[Snyk] Fix for 26 vulnerabilities

[sparkbold]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • api-server/package.json
  • api-server/package-lock.json
  • api-server/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Filter Bypass SNYK-JS-EXPRESSVALIDATOR-174763	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	No	Proof of Concept
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 115 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (Waypoint: Target the Parent of an Element Using jQuery freeCodeCamp/freeCodeCamp#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (Has program execution error and logs 'chai is not defined' when there is no variable 'chai' in the code freeCodeCamp/freeCodeCamp#3981)
• 5b45711 Security fix for ReDoS (Issue with http://freecodecamp.com/challenges/waypoint-delete-properties-from-a-javascript-object freeCodeCamp/freeCodeCamp#3980)
• 5bc9ea2 Update ECOSYSTEM.md (Sum all odd fibonacci numbers. Browser freezes due to recursive solution. freeCodeCamp/freeCodeCamp#3817)
• e72813a Fixing README.md ("$ is not defined" freeCodeCamp/freeCodeCamp#3818)
• e10a027 Fix README typo under Request Config (Fix Waypoint Create Slot Machine Tests freeCodeCamp/freeCodeCamp#3825)
• e091491 Update README.md (Fix example for black background color in Objective 2 freeCodeCamp/freeCodeCamp#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (wrong calculating freeCodeCamp/freeCodeCamp#3953)
• 4fbeecb Adding CI on Github Actions. (Undefined? freeCodeCamp/freeCodeCamp#3938)
• e9965bf Fixing the sauce labs tests (Fix Waypoint Nest Anchor in Paragraph Code Guidance freeCodeCamp/freeCodeCamp#3813)
• dbc634c Remove charset in tests (Nest an Anchor Element within a Paragraph freeCodeCamp/freeCodeCamp#3807)
• 3958e9f Add explanation of cancel token (Improve readme to avoid setting up confusion freeCodeCamp/freeCodeCamp#3803)
• 69949a6 Adding custom return type support to interceptor (Typo in challenge freeCodeCamp/freeCodeCamp#3783)
• 49509f6 Create FUNDING.yml (Remove text decoration from social media icons in user profile page. freeCodeCamp/freeCodeCamp#3796)
• 199c8aa Adding parseInt to config.timeout (Waypoint: Build Web Apps with Express.js - what's in the query exercise fails to verify - expressworks  freeCodeCamp/freeCodeCamp#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (update git icon for landing freeCodeCamp/freeCodeCamp#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (title case a sentence freeCodeCamp/freeCodeCamp#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests ("Create my Github issue" button is not working freeCodeCamp/freeCodeCamp#3772)
• 59fa614 [Updated] follow-redirects to the latest version (Waypoint: Get Set for Basejumps error while installation freeCodeCamp/freeCodeCamp#3771)
• 7821ed2 Feat/json improvements (Compiler error for - str = str.replace(/\//g,""); works fine in Dev tools freeCodeCamp/freeCodeCamp#3763)

See the full diff

Package name: express-state

The new version differs by 3 commits.

• 727262e chore: update HISTORY
• f5cea3a chore: update serialize-javascript to 3.x ([Snyk] Fix for 4 vulnerabilities #41)
• e62069f Add isJSON docs to README

See the full diff

Package name: express-validator

The new version differs by 97 commits.

• cd4136e 6.5.0
• 612e2d9 Don't modify requests if oneOf chain didn't succeed (Bonfire: Make a Person: expect(Object.keys(bob).length) to equal 3 instead of 6. freeCodeCamp/freeCodeCamp#877)
• 7595c94 chain: comment out isDate for now
• 8b604af chain: add missing methods to Validators interface
• ab6ffe4 npm: upgrade validator to 13.0.0 (Input field missing to input your CodePen Link into. freeCodeCamp/freeCodeCamp#874)
• 29374cb 6.4.1
• 70af46e npm: audit fix dependencies
• efbfe3a Only consider . to be special char for now
• 42819ae npm: update dependencies
• 7736384 Remove console.log
• 3814c0a Fix use of special chars in selectors
• 0c450a9 docs: fix... typo? (I have a blank page. cannot see the bonfire anymore. :< freeCodeCamp/freeCodeCamp#842)
• 246f2ea docs: improve wording in matchedData page (Add tests for confirm the ending bonfire freeCodeCamp/freeCodeCamp#846)
• 6123155 docs: improve wording in whole-body validation (Bonfire: Mutations: ['Mary', 'Maary'] freeCodeCamp/freeCodeCamp#845)
• 3124129 docs: fix typo in schema validation and improve wording (Fixes RegExp so it matches the class .blue-text freeCodeCamp/freeCodeCamp#844)
• d85b368 docs: fix verb tense in the custom validator page (Completed Challenge without creating "CSS blue" class freeCodeCamp/freeCodeCamp#841)
• 19531ec docs: fix verb tense in the validationResult page (Field guides have infinite redirect loop freeCodeCamp/freeCodeCamp#847)
• f868e23 docs: small fixes in the wildcard feature (Fixes RegExp so it matches the class .blue-text freeCodeCamp/freeCodeCamp#843)
• 31d73c2 npm: add build script
• 008a0ae docs: migrate usages of sanitize to check
• 4bbe421 6.4.0
• acb2ad7 npm: run docs:build before git add on versioning
• 5e293cf Compile TS to ES2017 (Waypoint Lesson requires the removal of Monospace even though it stated the removal of a dead link in the lesson information. freeCodeCamp/freeCodeCamp#826)
• 0163461 npm: upgrade a few packages (Wikipedia link does not open in new tab. freeCodeCamp/freeCodeCamp#825)

See the full diff

Package name: googleapis

The new version differs by 94 commits.

• 20409df chore: release 49.0.0 (fix #2011 freeCodeCamp/freeCodeCamp#2022)
• 7de4e78 chore(deps): update dependency null-loader to v4 (Input bug freeCodeCamp/freeCodeCamp#2044)
• 340f78d chore(deps): update dependency ts-loader to v7 (confusing description freeCodeCamp/freeCodeCamp#2043)
• 254f878 chore: remove unused dev packages (not clear statement freeCodeCamp/freeCodeCamp#2042)
• f4eb6e0 chore: update lint ignore files (Worng text freeCodeCamp/freeCodeCamp#2040)
• 0110f3e docs: update readme for drive readme (change step 46 heroku addons:create mongolab to heroku addons:add mongolab freeCodeCamp/freeCodeCamp#2039)
• 73d284b fix(deps): update common and auth ("Take me to the Help Room" button is currenlty not working  freeCodeCamp/freeCodeCamp#2038)
• 476b71e test: use discovery docs from fixture (Fix #2030 freeCodeCamp/freeCodeCamp#2037)
• 3a3b61d build: remove unused codecov config (Can you put the while loop challange before the for loop challenge? freeCodeCamp/freeCodeCamp#2034)
• fea414a feat!: regenerate the API (Waypoint: Remove Classes from an element with jQuery - Typo? freeCodeCamp/freeCodeCamp#2028)
• 48a4f05 chore(dep)!: deprecate node 8 (Delete camper news story functionality freeCodeCamp/freeCodeCamp#2021)
• 99ebacf test: the kitchen sink system test sometimes times out (second item does not get 'ticked' (var expression = /and/gi;) freeCodeCamp/freeCodeCamp#2020)
• 05090da fix: apache license URL (fix typo on line 97 of coursewwares.json freeCodeCamp/freeCodeCamp#468) (solutions for Slot Machine drills are not saved freeCodeCamp/freeCodeCamp#2017)
• d15c656 chore: remove duplicate mocha config (Wording is weird freeCodeCamp/freeCodeCamp#2016)
• 874edc3 build: update templates (Hi, I think there is a bug or a sort of catch 22 in the tutorial. We are asked to comment out the 'Lobster' font but when we do that the first two tasks change from being accomplished to being unaccomplished. If you take the comments out the last to change to being unaccomplished. There is no way to get through the task.  freeCodeCamp/freeCodeCamp#2013)
• dc16586 build: set AUTOSYNTH_MULTIPLE_COMMITS=true for context aware commits (button "Go to my next challenge" waits 3 seconds to get activated. freeCodeCamp/freeCodeCamp#2012)
• 741c58b chore: update github actions configuration (errors on waypoint-comment-your-javascript-code freeCodeCamp/freeCodeCamp#1999)
• 1fe744b chore(deps): update dependency @ types/rimraf to v3 (Fixes #1833 freeCodeCamp/freeCodeCamp#1995)
• 5512eb5 chore(deps): update dependency typedoc to ^0.17.0 (Potentially missing ; freeCodeCamp/freeCodeCamp#1993)
• 0a4db38 chore: release 48.0.0 (Grammar freeCodeCamp/freeCodeCamp#1979)
• 074f641 fix: allow an empty requestBody to be provided for APIs that support multipart post (Clarity freeCodeCamp/freeCodeCamp#1988)
• 8bcb212 feat!: run the generator (adds: displayvideo, gamesConfiguration, managedidentities, networkmanagement) (Run code button not working freeCodeCamp/freeCodeCamp#1989)
• 8677588 build(tests): fix coveralls and enable build cop (Extra words freeCodeCamp/freeCodeCamp#1982)
• 0679c78 build: update linkinator config (Browser hanging while editing code. freeCodeCamp/freeCodeCamp#1981)

See the full diff

Package name: loopback

The new version differs by 9 commits.

• a22d4f9 3.28.0
• 223dd5d Merge pull request Spam issue freeCodeCamp/freeCodeCamp#4338 from achrinzafork/chore/update-module-lts-node14
• fbd9783 Merge pull request Spam issue freeCodeCamp/freeCodeCamp#4340 from strongloop/upgrade-nodemailer
• 6f04b61 upgrade nodemailer to greater than 6.4.16
• ab3e159 chore: sync LoopBack 4 with Node.js v14 EOL
• 5b61efb Merge pull request Another spam issue freeCodeCamp/freeCodeCamp#4334 from strongloop/travis
• e457e26 chore: add Node.js 14 to travis
• ab2e462 Merge pull request Update Codemirror and JSHint using CDNjs freeCodeCamp/freeCodeCamp#4318 from strongloop/bajtos-patch-1
• f2f7332 Remove "major" and "p1" from stalebot

See the full diff

Package name: passport

The new version differs by 126 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request Remove coverage from tracking and add to ignore file freeCodeCamp/freeCodeCamp#900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• 17111d7 Add option to keep session data on logout.
• a349c2b Add option to keep session data.
• e69834e Add optional options to login and logout.
• 8825a9a Add tests.
• c1991cf Add tests.
• 294f22c Better session detection and exceptions.
• 80cc4e3 Add tests.
• 3001654 Add tests.
• b395106 Clean up tests.
• cfa8259 Add tests.
• ee0bf81 Add tests.
• cc7606c Add tests.
• 71c54f6 Add test.
• 88c1f1b Handle logout without session manager.

See the full diff

Package name: validator

The new version differs by 250 commits.

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (Bonfire: Check for Palindromes freeCodeCamp/freeCodeCamp#1738)
• 45901ec Merge pull request Fixed #1848 freeCodeCamp/freeCodeCamp#1851 from validatorjs/chore/fix-merge-conflicts
• 83cb7f8 chore: merge conflict clean-up
• f17e220 feat(isMobilePhone): add El Salvador es-SV locale
• 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
• a3faa83 feat(isMobilePhone): add Botswana en-BW locale
• 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
• 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
• f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
• 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
• ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (misleading comments freeCodeCamp/freeCodeCamp#1846)
• c96d805 feat(isMobilePhone): add Maldives dv-MV locale
• 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
• fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (News item missing and yet not mising freeCodeCamp/freeCodeCamp#1770)
• 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (misleading comments freeCodeCamp/freeCodeCamp#1846)
• af2b43c feat(isUUID): add support for validation of version v1 and v2 (Extra ">" at end of example freeCodeCamp/freeCodeCamp#1848)
• 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (adds projecttalk messageboard freeCodeCamp/freeCodeCamp#1836)
• f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (Bonfire: Meet Bonefire - Unable to run code to submit freeCodeCamp/freeCodeCamp#1772)
• 5773869 feat(isVAT): add dutch NL locale (can't go to next challenge freeCodeCamp/freeCodeCamp#1825)
• de1cb29 fix: Russian passport number regex (Had already solved this challenge before update and now same answer won't work freeCodeCamp/freeCodeCamp#1810)
• 7bee611 add CDN use option with unpkg (Incorrect text freeCodeCamp/freeCodeCamp#1844)
• 57cc14e feat(isIdentityCard): add finnish locale (Filter Arrays with filter - contradicting assignment and assert freeCodeCamp/freeCodeCamp#1838)
• 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (Hex code is wrong freeCodeCamp/freeCodeCamp#1837)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn