[Snyk] Fix for 39 vulnerabilities

[yuhonghong66]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • api-server/package.json
  • api-server/package-lock.json
  • api-server/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Insufficiently Protected Credentials SNYK-JS-AUTH0JS-565004	No	No Known Exploit
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Filter Bypass SNYK-JS-EXPRESSVALIDATOR-174763	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Configuration Override SNYK-JS-HELMETCSP-469436	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	SQL Injection SNYK-JS-LOOPBACK-174846	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NODEFORGE-598677	Yes	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PACRESOLVER-1564857	No	Proof of Concept
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	Yes	No Known Exploit
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	Yes	Proof of Concept
	737/1000 Why? Currently trending on Twitter, Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYK-3037342	No	Proof of Concept
	737/1000 Why? Currently trending on Twitter, Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Command Injection SNYK-JS-SNYKGOPLUGIN-3037316	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: auth0-js

The new version differs by 147 commits.

• 7db6009 v9.13.2
• 540c84a Release v9.13.2 (Having trouble with <li> tags </li> freeCodeCamp/freeCodeCamp#1099)
• 355ca74 Merge pull request from GHSA-prfq-f66g-43mp
• 55b6ac8 Merge pull request Bonfire: Drop it - correct solution but wrong answer? freeCodeCamp/freeCodeCamp#1098 from auth0/dependabot/npm_and_yarn/minimist-1.2.5
• 5e2a474 Updated package resolution
• 13c92e0 Bump minimist from 1.2.0 to 1.2.5
• da8a17f Dependency updates for security advisories (Waypoint: Turn an Image into a Link Bug freeCodeCamp/freeCodeCamp#1097)
• 226681d Merge pull request Some "Slack to Gitter" edits freeCodeCamp/freeCodeCamp#1096 from nwtgck/docs-js
• c28742e docs: Javascript -> JavaScript
• 6a2995b Release v9.13.1 (Field guide error freeCodeCamp/freeCodeCamp#1094)
• ca245aa Add screen_hint to allowed parameters (Fixes misspelling that caused 'undefined is not function' error freeCodeCamp/freeCodeCamp#1093)
• 48b5fd9 Merge pull request Waypoint: Mobile Responsive Images  freeCodeCamp/freeCodeCamp#1091 from auth0/bump-idtoken
• 10772e0 bump idtoken-verifier dependency
• 03a7c56 [SDK-1405] Release v9.13.0 (Passing waypoint without effectively completing it freeCodeCamp/freeCodeCamp#1090)
• a7e55bf [SDK-1405] Added support for new 'blocked_reasons' error type (Profile page reserves my own username / can't change case of your own username freeCodeCamp/freeCodeCamp#1084)
• b7327d6 Updated JS docs for `user_metadata` (Need to add convert() function call to second test freeCodeCamp/freeCodeCamp#1088)
• b9ecfed Stub out getRsaVerifier so that RSA verification always returns true (No help or bug buttons in my lessons freeCodeCamp/freeCodeCamp#1085)
• 5f4e982 Merge pull request Learn button points to last lesson visited not most advanced lesson completed freeCodeCamp/freeCodeCamp#1083 from auth0/dependabot/npm_and_yarn/codecov-3.6.5
• 49453e3 [Security] Bump codecov from 3.5.0 to 3.6.5
• 2587ffd Release v9.12.2 (Add video link to Symmetric Differences Bonfire freeCodeCamp/freeCodeCamp#1074)
• 4e8a0b2 Bumped idtoken-verifier to latest patch (Issue 1036 - Fixed minor grammatical mistake freeCodeCamp/freeCodeCamp#1073)
• ede531a Merge pull request Readme still points to slack in notes section freeCodeCamp/freeCodeCamp#1068 from auth0/dependabot/npm_and_yarn/handlebars-4.5.3
• 8b2c3f2 Merge branch 'master' into dependabot/npm_and_yarn/handlebars-4.5.3
• 5de13c9 Merge pull request Entering invalid markup will affect the surrounding testcase list freeCodeCamp/freeCodeCamp#1066 from jamesgeorge007/feat/pre-commit-hook

See the full diff

Package name: connect-mongo

The new version differs by 90 commits.

• 63ca966 docs: update readme and bump version to 3.0.0
• aceb1ee chore: bump version to 3.0.0-rc.2
• 0e4a234 test: add test cases on event listener
• e77a7f1 test: replace mocha with jest (Seed data bug in ux-improvements for start-a-node.js-server challenge freeCodeCamp/freeCodeCamp#324)
• ad39e88 test: replace deprecated collection.insert to collection.insertOne
• 545c06e docs: update README on testing
• 2d5442e chore: upgrade depns mocha
• 5d3a321 chore: upgrade nyc depns
• 54cd91d chore: upgrade depns
• afb7a12 docs: remove some badges
• 6c2484b docs: update README for supporting version
• c925c92 test: fix test case
• 6827330 chore: bump version to 3.0.0-rc.1
• f62692b ci: update .npmignore
• aa2637d ci: remove node 6 support and add linting in travis
• 801291b fix linting error
• f928547 travis add test on Node 12
• 12275f0 better linting
• eb23b1e linting fix
• 66194c7 bump major version to 3.0.0-rc
• f29084f Wait for client open, before calling db. (Username LMWBXR can only log after resetting password freeCodeCamp/freeCodeCamp#321)
• d252bfc Install Stale bot
• 15d91c1 Transparent crypto support (Merge UX-improvements and nonprofit-show into master freeCodeCamp/freeCodeCamp#314)
• 08ccada Update readme refer to latest release to avoid confusion

See the full diff

Package name: express-state

The new version differs by 3 commits.

• 727262e chore: update HISTORY
• f5cea3a chore: update serialize-javascript to 3.x ([Snyk] Security upgrade googleapis from 16.1.0 to 49.0.0 #41)
• e62069f Add isJSON docs to README

See the full diff

Package name: express-validator

The new version differs by 105 commits.

• cd4136e 6.5.0
• 612e2d9 Don't modify requests if oneOf chain didn't succeed (Bonfire: Make a Person: expect(Object.keys(bob).length) to equal 3 instead of 6. freeCodeCamp/freeCodeCamp#877)
• 7595c94 chain: comment out isDate for now
• 8b604af chain: add missing methods to Validators interface
• ab6ffe4 npm: upgrade validator to 13.0.0 (Input field missing to input your CodePen Link into. freeCodeCamp/freeCodeCamp#874)
• 29374cb 6.4.1
• 70af46e npm: audit fix dependencies
• efbfe3a Only consider . to be special char for now
• 42819ae npm: update dependencies
• 7736384 Remove console.log
• 3814c0a Fix use of special chars in selectors
• 0c450a9 docs: fix... typo? (I have a blank page. cannot see the bonfire anymore. :< freeCodeCamp/freeCodeCamp#842)
• 246f2ea docs: improve wording in matchedData page (Add tests for confirm the ending bonfire freeCodeCamp/freeCodeCamp#846)
• 6123155 docs: improve wording in whole-body validation (Bonfire: Mutations: ['Mary', 'Maary'] freeCodeCamp/freeCodeCamp#845)
• 3124129 docs: fix typo in schema validation and improve wording (Fixes RegExp so it matches the class .blue-text freeCodeCamp/freeCodeCamp#844)
• d85b368 docs: fix verb tense in the custom validator page (Completed Challenge without creating "CSS blue" class freeCodeCamp/freeCodeCamp#841)
• 19531ec docs: fix verb tense in the validationResult page (Field guides have infinite redirect loop freeCodeCamp/freeCodeCamp#847)
• f868e23 docs: small fixes in the wildcard feature (Fixes RegExp so it matches the class .blue-text freeCodeCamp/freeCodeCamp#843)
• 31d73c2 npm: add build script
• 008a0ae docs: migrate usages of sanitize to check
• 4bbe421 6.4.0
• acb2ad7 npm: run docs:build before git add on versioning
• 5e293cf Compile TS to ES2017 (Waypoint Lesson requires the removal of Monospace even though it stated the removal of a dead link in the lesson information. freeCodeCamp/freeCodeCamp#826)
• 0163461 npm: upgrade a few packages (Wikipedia link does not open in new tab. freeCodeCamp/freeCodeCamp#825)

See the full diff

Package name: googleapis

The new version differs by 250 commits.

• 20409df chore: release 49.0.0 (fix #2011 freeCodeCamp/freeCodeCamp#2022)
• 7de4e78 chore(deps): update dependency null-loader to v4 (Input bug freeCodeCamp/freeCodeCamp#2044)
• 340f78d chore(deps): update dependency ts-loader to v7 (confusing description freeCodeCamp/freeCodeCamp#2043)
• 254f878 chore: remove unused dev packages (not clear statement freeCodeCamp/freeCodeCamp#2042)
• f4eb6e0 chore: update lint ignore files (Worng text freeCodeCamp/freeCodeCamp#2040)
• 0110f3e docs: update readme for drive readme (change step 46 heroku addons:create mongolab to heroku addons:add mongolab freeCodeCamp/freeCodeCamp#2039)
• 73d284b fix(deps): update common and auth ("Take me to the Help Room" button is currenlty not working  freeCodeCamp/freeCodeCamp#2038)
• 476b71e test: use discovery docs from fixture (Fix #2030 freeCodeCamp/freeCodeCamp#2037)
• 3a3b61d build: remove unused codecov config (Can you put the while loop challange before the for loop challenge? freeCodeCamp/freeCodeCamp#2034)
• fea414a feat!: regenerate the API (Waypoint: Remove Classes from an element with jQuery - Typo? freeCodeCamp/freeCodeCamp#2028)
• 48a4f05 chore(dep)!: deprecate node 8 (Delete camper news story functionality freeCodeCamp/freeCodeCamp#2021)
• 99ebacf test: the kitchen sink system test sometimes times out (second item does not get 'ticked' (var expression = /and/gi;) freeCodeCamp/freeCodeCamp#2020)
• 05090da fix: apache license URL (fix typo on line 97 of coursewwares.json freeCodeCamp/freeCodeCamp#468) (solutions for Slot Machine drills are not saved freeCodeCamp/freeCodeCamp#2017)
• d15c656 chore: remove duplicate mocha config (Wording is weird freeCodeCamp/freeCodeCamp#2016)
• 874edc3 build: update templates (Hi, I think there is a bug or a sort of catch 22 in the tutorial. We are asked to comment out the 'Lobster' font but when we do that the first two tasks change from being accomplished to being unaccomplished. If you take the comments out the last to change to being unaccomplished. There is no way to get through the task.  freeCodeCamp/freeCodeCamp#2013)
• dc16586 build: set AUTOSYNTH_MULTIPLE_COMMITS=true for context aware commits (button "Go to my next challenge" waits 3 seconds to get activated. freeCodeCamp/freeCodeCamp#2012)
• 741c58b chore: update github actions configuration (errors on waypoint-comment-your-javascript-code freeCodeCamp/freeCodeCamp#1999)
• 1fe744b chore(deps): update dependency @ types/rimraf to v3 (Fixes #1833 freeCodeCamp/freeCodeCamp#1995)
• 5512eb5 chore(deps): update dependency typedoc to ^0.17.0 (Potentially missing ; freeCodeCamp/freeCodeCamp#1993)
• 0a4db38 chore: release 48.0.0 (Grammar freeCodeCamp/freeCodeCamp#1979)
• 074f641 fix: allow an empty requestBody to be provided for APIs that support multipart post (Clarity freeCodeCamp/freeCodeCamp#1988)
• 8bcb212 feat!: run the generator (adds: displayvideo, gamesConfiguration, managedidentities, networkmanagement) (Run code button not working freeCodeCamp/freeCodeCamp#1989)
• 8677588 build(tests): fix coveralls and enable build cop (Extra words freeCodeCamp/freeCodeCamp#1982)
• 0679c78 build: update linkinator config (Browser hanging while editing code. freeCodeCamp/freeCodeCamp#1981)

See the full diff

Package name: helmet

The new version differs by 65 commits.

• 5d964d4 3.21.1
• 1e9b8ea Update changelog for 3.21.1 release
• 86f1f59 Update helmet-csp to 2.9.2
• 76ca5bd Update Standard devDependency to latest version
• 0dad3c2 3.21.0
• 33cfd10 Update changelog for 3.21.0 release
• 349117f Update helmet-csp to 2.9.1
• 03d4fa6 Update x-xss-protection from 1.2.0 to 1.3.0
• 3b9d0e8 Update devDependencies to latest versions
• 80fe85f Remove old HISTORY.md
• e3ea074 Use sinon's default sandbox feature
• 968fabd 3.20.1
• d588453 Update changelog for 3.20.1 release
• a5a9679 Update Sinon and Standard to latest versions
• 844739c Update helmet-csp to v2.9.0
• b2a3700 3.20.0
• 87d7323 Update changelog for 3.20.0 release
• a711731 Update Mocha and Standard to latest versions
• 6aab72d Update helmet-csp to 2.8.0
• ac46aaf Minor: in changelog, change "updated" header in under 3.19.0
• 17707ae 3.19.0
• ca34982 Update changelog for 3.19.0 release
• 06d5bde Update all remaining outdated dependencies
• 91e071c Update helmet-crossdomain from 0.3.0 to 0.4.0

See the full diff

Package name: loopback

The new version differs by 97 commits.

• a22d4f9 3.28.0
• 223dd5d Merge pull request Spam issue freeCodeCamp/freeCodeCamp#4338 from achrinzafork/chore/update-module-lts-node14
• fbd9783 Merge pull request Spam issue freeCodeCamp/freeCodeCamp#4340 from strongloop/upgrade-nodemailer
• 6f04b61 upgrade nodemailer to greater than 6.4.16
• ab3e159 chore: sync LoopBack 4 with Node.js v14 EOL
• 5b61efb Merge pull request Another spam issue freeCodeCamp/freeCodeCamp#4334 from strongloop/travis
• e457e26 chore: add Node.js 14 to travis
• ab2e462 Merge pull request Update Codemirror and JSHint using CDNjs freeCodeCamp/freeCodeCamp#4318 from strongloop/bajtos-patch-1
• f2f7332 Remove "major" and "p1" from stalebot
• 06fcaa1 3.27.0
• d929b57 Merge pull request Use Responsive Design with Bootstrap Fluid Containers freeCodeCamp/freeCodeCamp#4315 from strongloop/feat/maintenance-lts
• 58f6545 Update LTS status in README
• cdf48b6 Merge pull request Give option to bookmark a challenge freeCodeCamp/freeCodeCamp#4303 from strongloop/copyright
• f788aae chore: update copyright year
• 6a7fc52 Merge pull request Fix - fixes typo in assert message as reported on ticket #4288 freeCodeCamp/freeCodeCamp#4290 from sujeshthekkepatt/fix/hasone-relation-error-message
• b93187b feat: change hasone relation error message
• 2db09a3 Merge pull request Bonfire: Symmetric Difference - Needs more test cases freeCodeCamp/freeCodeCamp#4281 from strongloop/chore/improve-issue-templates
• 4edcc4f chore: disable security issue reporting
• b848bd9 Merge pull request Waypoint: Use Comments to Clarify Code freeCodeCamp/freeCodeCamp#4283 from strongloop/fix-comma-dangle
• aa76a19 chore: fix eslint violations
• f2f0b3a Merge pull request Confirm the Ending: Add test case freeCodeCamp/freeCodeCamp#4267 from strongloop/update-dev-deps
• 82cd668 fixup! manual fixes
• 397d141 fixup! eslint --fix .
• aec86cc chore: update eslint & eslint-config to latest

See the full diff

Package name: loopback-boot

The new version differs by 3 commits.

• bb5d423 2.28.0
• 07c0b01 Merge pull request Create Wiki controller to replace our static pages freeCodeCamp/freeCodeCamp#288 from strongloop/upgrade-2.x-deps
• bea9a5f chore: upgrade deps to fix npm audit complaints

See the full diff

Package name: mongodb

The new version differs by 81 commits.

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (Wrong Map Visualization freeCodeCamp/freeCodeCamp#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• ffbe90b chore(travis): run sharded tests in travis as well
• 9bef6e7 feat(core): update to mongodb-core v3.1.11
• e4bb39e chore(release): 3.1.11
• 76c0130 chore(core): bump version of mongodb-core
• a3adb3f fix(bulk): fix error propagation in empty bulk.execute
• ec0e30e doc(change-streams): correct typo, add missing example
• 10ea992 chore(package): update lock file
• fcb3ec1 test(sharded): reduce some sharded errors
• d4eae97 test(sessions): undo hack for apm events in sessions tests
• 0eaca21 test(sessions): fixing broken session test
• 6790a74 test(sharding): fixing old sharding tests
• 98f0c68 test(sharded): fixing sharded operation test
• c6a9baa test(sessions): fixing session tests in sharded env
• 985f0e9 test(drop): fixing drop assertions for sharded tests

See the full diff

Package name: passport

The new version differs by 126 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request Remove coverage from tracking and add to ignore file freeCodeCamp/freeCodeCamp#900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• 17111d7 Add option to keep session data on logout.
• a349c2b Add option to keep session data.
• e69834e Add optional options to login and logout.
• 8825a9a Add tests.
• c1991cf Add tests.
• 294f22c Better session detection and exceptions.
• 80cc4e3 Add tests.
• 3001654 Add tests.
• b395106 Clean up tests.
• cfa8259 Add tests.
• ee0bf81 Add tests.
• cc7606c Add tests.
• 71c54f6 Add test.
• 88c1f1b Handle logout without session manager.

See the full diff

Package name: validator

The new version differs by 250 commits.

• 47ee5ad 13.7.0
• 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (Bonfire: Check for Palindromes freeCodeCamp/freeCodeCamp#1738)
• 45901ec Merge pull request Fixed #1848 freeCodeCamp/freeCodeCamp#1851 from validatorjs/chore/fix-merge-conflicts
• 83cb7f8 chore: merge conflict clean-up
• f17e220 feat(isMobilePhone): add El Salvador es-SV locale
• 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
• a3faa83 feat(isMobilePhone): add Botswana en-BW locale
• 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
• 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
• f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
• 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
• ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (misleading comments freeCodeCamp/freeCodeCamp#1846)
• c96d805 feat(isMobilePhone): add Maldives dv-MV locale
• 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
• fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (News item missing and yet not mising freeCodeCamp/freeCodeCamp#1770)
• 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (misleading comments freeCodeCamp/freeCodeCamp#1846)
• af2b43c feat(isUUID): add support for validation of version v1 and v2 (Extra ">" at end of example freeCodeCamp/freeCodeCamp#1848)
• 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (adds projecttalk messageboard freeCodeCamp/freeCodeCamp#1836)
• f2381e0 feat: (isMobilePhone): add Cameroon fr-CM locale (Bonfire: Meet Bonefire - Unable to run code to submit freeCodeCamp/freeCodeCamp#1772)
• 5773869 feat(isVAT): add dutch NL locale (can't go to next challenge freeCodeCamp/freeCodeCamp#1825)
• de1cb29 fix: Russian passport number regex (Had already solved this challenge before update and now same answer won't work freeCodeCamp/freeCodeCamp#1810)
• 7bee611 add CDN use option with unpkg (Incorrect text freeCodeCamp/freeCodeCamp#1844)
• 57cc14e feat(isIdentityCard): add finnish locale (Filter Arrays with filter - contradicting assignment and assert freeCodeCamp/freeCodeCamp#1838)
• 2201869 feat: added finnish locale to isAlpha and isAlphanumeric (Hex code is wrong freeCodeCamp/freeCodeCamp#1837)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Filter Bypass
🦉 More lessons are available in Snyk Learn