[Snyk] Fix for 41 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	599/1000 Why? Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	No Known Exploit
	434/1000 Why? Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	SQL Injection SNYK-JS-LOOPBACKCONNECTORMONGODB-73555	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	816/1000 Why? Mature exploit, Has a fix available, CVSS 8.6	Uninitialized Memory Exposure npm:base64-url:20180512	No	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	292/1000 Why? Proof of Concept exploit, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:moment:20160126	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	569/1000 Why? Has a fix available, CVSS 7.1	Cross-site Scripting (XSS) npm:react:20150318	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
	656/1000 Why? Mature exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:sanitize-html:20161026	No	Mature
	479/1000 Why? Has a fix available, CVSS 5.3	Root Path Disclosure npm:send:20151103	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No	No Known Exploit
	429/1000 Why? Has a fix available, CVSS 4.3	Cross-site Scripting (XSS) npm:validator:20150313	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Buffer Overflow npm:validator:20160218	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: accepts

The new version differs by 23 commits.

• 3e925b1 1.3.3
• f774c03 build: istanbul@0.4.3
• 1528824 build: support Node.js 6.x
• 303ecbc build: Node.js@5.11
• 0d67beb deps: negotiator@0.6.1
• 1610730 deps: mime-types@~2.1.11
• c293785 build: Node.js@5.8
• ff7f9d1 build: Node.js@4.4
• abc38f7 1.3.2
• e43a803 build: Node.js@5.6
• 96d9c1a build: Node.js@4.3
• e2ac1b0 deps: mime-types@~2.1.10
• 6551051 1.3.1
• 6b70ddb deps: mime-types@~2.1.9
• 4d848aa build: istanbul@0.4.2
• 112cf25 build: support Node.js 5.x
• 8e5be6f build: Node.js@4.2
• f4a54df 1.3.0
• add6215 deps: negotiator@0.6.0
• 4bcfcb5 build: istanbul@0.3.21
• 0fc2f33 build: support Node.js 4.x
• 7bcfaba deps: mime-types@~2.1.7
• e8892b5 build: istanbul@0.3.20

See the full diff

Package name: cheerio

The new version differs by 106 commits.

• c3ec1cd Release 0.20.0
• ef848ca Add coveralls badge, remove link to old report
• dbcbe90 Merge pull request Bootstrap css link is not on the tutorial description freeCodeCamp/freeCodeCamp#808 from leifhanack/lodash4
• c04ead1 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-scope-your-variables has an issue  freeCodeCamp/freeCodeCamp#668 from rwaldin/prop-method
• b5531bb Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-clockwise-notation-to-specify-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#671 from twolfson/dev/fallback.select.content.sqwished
• 9d98bd7 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-add-borders-around-your-elements has an issue  freeCodeCamp/freeCodeCamp#704 from Rycochet/master
• 1b9c5c9 Merge pull request Basic Javascript waypoints translated into ES [WIP] freeCodeCamp/freeCodeCamp#797 from Delgan/641-appendTo_prependTo
• b12cbe8 Update lodash dependeny to 4.1.0
• 8c9b2e0 Merge pull request Blacklist usernames freeCodeCamp/freeCodeCamp#796 from Delgan/fix_780
• b09db31 Fix PR fixed bug where the 'next challenge' button in tablet view couldn't… freeCodeCamp/freeCodeCamp#726 adding 'appendTo()' and 'prependTo()'
• ce8829d Added appendTo and prependTo with tests Fix to issue #633 and a hand full of the other issues related to the challenge freeCodeCamp/freeCodeCamp#641
• 4779762 Fix Set font-family: "Monospace" renders as serif freeCodeCamp/freeCodeCamp#780 by changing options context in '.find()'
• 8dc1cc9 Add an unit test checking the query of child
• b27bed6 fix Minor typo: Challenge http://www.freecodecamp.com/challenges/waypoint-responsively-style-a-radio-buttons has an issue  freeCodeCamp/freeCodeCamp#667: attr({foo: null}) removes attribute foo, like attr('foo', null)
• 70c5608 Include reference to dedicated "Loading" section
• fa70a84 Added load method to $
• 4e8483a update css-select to 1.2.0
• 5f2777a Merge pull request Example app freeCodeCamp/freeCodeCamp#732 from jugglinmike/reinstate-toarray
• 106e42a Merge pull request Challenge isn't checking where code is added freeCodeCamp/freeCodeCamp#776 from dYale/master
• 97149d3 Fixing Grammatical Error
• a1367ee Merge pull request class not working freeCodeCamp/freeCodeCamp#739 from TrySound/npm-files
• 6c73b7a Merge pull request Challenge doesn't accept CSS shorthand freeCodeCamp/freeCodeCamp#773 from JaKXz/patch-1
• 48bb22d Test against node v0.12 --> v4.2
• ec2414d Correct output in example

See the full diff

Package name: compression

The new version differs by 162 commits.

• 93586e7 1.7.1
• bd3fa8a deps: bytes@3.0.0
• e1ce980 deps: vary@~1.1.2
• d0f7eab deps: debug@2.6.9
• 931c346 build: Node.js@8.4
• 8c8e36a deps: compressible@~2.0.11
• 8a5e773 deps: accepts@~1.3.4
• 7b4a7e2 build: eslint-plugin-node@5.1.1
• de30e3a build: mocha@2.5.3
• 8c3f7ea 1.7.0
• c27dc0f build: support Node.js 8.x
• d886306 build: eslint-config-standard@10.2.1
• 598d876 Use safe-buffer for improved Buffer API
• 47fca12 build: eslint-plugin-markdown@1.0.0-beta.6
• 3c78e39 build: Node.js@6.11
• 6c4c539 deps: debug@2.6.8
• 6d2de08 deps: compressible@~2.0.10
• ac13bc4 deps: bytes@2.5.0
• 527907c deps: debug@2.6.4
• 6488fc2 build: Node.js@7.10
• 55532e1 build: Node.js@6.10
• 0e4ad01 build: Node.js@4.8
• be58132 deps: compressible@~2.0.10
• 4d5238e deps: vary@~1.1.1

See the full diff

Package name: connect-mongo

The new version differs by 217 commits.

• 63ca966 docs: update readme and bump version to 3.0.0
• aceb1ee chore: bump version to 3.0.0-rc.2
• 0e4a234 test: add test cases on event listener
• e77a7f1 test: replace mocha with jest (Seed data bug in ux-improvements for start-a-node.js-server challenge freeCodeCamp/freeCodeCamp#324)
• ad39e88 test: replace deprecated collection.insert to collection.insertOne
• 545c06e docs: update README on testing
• 2d5442e chore: upgrade depns mocha
• 5d3a321 chore: upgrade nyc depns
• 54cd91d chore: upgrade depns
• afb7a12 docs: remove some badges
• 6c2484b docs: update README for supporting version
• c925c92 test: fix test case
• 6827330 chore: bump version to 3.0.0-rc.1
• f62692b ci: update .npmignore
• aa2637d ci: remove node 6 support and add linting in travis
• 801291b fix linting error
• f928547 travis add test on Node 12
• 12275f0 better linting
• eb23b1e linting fix
• 66194c7 bump major version to 3.0.0-rc
• f29084f Wait for client open, before calling db. (Username LMWBXR can only log after resetting password freeCodeCamp/freeCodeCamp#321)
• d252bfc Install Stale bot
• 15d91c1 Transparent crypto support (Merge UX-improvements and nonprofit-show into master freeCodeCamp/freeCodeCamp#314)
• 08ccada Update readme refer to latest release to avoid confusion

See the full diff

Package name: debug

The new version differs by 165 commits.

• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (Challenge http://www.freecodecamp.com/challenges/waypoint-line-up-form-elements-responsively-with-bootstrap has an issue  freeCodeCamp/freeCodeCamp#504)
• 52e1f21 Release 2.6.8
• 2482e08 Check for undefined on browser globals (Github => GitHub freeCodeCamp/freeCodeCamp#462)
• 6bb07f7 release 2.6.7
• 15850cb Fix Regular Expression Denial of Service (ReDoS)
• 4a6c85c update "debug" to v1.0.0 (Can freeCodeCamp/freeCodeCamp#454)
• b68dbf8 Fix typo (SaveToPocket Chrome Extension breaks Bonfires freeCodeCamp/freeCodeCamp#455)
• 1351d2f Inline extend function in node implementation (Possible bug in Express waypoint freeCodeCamp/freeCodeCamp#452)
• c211947 update version for component
• 14df14c release 2.6.5
• cae07b7 cleanup browser tests and fix null reference check on window.documentElement.style.WebkitAppearance (Staging freeCodeCamp/freeCodeCamp#447)
• f311b10 release 2.6.4
• 1f01b70 Fix bug that would occure if process.env.DEBUG is a non-string value. (Add step to basejump setups for SSH key freeCodeCamp/freeCodeCamp#444)
• 2f3ebf4 Update CHANGELOG.md
• f5ae332 Update CHANGELOG.md
• 9742c5f chore(): ignore bower.json in npm installations. (Maintaining Streak freeCodeCamp/freeCodeCamp#437)
• 27d93a3 update "debug" to v0.7.3
• 9dc30f8 release 2.6.3
• 0fb8ea4 LocalStorage returns undefined for any key not present (Clarification needed for Search and Replace (21) Bonfire freeCodeCamp/freeCodeCamp#431)
• ce4d93e changelog fix
• 017a9d6 release 2.6.2
• 23bc780 fix DEBUG_MAX_ARRAY_LENGTH
• 065cbfb Add backers and sponsors from Open Collective (Edit feature on Camper News  freeCodeCamp/freeCodeCamp#422)

See the full diff

Package name: errorhandler

The new version differs by 37 commits.

• c41e9aa 1.4.3
• ffce329 build: istanbul@0.4.2
• 90a8777 build: Node.js@4.2
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: istanbul@0.4.1
• fdeb13c build: mocha@2.3.4
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: istanbul@0.3.19
• 5ee62b7 deps: escape-html@1.0.3
• 1e89ae7 build: istanbul@0.3.18
• ef1e8f1 build: supertest@1.1.0
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: io.js@2.5
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: express

The new version differs by 250 commits.

• f974d22 4.16.0
• 8d4ceb6 docs: add more information to installation
• c0136d8 Add express.json and express.urlencoded to parse bodies
• 86f5df0 deps: serve-static@1.13.0
• 4196458 deps: send@0.16.0
• ddeb713 tests: add maxAge option tests for res.sendFile
• 7154014 Add "escape json" setting for res.json and res.jsonp
• 628438d deps: update example dependencies
• a24fd0c Add options to res.download
• 95fb5cc perf: remove dead .charset set in res.jsonp
• 44591fe deps: vary@~1.1.2
• 2df1ad2 Improve error messages when non-function provided as middleware
• 12c3712 Use safe-buffer for improved Buffer API
• fa272ed docs: fix typo in jsdoc comment
• d9d09b8 perf: re-use options object when generating ETags
• 02a9d5f deps: proxy-addr@~2.0.2
• c2f4fb5 deps: finalhandler@1.1.0
• 673d51f deps: utils-merge@1.0.1
• 5cc761c deps: parseurl@~1.3.2
• ad7d96d deps: qs@6.5.1
• e62bb8b deps: etag@~1.8.1
• 70589c3 deps: content-type@~1.0.4
• 9a99c15 deps: accepts@~1.3.4
• 550043c deps: setprototypeof@1.1.0

See the full diff

Package name: express-session

The new version differs by 250 commits.

• 89fd715 1.15.6
• d4344fb build: express@4.15.5
• 6cf886d deps: debug@2.6.9
• d190faa deps: utils-merge@1.0.1
• f24d228 lint: run eslint against README
• 44ee046 docs: remove trailing newline in README
• 68e210d deps: parseurl@~1.3.2
• 8b4f668 lint: add editorconfig and eslint to enforce
• 917b03d docs: add memorystore to the list of session stores
• 65781dd build: Node.js@8.4
• 71c9d7c build: express@4.15.4
• 11b3e97 deps: uid-safe@~2.1.5
• 0e97d6f docs: fix formatting in history
• d63a3e9 1.15.5
• c226301 Fix TypeError when req.url is an empty string
• 62c4d15 tests: add test for mounted middleware
• 8518200 tests: move the cookie path tests
• 2b08370 docs: improve code readability
• 310d288 deps: depd@~1.1.1
• fc60bb6 build: Node.js@8.2
• 521e6bd tests: add leak checking for variables and handles
• 7b26d57 1.15.4
• fc9d474 build: Node.js@8.1
• d367b33 build: Node.js@6.11

See the full diff

Package name: express-state

The new version differs by 3 commits.

• 727262e chore: update HISTORY
• f5cea3a chore: update serialize-javascript to 3.x ([Snyk] Fix for 1 vulnerabilities #41)
• e62069f Add isJSON docs to README

See the full diff

Package name: express-validator

The new version differs by 144 commits.

• 69a4ce7 Update changelog.
• 54156e1 Upgrade to 2.20.4 to update validator to v5
• e9911ba Merge pull request Update bonfire name url freeCodeCamp/freeCodeCamp#231 from ctavan/extend_validator_to_coerce_strings
• 4fe80ec Update node-validator to v5 and restore automatic string coercion.
• bfd9502 Update changelog.
• 0fafa68 Upgrade to 2.20.3
• 3ab8150 Merge pull request unblock the cdn paths that firefox over-vigilantly blocked freeCodeCamp/freeCodeCamp#221 from ctavan/fix_bluebird_reflect
• 7884efc Convert promises to Bluebird promises in order to use reflect(). Should fix fix bug in server side checking for username, closes #219 freeCodeCamp/freeCodeCamp#220
• 659978a Update changelog
• a4a603b Upgrade to 2.20.2
• 73bcf5c Merge pull request Fix no user comment display freeCodeCamp/freeCodeCamp#217 from AuspeXeu/badge
• 57c309e Merge pull request Fix no user comment display freeCodeCamp/freeCodeCamp#215 from AuspeXeu/master
• 49803b9 Added comment to reference the fix
• 41add1b Added badge reflecting the dependency status
• 5c9e08c Upgraded bluebird
• 69d5cc6 Add npm version badge
• a5262c7 Upgrade changelog.
• 0f4d5f6 Upgrade to 2.20.1
• 0241908 Downgrade validator. An upgrade will require a major version bump since it doesn't automatically coerce non-strings to strings anymore: https://github.com/Migrate to ES6 validatorjs/validator.js#496
• e57acd2 Upgrade to 2.20.0
• 9073b5e Upgrade github-changes, lodash, and validator; update CHANGELOG.
• dca9911 Apply README fixes from 9b74fb4ffd4edce7268b9d1e9303829cdb8ae14e
• 4cc5ef8 Merge pull request Comment overflow in News fix freeCodeCamp/freeCodeCamp#208 from JaniszM/master
• 0385e61 Merge remote-tracking branch 'express-validator/master'

See the full diff

Package name: gulp-less

The new version differs by 2 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support less@3.0.0 - closes Bonfire Challenges freeCodeCamp/freeCodeCamp#269

See the full diff

Package name: helmet

The new version differs by 172 commits.

• c2d0810 3.8.2
• 3da2f55 Update changelog for 3.8.2 release
• 35e7d97 Update connect to 3.6.5
• 5587ecc 3.8.1
• 3b95345 Prepare for 3.8.1 release
• 3ca8991 3.8.0
• 33fff29 Update to hsts@2.1.0
• 146594f 3.7.0
• 39b7f11 Update changelog for 3.7.0 release
• d46443a Update helmet-csp to 2.5.0
• fb407df Update security reporting instructions
• f6270e3 Minor: fix typo in test description
• 0624fea Update changelog for incorrect usage change
• 35a247f Update error message when doing `app.use(helmet)`
• 4ecf148 Add a test when called directly
• e213d87 warn if a helmet constructor is used directly as handler
• 7255042 Travis: test on Node 8
• d09b414 Add some useless Markdown files to npmignore
• d5dce64 Minor: move default middleware definition into index.js
• 267ac75 Use `--fix` flag with Standard to auto-fix errors
• 64e815b Minor: clean up main function for clarity
• f034913 Update Sinon and Standard
• 60db9c5 3.6.1
• 621ff8f Update changelog for 3.6.1 release

See the full diff

Package name: loopback-connector-mongodb

The new version differs by 112 commits.

• bdad30a 3.6.0
• 0f46f71 Merge pull request Can freeCodeCamp/freeCodeCamp#454 from strongloop/docs
• a2985e0 docs: update with security consideration section
• 4df3c63 Merge pull request Possible bug in Express waypoint freeCodeCamp/freeCodeCamp#452 from strongloop/sanitize
• ee24cd0 fix: sanitize query by default
• 99bca4b Merge pull request Unable to start app on local machine. freeCodeCamp/freeCodeCamp#450 from gendigbadig/master
• 2d2999e Merge pull request Maintaining Streak freeCodeCamp/freeCodeCamp#437 from HugoPoi/feature/settings-disable-default-sort
• 21618d8 change `count` to `countDocuments`
• dbccb86 add `useNewUrlParser` on validOptionNames
• 94e47e3 Dedicated Model for testing disableDefaultSort
• fe6ae0e Add disableDefaultSort in README
• b70fd28 Add settings disableDefaultSort for find method
• b79e263 3.5.0
• 43a0138 Merge pull request Bonfire improvements freeCodeCamp/freeCodeCamp#441 from strongloop/drop-node
• 3773a16 chore: drop node 4 and update deps
• 60aaecc Merge pull request Waypoints 38 & 39 404 Error freeCodeCamp/freeCodeCamp#443 from candytangnb/webfm-0629-000207-cs,pl,ru-translation
• 8e952a6 [WebFM] cs/pl/ru translation
• 205a3a3 3.4.4
• db63a31 Fields projection fix (Staging freeCodeCamp/freeCodeCamp#436)
• 3116da3 3.4.3
• ef92b90 Merge pull request add campwide meeting and fix user show points freeCodeCamp/freeCodeCamp#419 from strongloop/update-bson
• c4bf8d2 update bson version
• 47de5b1 3.4.2
• 780497d Merge pull request There should be consistent styling for Field Guide pages freeCodeCamp/freeCodeCamp#425 from strongloop/testci

See the full diff

Package name: mongodb

The new version differs by 250 commits.

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (Wrong Map Visualization freeCodeCamp/freeCodeCamp#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• ffbe90b chore(travis): run sharded tests in travis as well
• 9bef6e7 feat(core): update to mongodb-core v3.1.11
• e4bb39e chore(release): 3.1.11
• 76c0130 chore(core): bump version of mongodb-core
• a3adb3f fix(bulk): fix error propagation in empty bulk.execute
• ec0e30e doc(change-streams): correct typo, add missing example
• 10ea992 chore(package): update lock file
• fcb3ec1 test(sharded): reduce some sharded errors
• d4eae97 test(sessions): undo hack for apm events in sessions tests
• 0eaca21 test(sessions): fixing broken session test
• 6790a74 test(sharding): fixing old sharding tests
• 98f0c68 test(sharded): fixing sharded operation test
• c6a9baa test(sessions): fixing session tests in sharded env
• 985f0e9 test(drop): fixing drop assertions for sharded tests

See the full diff

Package name: morgan

The new version differs by 149 commits.

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• 73cb666 build: eslint@4.19.1
• edc95aa build: Node.js@6.14
• ace86c3 build: Node.js@4.9
• 4dd1180 lint: apply standard 11 style
• 60c31e8 build: Node.js@9.8
• 05e382f build: Node.js@8.10
• 1a5be20 build: Node.js@6.13
• cf9565f docs: remove gratipay badge
• b66251d build: eslint-plugin-node@5.2.0
• 0113732 build: eslint-plugin-import@2.8.0
• 47659a9 deps: depd@~1.1.2
• 695f659 build: support Node.js 9.x
• f4c51e9 build: Node.js@8.9
• 4f15f36 build: Node.js@6.12

See the full diff

Package name: request

The new version differs by 250 commits.

• 0ab5c36 2.82.0
• ffdf0d3 Updating deps.
• 4386836 Merge branch 'master' of github.com:request/request
• 1527407 Merge pull request Wiki request - How to get the MEAN stack running locally on OSX freeCodeCamp/freeCodeCamp#2703 from ryysud/add-nodejs-v8-to-travis
• 3afcbf8 Merge branch 'master' of github.com:request/request
• 479143d Update of hawk and qs to latest version (Disk limit quickly reached on c9 freeCodeCamp/freeCodeCamp#2751)
• 169be11 Add Node.js v8 to Travis CI
• 643c43a Fixed some text in README.md (Dont work this bonfire freeCodeCamp/freeCodeCamp#2658)
• e8fca51 chore(package): update aws-sign2 to version 0.7.0 (My code shakes odd numbers as well freeCodeCamp/freeCodeCamp#2635)
• e999203 Update README to simplify & update convenience methods (Unclear directions freeCodeCamp/freeCodeCamp#2641)
• 6f286c8 lint fix, PR from pre-standard was merged with passing tests
• a765593 Add convenience method for HTTP OPTIONS (Waypoint: Label Bootstrap Buttons freeCodeCamp/freeCodeCamp#2541)
• 52d6945 Add promise support section to README (Checkboxes have wrong info freeCodeCamp/freeCodeCamp#2605)
• b12a624 refactor(lint): replace eslint with standard (Check all children instead of just one in 'Target Children with jQuery' freeCodeCamp/freeCodeCamp#2579)
• 29a0b17 Merge pull request Added link about Roman Numeral to MDNLinks section. freeCodeCamp/freeCodeCamp#2598 from request/greenkeeper-codecov-2.0.2
• e7b4a88 Merge pull request Potentially faulty test case freeCodeCamp/freeCodeCamp#2590 from nicjansma/timings-tests
• dd5c02c Updated comment
• 087de94 Merge pull request Create indicator where learner/student is in the Map freeCodeCamp/freeCodeCamp#2589 from odykyi/fix-tabulation
• 3d5e50d Merge pull request Typo. PR closes #2592 freeCodeCamp/freeCodeCamp#2594 from ahmadnassri/patch-1
• 0951f47 chore(package): update codecov to version 2.0.2
• baf9c1f chore(dependencies): har-validator -> 5.0.2
• 21b1112 chore(dependencies): har-validator -> 5.0.1
• 51806f8 chore(dependencies): har-validator to 5.x [removes babel dep]
• c57fb72 2.81.1

See the full diff

Package name: sanitize-html

The new version differs by 250 commits.

• ca28bcd Merge pull request add campwide meeting and fix user show points freeCodeCamp/freeCodeCamp#419 from apostrophecms/v2
• 432e994 migrates srcset update
• 6f79315 Fixes merge conflicts
• deed33b Updates version number and catches changelog up for 2.0.0 (Viewing a user profile shows your points, not theirs. freeCodeCamp/freeCodeCamp#418)
• 3c7f93f Updates eslint config and fixes warnings (Fix typo and add tests for bonfire Arguments Optional freeCodeCamp/freeCodeCamp#416)
• 90588d9 Merge pull request News mailer fix freeCodeCamp/freeCodeCamp#413 from TrySound/upgrade-postcss
• 78bda11 Capitalize Node
• 483888d Merge pull request Fix CDN and asset pipeline and other minor improvements freeCodeCamp/freeCodeCamp#414 from apostrophecms/nesting-limit
• 9301cc8 clearer language?
• 5d15534 Merge pull request Zipline 2 Twitter Button Link freeCodeCamp/freeCodeCamp#415 from apostrophecms/2/import-readme
• 14d0b52 Updates README import language
• af58449 Merge pull request Field Guide #2 redirects to #21 freeCodeCamp/freeCodeCamp#412 from SiddAjmera/patch-1
• 22bb2a8 nestingLimit option
• 66a1c87 Upgrade postcss
• 3d267e6 Update README.md
• e978b5f Merge pull request Successive bonfires don't get marked as completed if I skip previous ones. freeCodeCamp/freeCodeCamp#411 from TrySound/upgrade-is-plain-object
• fd18161 Upgrade changelog
• 5f62d16 Upgrade is-plain-object
• 51fdefb Merge pull request Mobile Camper News doesn't show headline freeCodeCamp/freeCodeCamp#409 from apostrophecms/use-existing-has-function
• 5dbc0ab changelog and package.json
• d5abe66 use existing has function, less code
• 056481f 2.0.0 rc.1 version and changelog update (Merge branch 'mobile-news' freeCodeCamp/freeCodeCamp#407)
• 4550160 Merge pull request Mobile news freeCodeCamp/freeCodeCamp#402 from TrySound/upgrade-klona
• 343190e Replaces another usage of includes (Twitter share button has no functionality after completing Bonfire exercise freeCodeCamp/freeCodeCamp#404)

See the full diff

Package name: uglify-js

The new version differs by 65 commits.

• d895c09 v2.6.0
• 08623aa Fix output for "use asm" code from SpiderMonkey AST
• c898a26 Build label def/refs info when figuring out scope
• 619adb0 Replace util.error with console.log
• 7691beb Rework has_directive
• 3c43467 Merge pull request Edit text issue freeCodeCamp/freeCodeCamp#854 from kzc/moz-regexp-2
• 18d37ac Fix parsing invalid input
• 63d35f8 Prevent ReDoS by not using a regexp to verify floating point numbers
• 7dbe961 simplify mozilla AST RegExpLiteral token parse and handle corner cases of regex.pattern better
• 94c4daa Have mozilla AST RegExpLiteral parser use regex.pattern and regex.flags rather than non-standard `raw` property.
• 37ee9de rename To_Moz_Literal to To_Moz_RegExp
• 83db98a Fixed RegExp literal in mozilla AST generation/output and added a --dump-spidermonkey-ast flag
• bd0ae65 `return undefined` optimization no longer uses `return_void_0` option
• 841a661 more tests for `return undefined` optimization
• 7491d07 optimize `return undefined` and `return void 0`
• 335e349 Allow specification beautify options in tests
• 2a88d07 Stop building for io.js
• a887cde fixes Bonfire: Mutations: ['Mary', 'Maary'] freeCodeCamp/freeCodeCamp#845: \v escaping should be restricted to "screw_ie8" mode
• b5623b1 Fix Customize Google Calendar freeCodeCamp/freeCodeCamp#836
• 6b2861e Make_string was missing \v and wasnt reversing vertical tabs even though read_escaped_char coverts them
• d5138f7 add `--pure-funcs` option
• eac67b2 upgrade yargs 3.5.4 -> 3.10.0
• ce10072 Merge pull request The assertion will return actual code output + the normal output , explanation below, hope it helps freeCodeCamp/freeCodeCamp#829 from kzc/html_comment_ops
• dff54a6 Fix other operator output related to <!-- or -->

See the full diff

Package name: validator

The new version differs by 250 commits.

• 76a0561 5.0.0
• 34779dc Update the README and changelog
• 396f2be Merge pull request Challenge http://www.freecodecamp.com/challenges/zipline-build-a-pomodoro-clock has an issue  freeCodeCamp/freeCodeCamp#496 from forabi/modules
• a33b64b Fix README.md
• be9fb9c Rebase on 4.9.0
• bf16624 Fix ESLint config
• b1ff8bc Remove old ESLint config file
• af94fb7 Upgrade to ESLint 2, remove unnecessary deps
• f919358 Prefer template strings
• b96a953 Update the changelog
• e2ccc9f Merge pull request Challenge http://www.freecodecamp.com/challenges/zipline-build-a-pomodoro-clock has an issue  freeCodeCamp/freeCodeCamp#503 from chriso/chriso/faster-base64-validation
• ebcca98 Condense the if blocks
• 1bd5b1f Check padding in the last block
• 38a5271 Don't use regex to validate base64
• f9c0cfb Add some more test vectors
• 4e06dc6 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-mobile-responsive-images has an issue  freeCodeCamp/freeCodeCamp#501 from Dadidam/master
• 6204821 Merge pull request [Snyk] Upgrade sanitize-html from 1.6.1 to 1.27.4 #2 from chriso/master
• 438d8da Update the README, re Challenge http://www.freecodecamp.com/challenges/drop-it-like-its-hot has an issue  freeCodeCamp/freeCodeCamp#499
• 8682441 4.9.0
• d36a29d Update the changelog and min version
• 1db186a Remove the restriction on adjacent hyphens in hostnames
• 20c8bdf Update the changelog and min version
• 1ae83ef Merge pull request Challenge http://www.freecodecamp.com/challenges/drop-it-like-its-hot has an issue  freeCodeCamp/freeCodeCamp#499 from Dadidam/master
• ebc7497 Merge pull request [Snyk] Upgrade react-bootstrap from 0.23.7 to 0.33.1 #1 from Dadidam/Dadidam-patch-ru-locale

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request alert showing h2 should be blue though it's already blue in style attribute freeCodeCamp/freeCodeCamp#3988 from malstoun/bug/2664
• 260e413 Merge pull request fix typo and add comma freeCodeCamp/freeCodeCamp#3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request Allude to 'this' keyword as suggested by @ParkinT freeCodeCamp/freeCodeCamp#3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request red text freeCodeCamp/freeCodeCamp#3977 from malstoun/bug/2664
• fc1a43b Merge pull request Users Should Be Alerted That Only Chrome is Supported freeCodeCamp/freeCodeCamp#3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request Fix Waypoint Get JSON Tests and Typo freeCodeCamp/freeCodeCamp#3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request Fix Waypoint Count Backwards Seed Code freeCodeCamp/freeCodeCamp#3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request Fix Get JSON challenge text & quote specificity  freeCodeCamp/freeCodeCamp#3969 from webpack/bugfix/issue-3964

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic