[Snyk] Fix for 17 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	SQL Injection SNYK-JS-LOOPBACKCONNECTORMONGODB-73555	Yes	No Known Exploit
	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	Yes	No Known Exploit
	Prototype Pollution npm:hoek:20180212	Yes	No Known Exploit
	Timing Attack npm:http-signature:20150122	Yes	No Known Exploit
	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept
	Cross-site Scripting (XSS) npm:validator:20150313	No	No Known Exploit
	Buffer Overflow npm:validator:20160218	No	No Known Exploit

Commit messages

Package name: connect-mongo

The new version differs by 217 commits.

• 63ca966 docs: update readme and bump version to 3.0.0
• aceb1ee chore: bump version to 3.0.0-rc.2
• 0e4a234 test: add test cases on event listener
• e77a7f1 test: replace mocha with jest (Seed data bug in ux-improvements for start-a-node.js-server challenge freeCodeCamp/freeCodeCamp#324)
• ad39e88 test: replace deprecated collection.insert to collection.insertOne
• 545c06e docs: update README on testing
• 2d5442e chore: upgrade depns mocha
• 5d3a321 chore: upgrade nyc depns
• 54cd91d chore: upgrade depns
• afb7a12 docs: remove some badges
• 6c2484b docs: update README for supporting version
• c925c92 test: fix test case
• 6827330 chore: bump version to 3.0.0-rc.1
• f62692b ci: update .npmignore
• aa2637d ci: remove node 6 support and add linting in travis
• 801291b fix linting error
• f928547 travis add test on Node 12
• 12275f0 better linting
• eb23b1e linting fix
• 66194c7 bump major version to 3.0.0-rc
• f29084f Wait for client open, before calling db. (Username LMWBXR can only log after resetting password freeCodeCamp/freeCodeCamp#321)
• d252bfc Install Stale bot
• 15d91c1 Transparent crypto support (Merge UX-improvements and nonprofit-show into master freeCodeCamp/freeCodeCamp#314)
• 08ccada Update readme refer to latest release to avoid confusion

See the full diff

Package name: errorhandler

The new version differs by 37 commits.

• c41e9aa 1.4.3
• ffce329 build: [email protected]
• 90a8777 build: [email protected]
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: [email protected]
• fdeb13c build: [email protected]
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: [email protected]
• 5ee62b7 deps: [email protected]
• 1e89ae7 build: [email protected]
• ef1e8f1 build: [email protected]
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: [email protected]
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: eslint

The new version differs by 250 commits.

• c61194f 4.0.0
• 821a1e6 Build: changelog update for 4.0.0
• 4aefb49 Chore: avoid using deprecated rules on ESLint codebase (fix forum links in navbars freeCodeCamp/freeCodeCamp#8708)
• 389feba Chore: upgrade deps. (Need a 24/7 Twitch streamer, for testing "online" filter freeCodeCamp/freeCodeCamp#8684)
• 3da7b5e Fix: Semi-Style only check for comments when tokens exist (fixes I need help on my css freeCodeCamp/freeCodeCamp#8696) (Basic Algorith Scripting: Seek and Destroy freeCodeCamp/freeCodeCamp#8697)
• 3cfe9ee Fix: Add space between async and param on fix (fixes num >= 20 - return "Huge" instruction are not correct, to pass it should be num < 20 - return "Huge" freeCodeCamp/freeCodeCamp#8682) (Allowed to pass Get Geolocation Data waypoint, but no prompt appears freeCodeCamp/freeCodeCamp#8693)
• c702858 Chore: enable no-multiple-empty-lines on ESLint codebase (Update gulp-tape to version 0.0.9 🚀 freeCodeCamp/freeCodeCamp#8694)
• 34c4020 Update: Add support for parens on left side for-loops (fixes: console.log & alert not working with me in any challenge. freeCodeCamp/freeCodeCamp#8393) (Updates link to report bugs freeCodeCamp/freeCodeCamp#8679)
• 735cd09 Docs: Correct the comment in an example for `no-mixed-requires` (Patch 1 freeCodeCamp/freeCodeCamp#8686)
• 026f048 Chore: remove dead code from prefer-const (Issues with git-it freeCodeCamp/freeCodeCamp#8683)
• a8e1c1c 4.0.0-rc.0
• 1768dc0 Build: changelog update for 4.0.0-rc.0
• 0058b0f Update: add --fix to no-debugger (Georgian translation "Getting Started" freeCodeCamp/freeCodeCamp#8660)
• b4daa22 Docs: Note to --fix option for strict rule (The later challenges in learnyounode (challenge 10 onwards) do not work on C9 due to port restrictions.  freeCodeCamp/freeCodeCamp#8680)
• 4df33e7 Chore: check for root:true in project sooner (fixes "++" operator not recognized in pre-increment position, (++myVar) freeCodeCamp/freeCodeCamp#8561) (Bug in challenge: Create a Text Field  freeCodeCamp/freeCodeCamp#8638)
• c9b980c Build: Add Node 8 on travis (Add greeting text in Georgian freeCodeCamp/freeCodeCamp#8669)
• 9524833 Fix: Don't check object destructing in integer property (fixes Everyone around me can be happy. freeCodeCamp/freeCodeCamp#8654) (Exact change - insufficient funds? freeCodeCamp/freeCodeCamp#8657)
• c4ac969 Update: fix parenthesized ternary expression indentation (fixes Facebook campsite group link is very hard to find freeCodeCamp/freeCodeCamp#8637) (Fixed wrong facebook local campsite group link freeCodeCamp/freeCodeCamp#8649)
• 4f2f9fc Build: update license checker to allow LGPL (fixes Fix/line break freeCodeCamp/freeCodeCamp#8647) (Fix Generate Random Whole Numbers with JavaScript freeCodeCamp/freeCodeCamp#8652)
• b0c83bd Docs: suggest pushing new commits to a PR instead of amending (Code Portfolio - UI/UX issues freeCodeCamp/freeCodeCamp#8632)
• d0e9fd2 Fix: Config merge to correctly account for extends (fixes Hotkey to focus on code window freeCodeCamp/freeCodeCamp#8193) (Bug Found freeCodeCamp/freeCodeCamp#8636)
• 705d88f Docs: Update CLA link on Pull Requests page (Fixed grammatical error in Manipulate Arrays with push freeCodeCamp/freeCodeCamp#8642)
• 794d4d6 Docs: missing paren on readme (Add missing 'connect' in the production-start.js error handler freeCodeCamp/freeCodeCamp#8640)
• 7ebd9d6 New: array-element-newline rule (fixes Update how to deal with /data/db not found freeCodeCamp/freeCodeCamp#6075) ("Where do I Belong" not accepting answer that passes all test cases freeCodeCamp/freeCodeCamp#8375)

See the full diff

Package name: express-validator

The new version differs by 144 commits.

• 69a4ce7 Update changelog.
• 54156e1 Upgrade to 2.20.4 to update validator to v5
• e9911ba Merge pull request Update bonfire name url freeCodeCamp/freeCodeCamp#231 from ctavan/extend_validator_to_coerce_strings
• 4fe80ec Update node-validator to v5 and restore automatic string coercion.
• bfd9502 Update changelog.
• 0fafa68 Upgrade to 2.20.3
• 3ab8150 Merge pull request unblock the cdn paths that firefox over-vigilantly blocked freeCodeCamp/freeCodeCamp#221 from ctavan/fix_bluebird_reflect
• 7884efc Convert promises to Bluebird promises in order to use reflect(). Should fix fix bug in server side checking for username, closes #219 freeCodeCamp/freeCodeCamp#220
• 659978a Update changelog
• a4a603b Upgrade to 2.20.2
• 73bcf5c Merge pull request Fix no user comment display freeCodeCamp/freeCodeCamp#217 from AuspeXeu/badge
• 57c309e Merge pull request Fix no user comment display freeCodeCamp/freeCodeCamp#215 from AuspeXeu/master
• 49803b9 Added comment to reference the fix
• 41add1b Added badge reflecting the dependency status
• 5c9e08c Upgraded bluebird
• 69d5cc6 Add npm version badge
• a5262c7 Upgrade changelog.
• 0f4d5f6 Upgrade to 2.20.1
• 0241908 Downgrade validator. An upgrade will require a major version bump since it doesn't automatically coerce non-strings to strings anymore: https://github.com/Migrate to ES6 validatorjs/validator.js#496
• e57acd2 Upgrade to 2.20.0
• 9073b5e Upgrade github-changes, lodash, and validator; update CHANGELOG.
• dca9911 Apply README fixes from 9b74fb4ffd4edce7268b9d1e9303829cdb8ae14e
• 4cc5ef8 Merge pull request Comment overflow in News fix freeCodeCamp/freeCodeCamp#208 from JaniszM/master
• 0385e61 Merge remote-tracking branch 'express-validator/master'

See the full diff

Package name: gulp-less

The new version differs by 2 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes Bonfire Challenges freeCodeCamp/freeCodeCamp#269

See the full diff

Package name: loopback-connector-mongodb

The new version differs by 112 commits.

• bdad30a 3.6.0
• 0f46f71 Merge pull request Can freeCodeCamp/freeCodeCamp#454 from strongloop/docs
• a2985e0 docs: update with security consideration section
• 4df3c63 Merge pull request Possible bug in Express waypoint freeCodeCamp/freeCodeCamp#452 from strongloop/sanitize
• ee24cd0 fix: sanitize query by default
• 99bca4b Merge pull request Unable to start app on local machine. freeCodeCamp/freeCodeCamp#450 from gendigbadig/master
• 2d2999e Merge pull request Maintaining Streak freeCodeCamp/freeCodeCamp#437 from HugoPoi/feature/settings-disable-default-sort
• 21618d8 change `count` to `countDocuments`
• dbccb86 add `useNewUrlParser` on validOptionNames
• 94e47e3 Dedicated Model for testing disableDefaultSort
• fe6ae0e Add disableDefaultSort in README
• b70fd28 Add settings disableDefaultSort for find method
• b79e263 3.5.0
• 43a0138 Merge pull request Bonfire improvements freeCodeCamp/freeCodeCamp#441 from strongloop/drop-node
• 3773a16 chore: drop node 4 and update deps
• 60aaecc Merge pull request Waypoints 38 & 39 404 Error freeCodeCamp/freeCodeCamp#443 from candytangnb/webfm-0629-000207-cs,pl,ru-translation
• 8e952a6 [WebFM] cs/pl/ru translation
• 205a3a3 3.4.4
• db63a31 Fields projection fix (Staging freeCodeCamp/freeCodeCamp#436)
• 3116da3 3.4.3
• ef92b90 Merge pull request add campwide meeting and fix user show points freeCodeCamp/freeCodeCamp#419 from strongloop/update-bson
• c4bf8d2 update bson version
• 47de5b1 3.4.2
• 780497d Merge pull request There should be consistent styling for Field Guide pages freeCodeCamp/freeCodeCamp#425 from strongloop/testci

See the full diff

Package name: request

The new version differs by 250 commits.

• 0ab5c36 2.82.0
• ffdf0d3 Updating deps.
• 4386836 Merge branch 'master' of github.com:request/request
• 1527407 Merge pull request Wiki request - How to get the MEAN stack running locally on OSX freeCodeCamp/freeCodeCamp#2703 from ryysud/add-nodejs-v8-to-travis
• 3afcbf8 Merge branch 'master' of github.com:request/request
• 479143d Update of hawk and qs to latest version (Disk limit quickly reached on c9 freeCodeCamp/freeCodeCamp#2751)
• 169be11 Add Node.js v8 to Travis CI
• 643c43a Fixed some text in README.md (Dont work this bonfire freeCodeCamp/freeCodeCamp#2658)
• e8fca51 chore(package): update aws-sign2 to version 0.7.0 (My code shakes odd numbers as well freeCodeCamp/freeCodeCamp#2635)
• e999203 Update README to simplify & update convenience methods (Unclear directions freeCodeCamp/freeCodeCamp#2641)
• 6f286c8 lint fix, PR from pre-standard was merged with passing tests
• a765593 Add convenience method for HTTP OPTIONS (Waypoint: Label Bootstrap Buttons freeCodeCamp/freeCodeCamp#2541)
• 52d6945 Add promise support section to README (Checkboxes have wrong info freeCodeCamp/freeCodeCamp#2605)
• b12a624 refactor(lint): replace eslint with standard (Check all children instead of just one in 'Target Children with jQuery' freeCodeCamp/freeCodeCamp#2579)
• 29a0b17 Merge pull request Added link about Roman Numeral to MDNLinks section. freeCodeCamp/freeCodeCamp#2598 from request/greenkeeper-codecov-2.0.2
• e7b4a88 Merge pull request Potentially faulty test case freeCodeCamp/freeCodeCamp#2590 from nicjansma/timings-tests
• dd5c02c Updated comment
• 087de94 Merge pull request Create indicator where learner/student is in the Map freeCodeCamp/freeCodeCamp#2589 from odykyi/fix-tabulation
• 3d5e50d Merge pull request Typo. PR closes #2592 freeCodeCamp/freeCodeCamp#2594 from ahmadnassri/patch-1
• 0951f47 chore(package): update codecov to version 2.0.2
• baf9c1f chore(dependencies): har-validator -> 5.0.2
• 21b1112 chore(dependencies): har-validator -> 5.0.1
• 51806f8 chore(dependencies): har-validator to 5.x [removes babel dep]
• c57fb72 2.81.1

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request alert showing h2 should be blue though it's already blue in style attribute freeCodeCamp/freeCodeCamp#3988 from malstoun/bug/2664
• 260e413 Merge pull request fix typo and add comma freeCodeCamp/freeCodeCamp#3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request Allude to 'this' keyword as suggested by @ParkinT freeCodeCamp/freeCodeCamp#3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request red text freeCodeCamp/freeCodeCamp#3977 from malstoun/bug/2664
• fc1a43b Merge pull request Users Should Be Alerted That Only Chrome is Supported freeCodeCamp/freeCodeCamp#3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request Fix Waypoint Get JSON Tests and Typo freeCodeCamp/freeCodeCamp#3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request Fix Waypoint Count Backwards Seed Code freeCodeCamp/freeCodeCamp#3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request Fix Get JSON challenge text & quote specificity  freeCodeCamp/freeCodeCamp#3969 from webpack/bugfix/issue-3964

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic