[Snyk] Fix for 1 vulnerabilities

[simha95]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 43 commits.

• 0f20099 5.0.0
• 278579f Update README.md
• 11c2f03 Merge pull request Add MDN links to Bonfires freeCodeCamp/freeCodeCamp#255 from deepsweet/npm-ignore
• 3b5f8f4 include only `index.js` in npm package
• c0f1110 delete `.npmignore`
• f399c89 Merge pull request Standardize "steps", "details", "description" across modesl freeCodeCamp/freeCodeCamp#250 from danez/patch-1
• c71392e adjust test to also cover issue unable to login freeCodeCamp/freeCodeCamp#239
• 413b80e 5.0.0-beta10
• 7a038d5 Merge pull request symmetric-difference - inconsistent instructions freeCodeCamp/freeCodeCamp#246 from babel/escope-patterns
• c80a386 fixup tests
• 36f6638 fix typo
• bd4eee9 check using `__esModule`
• b26bc58 Prevent escope referencer from traversing into param pattern type annotations
• 0d30882 5.0.0-beta9
• 71fadf0 Merge pull request Ux improvements freeCodeCamp/freeCodeCamp#244 from christophehurpeau/patch-1
• d8ac8f9 fix Change decay rate of hot stories to 48 hours freeCodeCamp/freeCodeCamp#243
• 3dcb32c 5.0.0-beta8
• ac4d3f0 Add a test for use strict and directive ast change
• 937eceb 5.0.0-beta7
• 880dc03 Merge pull request Add code execute button freeCodeCamp/freeCodeCamp#241 from jmm/rule-strict
• 80f7a48 temporarily remove test
• 04838a2 Add tests for `strict` rule.
• 4a3a35d Merge pull request bonfire more info button arrow needs to change freeCodeCamp/freeCodeCamp#232 from vaibhavmule/patch-1
• 0cf92d3 update Licenses date

See the full diff

Package name: babel-loader

The new version differs by 13 commits.

• 321852e Merge branch 'release/6.0.0'
• e7565ee Add @ malyw 's guide to upgrade babel
• 862b7b1 Update travis badge url
• ff3bc7a Update dependencies.
• fc2bfe4 Merge branch 'shinnn-travis-ci' into develop
• a6f3fc0 Change options to query. Increase timeout interval
• 94d6308 Merge remote-tracking branch 'werk85/master' into develop
• f4e40c5 README updated
• 0823f6a Upgraded to Babel 6
• bb110a8 set up Travis CI
• f84ef50 Merge branch 'develop' of github.com:babel/babel-loader into develop
• 719eb70 Merge branch 'hotfix/5.3.1' into develop
• 6b33020 Merge branch 'release/5.3.0' into develop

See the full diff

Package name: csso

The new version differs by 106 commits.

• d150161 3.0.0
• 826a2bf use last stable csstree – 1.0.0-alpha17
• 7ef0e93 fix a test
• ddf4757 no global flag
• 0923082 some tweaks
• 3342dff update api, complete source map section, formatting
• 36cdae4 drop bin reference
• f381f09 change module's layout
• a67d1e9 hide all csstree methods behind syntax property and update tests
• 9dbdfc8 move API doc down
• 44fc320 add source-map as dev-dependency since requires for tests
• 7b8632a move cli to standalone package (css/csso-cli)
• ab28815 update years
• 22ea50f lint tests with jscs
• f301dcb Minor typos (new Pair Code feature PR to ux-improvements instead of master freeCodeCamp/freeCodeCamp#322)
• 58986b7 Space -> WhiteSpace
• f217458 fix broken tests
• 0af7c31 Hash -> HexColor
• 773c377 fix space and universal removal
• 6aa9e69 align to last changes in css-tree
• a42433c don't merge loc's (source maps doesn't support it anyway)
• 6920da5 align to latest changes in csstree
• 717ba5b align to latest csstree changes
• 6638b6e use csstree version from master

See the full diff

Package name: eslint

The new version differs by 250 commits.

• b7d79b1 7.3.0
• bf98627 Build: changelog update for 7.3.0
• 638a6d6 Update: add missing `additionalProperties: false` to some rules' schema (Remove code tags from challenge seed freeCodeCamp/freeCodeCamp#13198)
• 949a5cd Update: fix operator-linebreak overrides schema (Fix typo in enhanced-object-literals--functions challenge freeCodeCamp/freeCodeCamp#13199)
• 9e1414e New: Add no-promise-executor-return rule (fixes Exact Change  freeCodeCamp/freeCodeCamp#12640) (Size your Image freeCodeCamp/freeCodeCamp#12648)
• 09cc0a2 Update: max-lines reporting loc improvement (refs Allow bracket notation and search for dot notation freeCodeCamp/freeCodeCamp#12334) (Dead Link not being picked up... <a #="http://www.freecatphotoapp.com">cat photos</a>.</p> freeCodeCamp/freeCodeCamp#13318)
• ee2fc2e Update: object-property-newline end location (refs Allow bracket notation and search for dot notation freeCodeCamp/freeCodeCamp#12334) (Update loopback to version 3.3.0 🚀 freeCodeCamp/freeCodeCamp#13399)
• d98152a Update: added empty error array check for false negative (Chore(package): Remove gitter-sidecar due to vulnerability freeCodeCamp/freeCodeCamp#13200)
• 7fb45cf Fix: clone config before validating (fixes Cant able to Sign in C9.io.com for Node.js Tutourial  freeCodeCamp/freeCodeCamp#12592) (Tutorial keeps getting killed freeCodeCamp/freeCodeCamp#13034)
• aed46f6 Sponsors: Sync README with website
• 7686d7f Update: semi-spacing should check do-while statements (Bug in code editor freeCodeCamp/freeCodeCamp#13358)
• cbd0d00 Update: disallow multiple options in comma-dangle schema (fixes [beta] Fatal typo in challengeSeed for "Functional Programming: Return Part of an Array Using the Slice Method" freeCodeCamp/freeCodeCamp#13165) (replace Hyperdev references with Gomix freeCodeCamp/freeCodeCamp#13166)
• b550330 New: Add no-unreachable-loop rule (fixes i cant't get passed this, and yet my code looks legit..help please ? freeCodeCamp/freeCodeCamp#12381) (JSON APIs and AJAX "Convert JSON Data to HTML" no json data provided  freeCodeCamp/freeCodeCamp#12660)
• 13999d2 Update: curly should check consequent `if` statements (ADB PR freeCodeCamp/freeCodeCamp#12947)
• c42e548 Chore: enable exceptRange option in the yoda rule (The text won't turn blue. freeCodeCamp/freeCodeCamp#12857)
• 6cfbd03 Update: Drop @ typescript-eslint/eslint-recommended from `eslint --init` (Button classes freeCodeCamp/freeCodeCamp#13340)
• 796f269 Chore: update eslint-config-eslint's required node version (Misleading example code for challenge freeCodeCamp/freeCodeCamp#13379)
• 9d0186e Docs: Fix changelog versions (changed url freeCodeCamp/freeCodeCamp#13410)
• 1ee3c42 Docs: On maxEOF with eol-last (fixes Bug: We really dont need 9 "case" here freeCodeCamp/freeCodeCamp#12742) (Update description freeCodeCamp/freeCodeCamp#13374)
• 2a21049 Update: key-spacing loc changes for extra space (refs Allow bracket notation and search for dot notation freeCodeCamp/freeCodeCamp#12334) (Create a Bootstrap Headline freeCodeCamp/freeCodeCamp#13362)
• 7ce7988 Chore: Replace the inquirer dependency with enquirer ([beta] Use the Reduce Method to Analyze Data - test seems incorrect freeCodeCamp/freeCodeCamp#13254)
• 0f1f5ed Docs: Add security policy link to README (Project Landing page freeCodeCamp/freeCodeCamp#13403)
• 9e9ba89 Sponsors: Sync README with website
• ca59fb9 Sponsors: Sync README with website

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (errors on waypoint-comment-your-javascript-code freeCodeCamp/freeCodeCamp#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (typo mistake. #111111 is dark grey, not light grey freeCodeCamp/freeCodeCamp#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Onboarding freeCodeCamp/freeCodeCamp#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Text "[object Object]" found on the Learning Map freeCodeCamp/freeCodeCamp#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Beta: Waypoint: Modify Array Data With Indexes freeCodeCamp/freeCodeCamp#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (spam freeCodeCamp/freeCodeCamp#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Fix for #1644 freeCodeCamp/freeCodeCamp#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Beta: Waypoint: Use Hex Code for Specific Colors - wording on 2nd checkpoint freeCodeCamp/freeCodeCamp#1609)

See the full diff

Package name: gulp-babel

The new version differs by 24 commits.

• 8e6fa78 7.0.0
• 8afcd30 make babel-core a peerDep, similar to babel-loader (Email login to use LB-passport url freeCodeCamp/freeCodeCamp#122)
• 744f633 7.0.0-alpha.18
• 21bf286 Babel 7 alpha (Style guide for bonfire challenges freeCodeCamp/freeCodeCamp#112)
• 2d63fb4 Update babel-core and babel-preset (Ramda fire freeCodeCamp/freeCodeCamp#110) [skip ci]
• 42bcfe3 ES6 → ES2015
• 638f386 Merge pull request [Snyk] Security upgrade eslint from 1.10.3 to 9.0.0 #83 from RebootJeff/patch-1
• be1b457 Fix link to Babel's issue tracker
• 1b4b0e1 Merge pull request [Snyk] Fix for 25 vulnerabilities #76 from manisenkov/update-readme
• 9164659 Make samples in README.md a bit simpler
• f7d6e35 6.1.2
• 15dff34 simplify [Snyk] Security upgrade sanitize-html from 1.27.5 to 2.0.0 #74
• 6c7a310 Close [Snyk] Security upgrade sanitize-html from 1.27.5 to 2.0.0 #74 PR: Don't add '.js' extension if the source file doesn't have an extension.
• fe5908e Merge pull request [Snyk] Fix for 1 vulnerabilities #70 from d10/readme-fix
• 3a23dec Fix minor error in readme.
• fbe4889 6.1.1
• 336d6ac Merge pull request [Snyk] Fix for 1 vulnerabilities #61 from Pofigizm/sourcemap-bug
• e20842d Fix sourcemap's bug for files in nested folders. Closes [Snyk] Fix for 1 vulnerabilities #54
• 40815c1 6.1.0
• 1e79d98 Close [Snyk] Security upgrade normalize-url from 1.9.1 to 4.5.1 #51 PR: Don't rename ignored files.
• f468b34 Update readme.md
• 8392545 6.0.0
• 39e81e0 tweaks
• 94addac Close [Snyk] Fix for 1 vulnerabilities #46 PR: chore: update babel-core to 6.0.2.

See the full diff

Package name: gulp-eslint

The new version differs by 60 commits.

• 40d004f 5.0.0
• 72c3599 use destructuring assignment to simplify the code
• aed571b update dependencies and devDependencies (Unknown Windows/connect-mongo bug freeCodeCamp/freeCodeCamp#224)
• a58a58d 4.0.2
• 0880d1a update plugin-error and mocha
• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (User password hash in Stories freeCodeCamp/freeCodeCamp#213)
• 35eae57 update devDependencies (Feature: Board to find people to live pair with freeCodeCamp/freeCodeCamp#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (Fixed bonfire selected tab bug freeCodeCamp/freeCodeCamp#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (After completing a challenge all points from bonefires are removed freeCodeCamp/freeCodeCamp#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option

See the full diff

Package name: yargs

The new version differs by 250 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (Waypoint: Manage Packages with NPM instructions unclear freeCodeCamp/freeCodeCamp#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (Bonfire: Mutations error  freeCodeCamp/freeCodeCamp#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (Issues with linking to Twitch from CodePen IFrame freeCodeCamp/freeCodeCamp#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (Make buttons for links in WayPoint 'Pair program on bonfires' freeCodeCamp/freeCodeCamp#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (Clickable "Next article" button in field guide. freeCodeCamp/freeCodeCamp#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (Waypoint 31 :Add Placeholder Text to a Text Field freeCodeCamp/freeCodeCamp#1330)
• c294d1b test: accept differently formatted output (Bonfire: Inventory Update Test Issue freeCodeCamp/freeCodeCamp#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (expressworks update freeCodeCamp/freeCodeCamp#1320)
• 0295132 fix: address issues with dutch translation (Bonfire: Search and Replace freeCodeCamp/freeCodeCamp#1316)
• 9f2468e doc: clarify parserConfiguration object structure (Portfolio page: streak value can be displayed incorrectly freeCodeCamp/freeCodeCamp#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 ("Challenge not found" now that Standford CS waypoint is deprecated freeCodeCamp/freeCodeCamp#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (Mention Linux screen sharing alternative in WayPoint 'Pair program on bonfires' freeCodeCamp/freeCodeCamp#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.