[Snyk] Fix for 1 vulnerabilities

[bobby-lin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 43 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (merge new curriculum, help/pair/bug functionality, jobs page freeCodeCamp/freeCodeCamp#486)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (Challenge http://www.freecodecamp.com/challenges/waypoint-line-up-form-elements-responsively-with-bootstrap has an issue  freeCodeCamp/freeCodeCamp#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request Challenge http://www.freecodecamp.com/challenges/zipline-build-a-pomodoro-clock has an issue  freeCodeCamp/freeCodeCamp#496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (Challenge http://www.freecodecamp.com/challenges/waypoint-link-to-external-pages-with-anchor-elements has an issue  freeCodeCamp/freeCodeCamp#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`
• 402c856 fix lint
• 87e7399 readme++

See the full diff

Package name: eslint

The new version differs by 250 commits.

• 439e8e6 4.7.0
• 2ec62f9 Build: changelog update for 4.7.0
• 787b78b Upgrade: Espree v3.5.1 (fixes there is no response when i click the Run Tests button after completing challenge freeCodeCamp/freeCodeCamp#9153) (Escape Sequences in Strings challenge not accepting escape sequences freeCodeCamp/freeCodeCamp#9314)
• 1488b51 Update: run rules after `node.parent` is already set (fixes Compiler issue freeCodeCamp/freeCodeCamp#9122) (Issue with Passing Values to Functions with Arguments freeCodeCamp/freeCodeCamp#9283)
• 4431d68 Docs: fix wrong config in max-len example. (Clarified instructions for the Challenge Target the same element with… freeCodeCamp/freeCodeCamp#9309)
• 9d1df92 Chore: Revert "avoid handling Rules instances in config-validator" (Challenge Record Collection - ISSUE freeCodeCamp/freeCodeCamp#9295)
• 7d24dde Docs: Fix code snippet to refer to the correct option (Clarified instructions for the Challenge Target the same element with… freeCodeCamp/freeCodeCamp#9313)
• 12388d4 �Chore: rewrite parseListConfig for a small perf gain. (Double #Target5 on left-well freeCodeCamp/freeCodeCamp#9300)
• ce1f084 Update: fix MemberExpression handling in no-extra-parens (fixes Color not changing freeCodeCamp/freeCodeCamp#9156)
• 0c720a3 Update: allow autofixing when using processors (fixes Video challenges are broken in IE 11 freeCodeCamp/freeCodeCamp#7510) (Roman Numeral Converter: Tests results incorrect freeCodeCamp/freeCodeCamp#9090)
• 838df76 Chore: upgrade deps. (Nothing happens and hints disappear when I hit "Run tests" freeCodeCamp/freeCodeCamp#9289)
• f12def6 Update: indent flatTernary option to handle `return` (fixes Add border around my element freeCodeCamp/freeCodeCamp#9285) (Editor - cursor repositioning issue freeCodeCamp/freeCodeCamp#9296)
• e220687 Fix: remove autofix for var undef inits (fixes RunTests does not run properly freeCodeCamp/freeCodeCamp#9231) (Fix/Improve Accessibilty Practices freeCodeCamp/freeCodeCamp#9288)
• 002e199 Docs: fix no-restricted-globals wrong config. (Clarify test description freeCodeCamp/freeCodeCamp#9305)
• fcfe91a Docs: fix wrong config in id-length example. (Get Geolocation Data: jQuery selector with single quote won't pass freeCodeCamp/freeCodeCamp#9303)
• 2731f94 Update: make newline-per-chained-call fixable (Unable to succeed at "Storing Values with the Assignment Operator" freeCodeCamp/freeCodeCamp#9149)
• 61f1093 Chore: avoid monkeypatching Linter instances in RuleTester (Reference error: stringify is not defined in Record Collection freeCodeCamp/freeCodeCamp#9276)
• 28929cb Chore: remove Linter#reset (refs Size Your Image Issue freeCodeCamp/freeCodeCamp#9161) (not reading string on the "Make Instances of Objects with a Constructor Function" freeCodeCamp/freeCodeCamp#9268)
• abc8634 Build: re-run browserify when generating site (ReferenceError: Can't find variable: stringify ? freeCodeCamp/freeCodeCamp#9275)
• 7685fed Fix: IIFE and arrow functions in no-invalid-this (fixes Fix/Loop Protect - Disable //noprotect freeCodeCamp/freeCodeCamp#9126) (Prevent scrolling on initial challenge run freeCodeCamp/freeCodeCamp#9258)
• 7c95d5d Chore: avoid handling Rules instances in config-validator (Correct stringify to JSON.stringify freeCodeCamp/freeCodeCamp#9277)
• 2b1eba2 Chore: enable eslint-plugin/no-deprecated-context-methods (Issue with example link for Buidling a Tribute Page.  freeCodeCamp/freeCodeCamp#9279)
• 981f933 Fix: reuse the AST of source code object in verify (Scroll to bottom of #scroll-locker freeCodeCamp/freeCodeCamp#9256)
• cd698ba Docs: move RuleTester documentation to Node.js API page (Description is not clear freeCodeCamp/freeCodeCamp#9273)

See the full diff

Package name: gulp-eslint

The new version differs by 49 commits.

• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (Fixed bonfire selected tab bug freeCodeCamp/freeCodeCamp#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (After completing a challenge all points from bonefires are removed freeCodeCamp/freeCodeCamp#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option
• 286b0c4 remove unused fixtures
• e2723e1 Remove unnecessary `object-assign` dependency
• 82c1949 3.0.0
• 97d8638 Remove invalid options in example code
• 505779d Remove option aliases
• 7228608 Bump ESLint to v3.x and ES2015ify
• 946e0e9 2.1.0
• a01671e Add v2.1.0 release note
• 87213fd Fix inline config example in README (Accessibility freeCodeCamp/freeCodeCamp#159)
• 4de3d64 Test on the latest/LTS Node
• cb7fd6a Install istanbul-coveralls only on Travis CI

See the full diff

Package name: loopback

The new version differs by 250 commits.

• a3287a5 3.5.0
• 89c9f5b Run the latest Node.js 7 version on Travis again
• 5da8075 Merge pull request Fixes description of jQuery waypoint freeCodeCamp/freeCodeCamp#3261 from strongloop/add/ann-list
• 3a93167 Merge pull request Fix Test 1 wording freeCodeCamp/freeCodeCamp#3262 from strongloop/fix/ci-on-node-7.7.2
• 6467658 Lock down Travis CI Node 7 version to 7.7.1
• 0448184 Merge pull request updated description of waypoint to make it more specific freeCodeCamp/freeCodeCamp#2959 from kobaska/add-multi-tenancy
• 55adb6c README: add a link to our announcements list
• 3f4b5ec Allow custom properties of Change Model
• 011dc1f Merge pull request what does it means with changing it's properties to number? isnt var Car a number already? freeCodeCamp/freeCodeCamp#3253 from phairow/patch-1
• 0969493 Fix User.verify to convert uid to string
• 48bf16b Merge pull request Fixes error "Cannot read property 'length' of null" freeCodeCamp/freeCodeCamp#3245 from strongloop/fix/token-middleware-custom-model
• b5a8564 Merge pull request Chai is not Defined: Make Object Properties Private Exercise  freeCodeCamp/freeCodeCamp#3249 from islamixo/feature-verificationToken
• a22b1e1 Pass options.verificationToken to templateFn
• cf98d37 fix custom token model in token middleware
• 01ce9b5 Merge pull request accepted answer incorrect freeCodeCamp/freeCodeCamp#3247 from strongloop/update-deps
• 5ebc9b6 Merge pull request Is this correct. Either I am not understanding what is being asked of me or there is a problem.  freeCodeCamp/freeCodeCamp#3230 from strongloop/fix/context-passing-for-isOwner
• 8510982 Update runtime dependencies
• ed4f56c Merge pull request HTML5 & CSS #52 - Error with completion of Waypoint: Override Class Declarations with Inline Styles freeCodeCamp/freeCodeCamp#3231 from strongloop/warn-on-misconfigured-accessToken-user
• 79f441b Verify User and AccessToken relations at startup
• f0c9700 Deep-clone model settings in lib/builtin-models
• c45954c Use local registry in test/replication.rest.test
• abf8246 Fix test/access-token.test to use local registry
• 4570626 Fix context passing in OWNER role resolver
• 2570dda 3.4.0

See the full diff

Package name: loopback-connector-mongodb

The new version differs by 167 commits.

• b977cb4 3.4.0
• c5d8549 Merge pull request Tests in Friendly Date Ranges Bonfire  freeCodeCamp/freeCodeCamp#410 from strongloop/mongodb-driver-3.x
• 4b957d3 upgrade to mongodb driver 3.x
• ec7c721 Merge pull request Merge branch 'mobile-news' freeCodeCamp/freeCodeCamp#407 from strongloop/feat/alias-findById
• 0f9b573 Alias find as findById
• 42025d5 3.3.1
• b40d998 Switch to bson.ObjectID (Twitter zipline API endpoints freeCodeCamp/freeCodeCamp#401)
• 669ade3 Merge pull request Notify unauthenticated user when trying in vane to upvote something freeCodeCamp/freeCodeCamp#399 from strongloop/license
• e055da4 chore: update license
• 48bdf8b 3.3.0
• 7176634 Merge pull request Fixed typo on nonprofit detail page freeCodeCamp/freeCodeCamp#393 from strongloop/update-strong-globalize
• 311cd94 update strong-globalize to 3.1.0
• e5b0bb9 Merge branch 'add-stalebot'
• a97ecaa Create Issue and PR Templates (Completing challenge doesn't always add points freeCodeCamp/freeCodeCamp#386)
• 094734d Use stalebot on this repo (ctrl + enter doesn't work on Chromium freeCodeCamp/freeCodeCamp#383)
• 6b8dbff Use stalebot on this repo
• ad8b1d4 Merge pull request Internationalization Library for Spanish freeCodeCamp/freeCodeCamp#382 from strongloop/add-codeowner
• 1df6ee5 Add CODEOWNER file
• 507c0af 3.2.1
• b3d19fa Merge pull request Automated database dumps to s3 freeCodeCamp/freeCodeCamp#381 from strongloop/add-lazyconnect-docs
• 0be8629 Apply feedback
• 5a4ed6f Add docs on lazyConnect flag
• 81fb132 3.2.0
• 466f4b5 Merge pull request Internationalization library for Russian freeCodeCamp/freeCodeCamp#380 from strongloop/feature/fix-write-concern

See the full diff

Package name: method-override

The new version differs by 19 commits.

• 5b83d4f 3.0.0
• 0aef6c8 deps: debug@3.1.0
• ddb4bcc build: supertest@1.2.0
• baed633 build: mocha@3.5.3
• b357d8e Drop support for Node.js below 0.10
• 09582af build: support Node.js 10.x
• 7579004 lint: apply standard 11 style
• 00ca04a build: support Node.js 9.x
• c92384c build: eslint-plugin-promise@3.7.0
• 4947f58 build: eslint-plugin-import@2.11.0
• 6fb651a build: support Node.js 8.x
• 21c08c3 build: Node.js@6.14
• 254b6ef build: Node.js@4.9
• 26ba0ce build: eslint-plugin-node@5.2.1
• 4aef9e5 build: eslint-plugin-import@2.8.0
• 7aced59 docs: remove gratipay badge
• b232f67 build: eslint-plugin-promise@3.6.0
• d96eb1f build: Node.js@6.12
• 78421d2 build: fix Node.js 0.8 npm install

See the full diff

Package name: nodemailer

The new version differs by 121 commits.

• eaef3b5 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-try-camper-news has an issue  freeCodeCamp/freeCodeCamp#719 from nodemailer/v3.0.0
• de5b6f6 updated license
• 652ad8e Do not use PRO in name
• 6218b8d Setup files for EUPL licensed v3.0.0
• a108bc1 bumped mailcomposer
• e1da543 v2.7.1
• 3663c79 updated readme
• 9314fcd Merge branch 'master' of github.com:nodemailer/nodemailer
• 17c7702 v2.7.0
• 5e22dad Merge pull request Update basic-html5-and-css.json freeCodeCamp/freeCodeCamp#685 from vijay22sai/fix-readme-typo
• adb8bd0 Fix a typo in README
• ee795f7 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-clockwise-notation-to-specify-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#676 from sadika9/patch-1
• 9eddf01 Fix typo
• dadeb9f Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-clockwise-notation-to-specify-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#675 from killmenot/patch-1
• 88a5cc2 added a link to nodemailer trap plugin
• 0ca29c4 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-html5-to-require-a-field has an issue  freeCodeCamp/freeCodeCamp#674 from ekryski/patch-1
• f1cb087 Adding mailgun transport link
• 9b55bbe Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-clockwise-notation-to-specify-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#672 from niftylettuce/master
• d9e4e43 Added reference to newly published nodemailer-base64-to-s3
• 06af6d2 updated package.json
• a1d65e1 updated package.json
• 125e3f6 updated package.json
• 35bb998 updated package.json
• 829ccf1 Update README.md

See the full diff

Package name: rev-del

The new version differs by 22 commits.

• de7ddcf 2.0.0
• a53017b Merge pull request [Snyk] Fix for 1 vulnerabilities #20 from jakezatecky/master
• f95803a Merge pull request [Snyk] Security upgrade cheerio from 0.19.0 to 0.20.0 #16 from joostdekeijzer/deleteMapExtensions-issue-10
• c58cf53 Update dependencies
• cf4592b deleteMapExtensions help text
• bb0647a deleteMapExtensions option defaults to false
• 3e6352a Update travis test version
• be9d676 Merge pull request [Snyk] Security upgrade forever from 0.15.3 to 4.0.0 #13 from nickescallon/add-range-dep-for-lodash
• 6cb4e66 Merge pull request [Snyk] Security upgrade forever from 0.15.3 to 4.0.0 #12 from piotr-cz/patch-1
• 6083c07 Merge pull request [Snyk] Fix for 1 vulnerabilities #14 from silverbackdan/master
• 099fc8c Remove statSync from secondary potential map file path
• ce37d62 Coding style whitespace update
• ab3a318 Change existsSync to statSync and coding style update
• 9929902 Conflict resolve
• dae8438 First local to remote commit
• 218f09d .map find fixes
• b9e10b6 Lookup key for file to locate .map
• 9ab2b0c Respect deleteMapExtensions option
• a0a913e .map extension check
• aa4db05 Option for checking and deleting .map extenions
• acea599 increase lodash dependency version range
• bd6105e Fix path resolution on windwos

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

😵‍💫 Bin script confusion

This package has multiple bin scripts with the same name. This can cause non-deterministic behavior when installing or could be a sign of a supply chain attack

Consider removing one of the conflicting packages. Packages should only export bin scripts with their name

Package	Bin script	Source
uuid@7.0.3 (added)	uuid	package.json via loopback@3.28.0, loopback-datasource-juggler@3.36.1

Pull request report summary

Issue	Status
Install scripts	✅ 0 issues
Native code	✅ 0 issues
Bin script confusion	⚠️ 1 issue
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore uuid@7.0.3

Powered by socket.dev