[Snyk] Fix for 13 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	Yes	Proof of Concept
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-loader

The new version differs by 201 commits.

• 1a76476 7.0.0
• 7307226 Point changelog to releases
• 174cb10 Merge branch '7.0'
• 2204871 Add prettier (Mobile Camper News doesn't show headline freeCodeCamp/freeCodeCamp#409)
• dbec80d Make sure .babelrc is a file, not a directory (Field guide updates freeCodeCamp/freeCodeCamp#427)
• aa485e4 Use bash codecov (Points on portfolio page are 0 if you aren't authenticated freeCodeCamp/freeCodeCamp#440)
• 16522b6 yarn.lock
• 660922b Update ava to the latest version 🚀 (Change jQuery challenge description slightly. freeCodeCamp/freeCodeCamp#434)
• 5d248b5 Update cross-env to the latest version 🚀 (Clarification needed for Search and Replace (21) Bonfire freeCodeCamp/freeCodeCamp#431)
• 74ff2e6 Updated documentation to match webpack v2 changes. (News points freeCodeCamp/freeCodeCamp#438)
• ed8711d Add note about webpack versions
• a7342de 7.0.0-beta.1
• fb8c271 Merge branch 'fix-options' into 7.0
• 1ed7ff5 Merge branch 'master' into 7.0
• e20f6b6 Changelog for 6.4.1 (Logging in by email redirects to main.css freeCodeCamp/freeCodeCamp#424)
• 48325ea 6.4.1
• 87e4e85 target node 4 in preset env (Bonfire display fix and new field-guide freeCodeCamp/freeCodeCamp#423)
• f3241f8 Fixed reset of BABEL_ENV when options.forceEnv is used (Delete newrelic.js file. Move static routes to bottom of express configu... freeCodeCamp/freeCodeCamp#420)
• 05a31c5 7.0.0-alpha.3
• ad77367 Ensure options are always an object (News mailer fix freeCodeCamp/freeCodeCamp#413)
• e8aa302 Ensure options are always an object
• b9209e7 7.0.0-alpha.2
• 3f51915 Update yarn.lock
• c18b16a Fix merge conflict

See the full diff

Package name: express

The new version differs by 173 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: qs@6.9.7
• a007863 deps: body-parser@1.19.2
• e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use minimatch@3.0.4 for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: supertest@6.2.2
• 43cc56e build: clean up gitignore
• 1c7bbcc build: Node.js@14.19
• 9cbbc8a deps: cookie@0.4.2
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: forever

The new version differs by 19 commits.

• 4705421 Prepare 4.0.0 for release
• 35a4062 Remove y18n due to CVE 2020 7774 part 5 (Not working freeCodeCamp/freeCodeCamp#1112)
• 1f6108e Move getopts to devDependencies (Tests adding 2 to expected results freeCodeCamp/freeCodeCamp#1113)
• aa22041 Replace yargs with getopts (CVE-2020-777) (Add a "How to use GitHub"-waypoint freeCodeCamp/freeCodeCamp#1110)
• ae6d88e Update in-range dependencies (Bonfire: Convert HTML Entities freeCodeCamp/freeCodeCamp#1108)
• 4a404f7 Drop `deep-equal` (Issue 1094 - Field Guide Error freeCodeCamp/freeCodeCamp#1101)
• b2120f9 Remove utile (Having trouble with <li> tags </li> freeCodeCamp/freeCodeCamp#1099)
• 071cc04 Update changelog
• c1bcbff Remove dependency on broadway (Bonfire: Drop it - correct solution but wrong answer? freeCodeCamp/freeCodeCamp#1098)
• 3586afe Prepare 3.0.1 for release
• 67cc950 Prepare 3.0.1 for release
• 877d93a Replaced optimist with yargs (Fixes misspelling that caused 'undefined is not function' error freeCodeCamp/freeCodeCamp#1093)
• a36330a Update forever-monitor (Adding </ to the end of the document breaks the testSuite list freeCodeCamp/freeCodeCamp#1081)
• 0c5d32a Update dependencies and test Node 14 (Don't refer to Bootstrap as Twitter Bootstrap freeCodeCamp/freeCodeCamp#1080)
• 9e85c59 Fix argument type of fs.writeFileSync (Make Streak more lenient (due to time zone confusion) freeCodeCamp/freeCodeCamp#1075)
• 58eb131 Add CLI test for starting/stopping from a directory with space (Readme still points to slack in notes section freeCodeCamp/freeCodeCamp#1068)
• 437ca4a Remove unnecessary path-is-absolute dependency ([Convert HTML Entities] Chai test never passes freeCodeCamp/freeCodeCamp#1062)
• 8f739b0 Execute Mocha tests (bug in the img tag freeCodeCamp/freeCodeCamp#1054)
• ceb235c Update changelog

See the full diff

Package name: gulp-less

The new version differs by 5 commits.

• 9d9e96f chore: update deps, publish v5
• ea13d8a Merge pull request Create production branch freeCodeCamp/freeCodeCamp#313 from MisterLuffy/master
• 7ce4b9b feat: support less v4
• 1a9d694 Merge pull request Merge UX-improvements and nonprofit-show into master freeCodeCamp/freeCodeCamp#314 from stamminator/master
• b1a3e18 Update .travis.yml

See the full diff

Package name: ramda

The new version differs by 250 commits.

• 1a5d40b Version 0.27.2
• 4d8e8f0 Merge pull request Same code, to the letter and whitespace fails on waypoint 9 of html freeCodeCamp/freeCodeCamp#3212 from ramda/davidchambers/trim
• 94d0570 Security fix for ReDoS (Streak not showing properly  freeCodeCamp/freeCodeCamp#3177)
• 8ae355e update test string for trim
• 6bb8eea Version 0.27.1
• ed191e6 Merge pull request Typo on this page. freeCodeCamp/freeCodeCamp#2832 from kibertoad/chore/update-dependencies-2
• 20ba763 Update dependencies
• a6620f6 Update Babel to v7 (Cannot find anchor text in cat photos freeCodeCamp/freeCodeCamp#2829)
• 2705518 Execute tests on Node 12 (My code seems to be generating the right output but it's not passing the tests freeCodeCamp/freeCodeCamp#2828)
• c45208e hasPath return false for non-object checks (fixes 'editor.getValue(...).match(...) is null' freeCodeCamp/freeCodeCamp#2825)
• 0baeda1 updated invoker.js documentation (Fixed typo for issue 1979 freeCodeCamp/freeCodeCamp#2821)
• 072d417 Including BR translation. (Changed test for the 'Add id attributes to bootstrap elements'  freeCodeCamp/freeCodeCamp#2621)
• ca1e2b5 add an example which covers error and value (type or copy-paste src element and run code and doesn't show it completed correctly freeCodeCamp/freeCodeCamp#2806)
• 271b044 docs: Add @ since where it is missing (Need more assertion examples freeCodeCamp/freeCodeCamp#2793)
• ac58c96 Update `pathSatisfies` to handles empty `path` arguments (The last test won't pass even though the three li's are closed freeCodeCamp/freeCodeCamp#2791)
• b25ac73 Fix typo in split docs (Clicking the buttons on pop ups too quickly closes the pop up freeCodeCamp/freeCodeCamp#2792)
• 7d55e91 Add R.xor (Exclusive OR) (Update copy for handling failed attempt at linking oauth account freeCodeCamp/freeCodeCamp#2646)
• efd899b feature: adding paths operator - toLowerCase is not a function freeCodeCamp/freeCodeCamp#2740 (Not accepting $(document).ready.. freeCodeCamp/freeCodeCamp#2742)
• 235a370 fix: rename then to andThen (You have to press the "Run Code" button twice to advance freeCodeCamp/freeCodeCamp#2772)
• 8d59032 Fix broken link in readme (submit method freeCodeCamp/freeCodeCamp#2768)
• 38feed2 remove erroneous quotes in tryCatch documentation (I cant keep going freeCodeCamp/freeCodeCamp#2765)
• ce4f936 fix `@ since` in `includes` (Waypoint doesn't accept JQuery selector surrounded by single quotes freeCodeCamp/freeCodeCamp#2764)
• 626762b Reference to Ramda Conventions wiki page (Error on Script tag lesson freeCodeCamp/freeCodeCamp#2718)
• 878cacd Add prebench script (Code is correct but continues to fail  freeCodeCamp/freeCodeCamp#2759)

See the full diff

Package name: sanitize-html

The new version differs by 69 commits.

• b4682c1 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-create-a-text-field has an issue  freeCodeCamp/freeCodeCamp#557 from apostrophecms/release-2.7.1
• b6c4971 release 2.7.1 (with security fix previously tested and approved by Miro)
• 6683aad remove DoS vulnerability
• 7c7ccb4 credit
• 994f962 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-create-a-text-field has an issue  freeCodeCamp/freeCodeCamp#555 from paweljq/fix_protocol_relative_script_tag
• 3c3f075 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-wrap-an-anchor-element-within-a-paragraph has an issue  freeCodeCamp/freeCodeCamp#556 from cha147/patch-1
• 8e3b00f fix typos in readme
• 329dae7 Fix protocol relative url in scripts tags Challenge http://www.freecodecamp.com/challenges/waypoint-add-font-awesome-icons-all-of-our-buttons has an issue  freeCodeCamp/freeCodeCamp#531
• 3cdc262 release 2.7.0 (Challenge http://www.freecodecamp.com/challenges/waypoint-wrap-an-anchor-element-within-a-paragraph has an issue  freeCodeCamp/freeCodeCamp#534)
• 72989f1 Merge pull request css/html waypoints freeCodeCamp/freeCodeCamp#530 from apostrophecms/zade-credit
• 208cdb4 zade credit
• 7338f8b Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-adjust-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#529 from zadeviggers/patch-1
• 1971a57 Update defaults in readme
• 43f28f3 Update changelog
• 5fccedb Allow srcset
• be9c90d Add common image attributes
• 379b55b Bumps version (Challenge http://www.freecodecamp.com/challenges/waypoint-turn-an-image-into-a-link has an issue  freeCodeCamp/freeCodeCamp#523)
• da9767f Fixes important stripping (Challenge http://www.freecodecamp.com/challenges/waypoint-link-to-external-pages-with-anchor-elements has an issue  freeCodeCamp/freeCodeCamp#522)
• d077c9f Merge pull request The #help channel on Slack has become useless freeCodeCamp/freeCodeCamp#521 from alex-rantos/fix-trailing-text
• d905b3b typo on changelog
• 836c5ab add CHANGELOG entry
• c1112fb fix trailing text issue
• d737f39 Bumps version (Challenge http://www.freecodecamp.com/challenges/bonfire-return-largest-numbers-in-arrays has an issue  freeCodeCamp/freeCodeCamp#520)
• e5027ef Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-inform-with-the-paragraph-element has an issue  freeCodeCamp/freeCodeCamp#515 from apostrophecms/revert-505-504-whatwg-url

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (when i return math.random() i get the error: math is not defined  freeCodeCamp/freeCodeCamp#5160)
• eb93d92 fix corner case in `awaits` (D3 Zipline 2: Interactive Scatterplot freeCodeCamp/freeCodeCamp#5158)
• a0250ec fix corner case in `dead_code` (API Basejump 2: Request Header Parser  freeCodeCamp/freeCodeCamp#5154)
• 2580162 parse `let` as symbol names correctly (React Zipline 5: Rogue-like Game freeCodeCamp/freeCodeCamp#5151)
• 32ae994 fix issues in tests flagged by LGTM (Increase Loop Protect Timeout to 1000 freeCodeCamp/freeCodeCamp#5150)
• 03aec89 fix corner cases in `strings` & `templates` (React Zipline 1: Markdown Preview App freeCodeCamp/freeCodeCamp#5147)
• faf0190 document ECMAScript quirks (API Basejump 3: URL shortener freeCodeCamp/freeCodeCamp#5148)
• c8b0f68 fix corner case in `merge_vars` (propose to change image provider freeCodeCamp/freeCodeCamp#5143)
• 87b9916 fix corner case in `inline` (API Basejump 4 - Image search freeCodeCamp/freeCodeCamp#5141)
• 940887f fix corner case in `evaluate` (Bonefire: Error Potential infinite loop freeCodeCamp/freeCodeCamp#5139)
• 0b2573c fix corner case in `templates` (Update babel-core to version 6.3.17 🚀 freeCodeCamp/freeCodeCamp#5137)
• 1575210 avoid potential RegExp denial-of-service (Update history to version 1.16.0 🚀 freeCodeCamp/freeCodeCamp#5135)
• f766bab enhance `templates` (Update webpack-stream to version 3.0.0 🚀 freeCodeCamp/freeCodeCamp#5131)
• 436a293 enhance `dead_code` (Stop making assumptions about names freeCodeCamp/freeCodeCamp#5130)
• 55418fd fix corner case in `rests` (Lost all my completed waypoints & bonfires while switching laptops freeCodeCamp/freeCodeCamp#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (Accept grey-background or gray-background in Waypoint Give a Background Color to a Div freeCodeCamp/freeCodeCamp#5123)
• c3aef23 fix corner case in `reduce_vars` (Skip Button/Go to next step functionality enhancement freeCodeCamp/freeCodeCamp#5121)
• db94d21 fix corner case in `side_effects` (Unable to advance past this point in either Chrome or Firefox freeCodeCamp/freeCodeCamp#5118)
• 9634a9d fix corner cases in `optional_chains` (Fix Bonfire Truncate a String Typo freeCodeCamp/freeCodeCamp#5110)
• befb99b fix corner case in `inline` (Estimate amount pledged to nonprofits and display on map freeCodeCamp/freeCodeCamp#5115)
• 02eb8ba fix corner case in `collapse_vars` (Change Cloud 9 Node.js selection words freeCodeCamp/freeCodeCamp#5113)
• c09f63a fix corner case in `rests` (Created the task, does not work freeCodeCamp/freeCodeCamp#5109)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Directory Traversal

[socket-security]

New dependency changes detected. Learn more about Socket for GitHub ↗︎

---

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

---

📊 Modified Dependency Overview:

⬆️ Updated Package	Version Diff	Added Capability Access	+/- Transitive Count	Publisher
forever@4.0.3	2.0.0...4.0.3	filesystem	+31/-14	kibertoad
moment@2.29.4	2.19.4...2.29.4	None	+0/-0	ichernev
ramda@0.27.2	0.10.0...0.27.2	None	+0/-0	davidchambers
uglify-js@3.14.5	2.6.4...3.14.5	eval	+0/-0	alexlamsl
express@4.17.3	4.16.4...4.17.3	None	+7/-10	dougwilson
passport-github@1.1.0	0.1.5...1.1.0	None	+0/-3	jaredhanson
gulp-less@5.0.0	4.0.1...5.0.0	filesystem	+7/-12	contra
sanitize-html@2.7.3	2.3.3...2.7.3	None	+0/-1	boutell
babel-loader@7.0.0	6.0.0...7.0.0	environment	+12/-0	danez

[github-actions]

Stale pull request message