* Remove reference of node.js-version specific Docker images

* Update REFERENCES.md

Added my talk at BSidesTLV

* Fixed broken label into LABEL_RECYCLE_QUANTITY

* Remove juice reference (#362)
and reformat markdown files

* Change donation/merchandise label for customized apps
(solves #362)

* Add video, code and scan results
(of @Soluto's integration with ZAP and Webdriver/Selenium)

* Add missing exclamation point

* Add more API backend tests
- app config
- password reset

* Remove unused config variable

* Add "Jawa Script T-Shirt" product

* Update test dependencies

* Fall back to Protractor 4

* Migrate first batch of API tests to frisby v2

* Migrate file serving API tests to frisby2

* Add X-XSS-Protection header absence test

* Migrate complaint API tests to frisby2

* Use actually existing Complaint resource

* Move HTTP request logging to top of router chain

* Adapt to frisby2 URI encoding behavior

* Adapt to JSON non-strict expectations
(see vlucas/frisby#365)

* Set `application/json` content header for POST requests

* Migrate recycle API tests to frisby2

* Migrate feedback API tests to frisby2

* Migrate but disable file upload tests for frisby2
(see vlucas/frisby#372)

* Migrate redirect tests to frisby2

* Make test work by preventing URL encoding
(vlucas/frisby@4842632)

* Migrate challenge API tests to frisby2

* Migrate security question tests to frisby2

* Align `describe` contexts
(now consequently use /rest or /api prefix)

* Migrate security answer tests to frisby2

* Migrate basket item tests to frisby2

* Add test for forward-slash error expectation

* Migrate product tests to frisby2

* Migrate user tests to frisby2

* Mark all disabled tests

* Add disabled tests for password reset use cases

* Enable file upload tests
(see vlucas/frisby#374)

* Drop node.js 4.x support due to rejection by Heroku

* Drop node.js 4 support

* Attempt to fix Heroku semver issues
(https://kb.heroku.com/why-is-my-node-js-build-failing-because-of-an-invalid-semver-requirement)

* Specify node engines as range for Heroku
(this lets 5.x and 7.x appear as supported)

* Specify node engines as range for Heroku
(this lets 5.x and 7.x appear as supported)

* Block tampering attempts on password reset form
(and complete tests of API route)

* Use frisby latest 2.x release

* Migrate to Jest as runner for frisby.js tests

* Avoid using Basket id=1 in API tests
(as it might concurrently be checked out)

* Use Basket id=3 in basket item tests

* Add bower_components to modules for Jest

* Specify testPathIgnorePatterns for Jest

* Fix formatting

* Drop node.js 4.x support
(for seemingly being on bad terms with Jest)

* Drop node.js 4.x from CI jobs

* Remove node.js 4.x from compatibility table

* Soften expectation dependency of UNION SQLi and CSRF tests

* Remove unneeded dependencies

* Remove password check during UNION SQLi for Bender

* Fix styleguide violations

* Add back js-yaml dependency
(needed by Heroku)

* Remove illegal comment

* Add back dottie and fix js-yaml version

pull upstream

Pull from upstream