[Snyk] Fix for 11 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • webapp/package.json
  • webapp/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	Non-Constant Time String Comparison npm:cookie-signature:20160804	Yes	No Known Exploit
	Cross-site Scripting (XSS) npm:express:20140912	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	Denial of Service (DoS) npm:qs:20140806	Yes	No Known Exploit
	Denial of Service (DoS) npm:qs:20140806-1	Yes	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	Directory Traversal npm:send:20140912	Yes	No Known Exploit
	Root Path Disclosure npm:send:20151103	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:uglify-js:20151024	Yes	No Known Exploit

Commit messages

Package name: clean-css-brunch

The new version differs by 32 commits.

• 9991b41 Release 3.0.0.
• 0813fc5 Reorganize package.
• a25dbde Merge pull request NPM install fails in cointrol/webapp jkbrzt/cointrol#22 from minghz/master
• e3b6269 Reverting mocha version update
• 7926eb1 Shouldn't have commited the lock file
• e25b941 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #1 from minghz/update_dependencies
• 5dec816 Bump version
• d30e1c7 Fix security vulnerabilities from old dependencies
• 3517524 Release 2.10.0.
• a012b48 Refactor tests (Needs some updating jkbrzt/cointrol#21)
• c1728c8 Use eslint-config-brunch (ImportError: No module named 'exchange' jkbrzt/cointrol#19)
• 0369e48 Use latest Node.js in Travis (Error: install npm  jkbrzt/cointrol#20)
• 6e83584 Rewrite examples in CoffeeScript to JS (Cointrol Trader error jkbrzt/cointrol#18)
• 6ef25cf Link to CleanCSS repo API options (Django DecimalField scientific notation problem jkbrzt/cointrol#17)
• 69a58ec Fix Plugins: Replace npm i —save with —save-dev brunch/brunch#1486 (add support for bitfinex jkbrzt/cointrol#16)
• d33089b Merge pull request sample strategie jkbrzt/cointrol#14 from brunch/eslint2
• 62f5220 Update ESLint to 2.1.0
• 3fc3d30 Add travis.
• d3162c3 Tildify dep versions
• 4ce8f45 Release 2.0.0.
• 622eec7 Merge pull request Ripple Trading jkbrzt/cointrol#13 from brunch/update-iface-2.0
• 0d56ff1 Update interface to 2.0
• d9fab60 Release 1.8.0
• 82742cd Remove incorrect/unneeded main property

See the full diff

Package name: uglify-js-brunch

The new version differs by 5 commits.

• 6e3a4b2 Release 2.0.1.
• 52b32b2 Update uglify.
• 8edd66b Release 2.0.0.
• 01fb350 Merge pull request Bump django from 1.11.6 to 2.2.24 in /cointrol/conf jkbrzt/cointrol#29 from hellyeahllc/update-iface-2.0
• 89424de Update interface to 2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic