[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: dateformat

The new version differs by 9 commits.

• 8802071 2.0.0
• ba00ce7 update `contributors`
• 9222537 remove cli.js
• 85d577e removes CLI
• 6fb6e92 Merge pull request [Snyk] Security upgrade sanitize-html from 1.27.5 to 2.0.0 #49 from thejameskyle/patch-1
• fbc280f Create .npmignore
• 261aec5 Merge pull request [Snyk] Security upgrade gulp-notify from 2.2.0 to 3.0.0 #47 from samt/master
• dd04e87 Fix code-block intent
• 5cd7114 Add mask options and named formats to Readme.md

See the full diff

Package name: eslint

The new version differs by 250 commits.

• c61194f 4.0.0
• 821a1e6 Build: changelog update for 4.0.0
• 4aefb49 Chore: avoid using deprecated rules on ESLint codebase (fix forum links in navbars freeCodeCamp/freeCodeCamp#8708)
• 389feba Chore: upgrade deps. (Need a 24/7 Twitch streamer, for testing "online" filter freeCodeCamp/freeCodeCamp#8684)
• 3da7b5e Fix: Semi-Style only check for comments when tokens exist (fixes I need help on my css freeCodeCamp/freeCodeCamp#8696) (Basic Algorith Scripting: Seek and Destroy freeCodeCamp/freeCodeCamp#8697)
• 3cfe9ee Fix: Add space between async and param on fix (fixes num >= 20 - return "Huge" instruction are not correct, to pass it should be num < 20 - return "Huge" freeCodeCamp/freeCodeCamp#8682) (Allowed to pass Get Geolocation Data waypoint, but no prompt appears freeCodeCamp/freeCodeCamp#8693)
• c702858 Chore: enable no-multiple-empty-lines on ESLint codebase (Update gulp-tape to version 0.0.9 🚀 freeCodeCamp/freeCodeCamp#8694)
• 34c4020 Update: Add support for parens on left side for-loops (fixes: console.log & alert not working with me in any challenge. freeCodeCamp/freeCodeCamp#8393) (Updates link to report bugs freeCodeCamp/freeCodeCamp#8679)
• 735cd09 Docs: Correct the comment in an example for `no-mixed-requires` (Patch 1 freeCodeCamp/freeCodeCamp#8686)
• 026f048 Chore: remove dead code from prefer-const (Issues with git-it freeCodeCamp/freeCodeCamp#8683)
• a8e1c1c 4.0.0-rc.0
• 1768dc0 Build: changelog update for 4.0.0-rc.0
• 0058b0f Update: add --fix to no-debugger (Georgian translation "Getting Started" freeCodeCamp/freeCodeCamp#8660)
• b4daa22 Docs: Note to --fix option for strict rule (The later challenges in learnyounode (challenge 10 onwards) do not work on C9 due to port restrictions.  freeCodeCamp/freeCodeCamp#8680)
• 4df33e7 Chore: check for root:true in project sooner (fixes "++" operator not recognized in pre-increment position, (++myVar) freeCodeCamp/freeCodeCamp#8561) (Bug in challenge: Create a Text Field  freeCodeCamp/freeCodeCamp#8638)
• c9b980c Build: Add Node 8 on travis (Add greeting text in Georgian freeCodeCamp/freeCodeCamp#8669)
• 9524833 Fix: Don't check object destructing in integer property (fixes Everyone around me can be happy. freeCodeCamp/freeCodeCamp#8654) (Exact change - insufficient funds? freeCodeCamp/freeCodeCamp#8657)
• c4ac969 Update: fix parenthesized ternary expression indentation (fixes Facebook campsite group link is very hard to find freeCodeCamp/freeCodeCamp#8637) (Fixed wrong facebook local campsite group link freeCodeCamp/freeCodeCamp#8649)
• 4f2f9fc Build: update license checker to allow LGPL (fixes Fix/line break freeCodeCamp/freeCodeCamp#8647) (Fix Generate Random Whole Numbers with JavaScript freeCodeCamp/freeCodeCamp#8652)
• b0c83bd Docs: suggest pushing new commits to a PR instead of amending (Code Portfolio - UI/UX issues freeCodeCamp/freeCodeCamp#8632)
• d0e9fd2 Fix: Config merge to correctly account for extends (fixes Hotkey to focus on code window freeCodeCamp/freeCodeCamp#8193) (Bug Found freeCodeCamp/freeCodeCamp#8636)
• 705d88f Docs: Update CLA link on Pull Requests page (Fixed grammatical error in Manipulate Arrays with push freeCodeCamp/freeCodeCamp#8642)
• 794d4d6 Docs: missing paren on readme (Add missing 'connect' in the production-start.js error handler freeCodeCamp/freeCodeCamp#8640)
• 7ebd9d6 New: array-element-newline rule (fixes Update how to deal with /data/db not found freeCodeCamp/freeCodeCamp#6075) ("Where do I Belong" not accepting answer that passes all test cases freeCodeCamp/freeCodeCamp#8375)

See the full diff

Package name: express-state

The new version differs by 3 commits.

• 727262e chore: update HISTORY
• f5cea3a chore: update serialize-javascript to 3.x ([Snyk] Security upgrade nodemailer from 1.11.0 to 6.4.16 #41)
• e62069f Add isJSON docs to README

See the full diff

Package name: gulp-eslint

The new version differs by 49 commits.

• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (Fixed bonfire selected tab bug freeCodeCamp/freeCodeCamp#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (After completing a challenge all points from bonefires are removed freeCodeCamp/freeCodeCamp#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option
• 286b0c4 remove unused fixtures
• e2723e1 Remove unnecessary `object-assign` dependency
• 82c1949 3.0.0
• 97d8638 Remove invalid options in example code
• 505779d Remove option aliases
• 7228608 Bump ESLint to v3.x and ES2015ify
• 946e0e9 2.1.0
• a01671e Add v2.1.0 release note
• 87213fd Fix inline config example in README (Accessibility freeCodeCamp/freeCodeCamp#159)
• 4de3d64 Test on the latest/LTS Node
• cb7fd6a Install istanbul-coveralls only on Travis CI

See the full diff

Package name: gulp-less

The new version differs by 11 commits.

• 9d9e96f chore: update deps, publish v5
• ea13d8a Merge pull request Create production branch freeCodeCamp/freeCodeCamp#313 from MisterLuffy/master
• 7ce4b9b feat: support less v4
• 1a9d694 Merge pull request Merge UX-improvements and nonprofit-show into master freeCodeCamp/freeCodeCamp#314 from stamminator/master
• b1a3e18 Update .travis.yml
• ecacdf7 Fix links after moving repo
• 403b696 4.0.1
• 0678856 Upgrade less version to 3.7.1
• 6114989 Update README.md (Should sign up email be moved to user.save callback? freeCodeCamp/freeCodeCamp#292)
• 7d9df97 4.0.0
• cde149b Update accord to support less@3.0.0 - closes Bonfire Challenges freeCodeCamp/freeCodeCamp#269

See the full diff

Package name: gulp-uglify

The new version differs by 37 commits.

• 76b5b3a fix(package): update files array
• 5d4c4c6 chore(all): refactor unit tests
• f2b779b feat(composer): implement new API for composing deps
• dbbba30 fix(minify): log warnings to gulplog
• 4cc8751 feat(uglify): add support for UglifyJS3
• ad73ab8 chore(pkg): update dependencies, run lint
• 4656fe5 2.1.2
• ba83a45 fix(package): move eslint dependencies to dev
• 3d0f155 2.1.1
• c722ab9 fix(errors): restore file and line info
• da3e18f chore(prettier): setup prettier
• ec8ba54 fix(tests): UglifyJS errors use "message" property
• 6c336ec v2.1.0
• 35c33f1 chore(uglifyjs): loosen uglify-js pin
• 74b6eff 2.0.1
• 832b427 chore(package): update uglify-js to version 2.7.5
• 1bf0f72 docs(README): link to Why Use Pump?
• ccdc482 docs(pump): fix typo
• 5ddafd2 chore(package): update uglify-js to version 2.7.4
• d5801ca chore(greenkeeper): ignore "gulp-sourcemaps" dependency
• 129df84 chore(package.json): update repository field
• 533ee01 fix(package): update uglify-js to version 2.7.3
• 1f2c508 docs(why-use-pump): fix plugin name
• 2829956 docs(README): fix typo

See the full diff

Package name: uglify-js

The new version differs by 250 commits.

• bca83cb v3.14.3
• a841d45 fix corner case in `awaits` (when i return math.random() i get the error: math is not defined  freeCodeCamp/freeCodeCamp#5160)
• eb93d92 fix corner case in `awaits` (D3 Zipline 2: Interactive Scatterplot freeCodeCamp/freeCodeCamp#5158)
• a0250ec fix corner case in `dead_code` (API Basejump 2: Request Header Parser  freeCodeCamp/freeCodeCamp#5154)
• 2580162 parse `let` as symbol names correctly (React Zipline 5: Rogue-like Game freeCodeCamp/freeCodeCamp#5151)
• 32ae994 fix issues in tests flagged by LGTM (Increase Loop Protect Timeout to 1000 freeCodeCamp/freeCodeCamp#5150)
• 03aec89 fix corner cases in `strings` & `templates` (React Zipline 1: Markdown Preview App freeCodeCamp/freeCodeCamp#5147)
• faf0190 document ECMAScript quirks (API Basejump 3: URL shortener freeCodeCamp/freeCodeCamp#5148)
• c8b0f68 fix corner case in `merge_vars` (propose to change image provider freeCodeCamp/freeCodeCamp#5143)
• 87b9916 fix corner case in `inline` (API Basejump 4 - Image search freeCodeCamp/freeCodeCamp#5141)
• 940887f fix corner case in `evaluate` (Bonefire: Error Potential infinite loop freeCodeCamp/freeCodeCamp#5139)
• 0b2573c fix corner case in `templates` (Update babel-core to version 6.3.17 🚀 freeCodeCamp/freeCodeCamp#5137)
• 1575210 avoid potential RegExp denial-of-service (Update history to version 1.16.0 🚀 freeCodeCamp/freeCodeCamp#5135)
• f766bab enhance `templates` (Update webpack-stream to version 3.0.0 🚀 freeCodeCamp/freeCodeCamp#5131)
• 436a293 enhance `dead_code` (Stop making assumptions about names freeCodeCamp/freeCodeCamp#5130)
• 55418fd fix corner case in `rests` (Lost all my completed waypoints & bonfires while switching laptops freeCodeCamp/freeCodeCamp#5129)
• 8578688 v3.14.2
• 4b88dfb tweak test & warnings (Accept grey-background or gray-background in Waypoint Give a Background Color to a Div freeCodeCamp/freeCodeCamp#5123)
• c3aef23 fix corner case in `reduce_vars` (Skip Button/Go to next step functionality enhancement freeCodeCamp/freeCodeCamp#5121)
• db94d21 fix corner case in `side_effects` (Unable to advance past this point in either Chrome or Firefox freeCodeCamp/freeCodeCamp#5118)
• 9634a9d fix corner cases in `optional_chains` (Fix Bonfire Truncate a String Typo freeCodeCamp/freeCodeCamp#5110)
• befb99b fix corner case in `inline` (Estimate amount pledged to nonprofits and display on map freeCodeCamp/freeCodeCamp#5115)
• 02eb8ba fix corner case in `collapse_vars` (Change Cloud 9 Node.js selection words freeCodeCamp/freeCodeCamp#5113)
• c09f63a fix corner case in `rests` (Created the task, does not work freeCodeCamp/freeCodeCamp#5109)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request On tablet maybe doesn't work? freeCodeCamp/freeCodeCamp#5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request Make tag replacement more robust freeCodeCamp/freeCodeCamp#5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request Fixed typo in test case and modified the test case freeCodeCamp/freeCodeCamp#5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request "Get Set For Bonfire" confused for actual bonfire freeCodeCamp/freeCodeCamp#5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request tab completion on comments is not correct freeCodeCamp/freeCodeCamp#5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request Fix run first time freeCodeCamp/freeCodeCamp#5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request setInterval/clearInterval probably needs an introduction freeCodeCamp/freeCodeCamp#5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request Reddit - Give Mods/Staff Flair freeCodeCamp/freeCodeCamp#5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request Code portfolio calendar not in sync with portfolio dates freeCodeCamp/freeCodeCamp#5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

Package name: webpack-stream

The new version differs by 148 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request Bug with email login freeCodeCamp/freeCodeCamp#212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request Upvote fix freeCodeCamp/freeCodeCamp#214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request App "listens" before 'MongoStore' is ready fix freeCodeCamp/freeCodeCamp#225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request refactor boot files freeCodeCamp/freeCodeCamp#235 from marekdedic/webpack-5
• ff485fe Merge pull request refactor footer freeCodeCamp/freeCodeCamp#234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection
🦉 Improper Privilege Management
🦉 Denial of Service (DoS)