling issues detected by lgtm
• 9bc11d1 feat: bail out on unsupported nodejs runtime versions
• aa6040e fix: pin snyk-policy version
• 42796e7 feat: drop support for Node < 4
• 933f3f1 feat: update snyk-resolve-deps to reduce size of dependencies
• 042c476 feat: remove update notifier
• 7e10aae feat: support yarn for protect scripts
• 6b6ce94 fix: dont suggest reinstallation for yarn projects
• 80e49fd fix: update test fixures expected version
• 38f993f fix: compatability with new pip version (10.0.0)
• db91114 feat: a seperate spinner for "Analyzing deps ..."
• 6a77349 fix: update snyk-go-plugin 1.4.5 -> 1.4.6
• 334f8b1 fix: remove vulns from analytics payload if present
• 58b5437 chore: adds security document
• b3d241a fix: bump snyk-python-plugin to better handle editable fragments
• 66d658a fix: analytics report includes duration of execution

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)