[Snyk] Fix for 23 vulnerabilities

[susanstdemos]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 103 commits.

• a0fbd50 8.0.2
• 2004b91 require correct deps
• fa56d21 Always use unpad (Challenge http://www.freecodecamp.com/challenges/waypoint-line-up-form-elements-responsively-with-bootstrap has an issue  freeCodeCamp/freeCodeCamp#535)
• 295091d Allow ^ version for babel dependencies (Challenge http://www.freecodecamp.com/challenges/waypoint-wrap-an-anchor-element-within-a-paragraph has an issue  freeCodeCamp/freeCodeCamp#534)
• d3b8519 fix(package): update babylon to version 7.0.0-beta.31 (Challenge http://www.freecodecamp.com/challenges/waypoint-link-to-external-pages-with-anchor-elements has an issue  freeCodeCamp/freeCodeCamp#533)
• 54ab4ac 8.0.1
• c1a7882 Update README.md support (Challenge http://www.freecodecamp.com/challenges/waypoint-add-font-awesome-icons-all-of-our-buttons has an issue  freeCodeCamp/freeCodeCamp#531) [skip ci]
• 51100c9 chore(package): update mocha to version 4.0.0 (Challenge http://www.freecodecamp.com/challenges/waypoint-turn-an-image-into-a-link has an issue  freeCodeCamp/freeCodeCamp#524)
• 5742b71 Adding optionalCatchBinding to plugins. (The #help channel on Slack has become useless freeCodeCamp/freeCodeCamp#521)
• 905887c 8.0.0
• 49493e4 update to beta.0
• 42d0c5b Remove already fixed workaround (Challenge http://www.freecodecamp.com/challenges/waypoint-create-a-text-field has an issue  freeCodeCamp/freeCodeCamp#508)
• 25bd208 8.0.0-alpha.17
• 1468905 alpha.17
• 57c133e 8.0.0-alpha.15
• 1e41162 update (Challenge http://www.freecodecamp.com/challenges/waypoint-line-up-form-elements-responsively-with-bootstrap has an issue  freeCodeCamp/freeCodeCamp#504)
• c31b577 Readme update usage section (Challenge http://www.freecodecamp.com/challenges/waypoint-mobile-responsive-images has an issue  freeCodeCamp/freeCodeCamp#501) [skip ci]
• c2626f9 Update eslint to the latest version 🚀 (Challenge http://www.freecodecamp.com/challenges/waypoint-create-a-text-field has an issue  freeCodeCamp/freeCodeCamp#500)
• 3c6b2de chore(package): update husky to version 0.14.0 (Go to my next challenge button not working. freeCodeCamp/freeCodeCamp#498)
• e052d5a Update install instructions to use latest stable release (Challenge http://www.freecodecamp.com/challenges/waypoint-add-images-to-your-website has an issue  freeCodeCamp/freeCodeCamp#497) [skip ci]
• 8e3e088 8.0.0-alpha.13
• f757e22 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-add-images-to-your-website has an issue  freeCodeCamp/freeCodeCamp#493 from danez/regression-test
• 5736be6 Update babylon
• 37f9242 Add Prettier (Challenge http://www.freecodecamp.com/challenges/waypoint-turn-an-image-into-a-link has an issue  freeCodeCamp/freeCodeCamp#491)

See the full diff

Package name: cheerio

The new version differs by 18 commits.

• 35c4917 Release 0.21.0
• 1d2e8a7 Return undefined in .prop if given an invalid element or tag (Cannot read property 'length' of null freeCodeCamp/freeCodeCamp#880)
• df55c93 Merge pull request Mistake in the action description. freeCodeCamp/freeCodeCamp#884 from cheeriojs/readme-cleanup
• bbceb09 readme updates
• 010b718 Merge pull request Make a person Issues freeCodeCamp/freeCodeCamp#881 from piamancini/patch-1
• 4997e70 Added backers and sponsors from OpenCollective
• 4ccb41b Use jQuery from the jquery module in benchmarks (First box unchecked at html waypoint 38 freeCodeCamp/freeCodeCamp#871)
• 54359c9 Document, test, and extend static `$.text` method (Removed aarmy example from descr and changed the test for it to passing freeCodeCamp/freeCodeCamp#855)
• c6612f3 Fix typo on calling _.extend (no semi colon after border radius = completion (percent) freeCodeCamp/freeCodeCamp#861)
• ed60b34 0.21.0
• 79d4e5e Update versions (Update incorrect (older) reference to "Field Guide" freeCodeCamp/freeCodeCamp#870)
• e7d18af Use individual lodash functions (If a class is in a UL reports no ending UL bracket freeCodeCamp/freeCodeCamp#864)
• e65ad72 Added `.serialize()` support. Fixes [Snyk] Security upgrade loopback from 2.42.0 to 3.28.0 #69 (Dead 'X' button for the bug and help dialog boxes for Waypoint lessons freeCodeCamp/freeCodeCamp#827)
• df39f33 Update Readme.md (Bonfire Falsey Bouncer freeCodeCamp/freeCodeCamp#857)
• 7b59afb add extension for JSON require call
• d0551dc remove gittask badge
• f500197 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-clockwise-notation-to-specify-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#672 from underdogio/dev/checkbox.radio.values.sqwished
• 046071a Added default value for checkboxes/radios

See the full diff

Package name: eslint

The new version differs by 250 commits.

• ff8c4bb 4.5.0
• 480bbee Build: changelog update for 4.5.0
• decdd2c Update: allow arbitrary nodes to be ignored in `indent` (fixes Filter Arrays with .filter - Incorrect test freeCodeCamp/freeCodeCamp#8594) (Fix/Link to External Pages with Anchor Elements freeCodeCamp/freeCodeCamp#9105)
• 79062f3 Update: fix indentation of multiline `new.target` expressions ("url" Needs to be Capitalized in Challenge freeCodeCamp/freeCodeCamp#9116)
• d00e24f Upgrade: `chalk` to 2.x release (After submitting a challenge, remove its code from browser's local storage freeCodeCamp/freeCodeCamp#9115)
• 6ef734a Docs: add missing word in processor documentation (Duplicate #target5 button in the left-well freeCodeCamp/freeCodeCamp#9106)
• a4f53ba Fix: Include files with no messages in junit results (Dropbox  freeCodeCamp/freeCodeCamp#9093) (update pull request template with convenient way to test freeCodeCamp/freeCodeCamp#9094)
• 1d6a9c0 Chore: enable eslint-plugin/test-case-shorthand-strings (it does not accept the font size .. zoom is at 100% freeCodeCamp/freeCodeCamp#9067)
• f8add8f Fix: don't autofix with linter.verifyAndFix when `fix: false` is used (Fixed 'Write Reusable JavaScript with Functions' head and tail freeCodeCamp/freeCodeCamp#9098)
• 77bcee4 Docs: update instructions for adding TSC members (Fix/Prefilter JSON freeCodeCamp/freeCodeCamp#9086)
• bd09cd5 Update: avoid requiring NaN spaces of indentation (fixes Remove jobs from routes freeCodeCamp/freeCodeCamp#9083) (Setting up FreeCodeCamp for Windows freeCodeCamp/freeCodeCamp#9085)
• c93a853 Chore: Remove extra space in blogpost template (Change of Title for Mutations Challenge freeCodeCamp/freeCodeCamp#9088)
• 0d9da6d 4.4.1
• 1ea9a6c Build: changelog update for 4.4.1
• ec93614 Fix: no-multi-spaces to avoid reporting consecutive tabs (fixes Weather App Location issue freeCodeCamp/freeCodeCamp#9079) (Use Conditional Logic with If Statements freeCodeCamp/freeCodeCamp#9087)
• a113cd3 4.4.0
• 181bd46 Build: changelog update for 4.4.0
• 89196fd Upgrade: Espree to 3.5.0 (Update react-youtube to version 7.0.0 🚀 freeCodeCamp/freeCodeCamp#9074)
• b3e4598 Fix: clarify AST and don't use `node.start`/`node.end` (fixes Freecodecamp site not recognizing remainder operator (%) on Windows 8.1 or iPad Air 2, both chrome browsers freeCodeCamp/freeCodeCamp#8956) (Add another test to the Chunky Money challenge freeCodeCamp/freeCodeCamp#8984)
• 62911e4 Update: Add ImportDeclaration option to indent rule (Record Collection challenge has incorrect JSON syntax freeCodeCamp/freeCodeCamp#8955)
• de75f9b Chore: enable object-curly-newline & object-property-newline.(fixes Record Collection Issue freeCodeCamp/freeCodeCamp#9042) (Access Array Data with Indexes problem needs a little tweak freeCodeCamp/freeCodeCamp#9068)
• 5ae8458 Docs: fix typo in object-shorthand.md (Can't pass adding padding to Each of a Element freeCodeCamp/freeCodeCamp#9066)
• c3d5b39 Docs: clarify options descriptions (fixes Error in starting local instance of FCC freeCodeCamp/freeCodeCamp#8875) (Extra gap in button group on iPhone freeCodeCamp/freeCodeCamp#9060)
• 37158c5 Docs: clarified behavior of globalReturn option (fixes Update tests for Manipulate Arrays With pop challenge. freeCodeCamp/freeCodeCamp#8953) (Chunky Monkey: I'm returning the given solution but not solving the problem freeCodeCamp/freeCodeCamp#9058)

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (errors on waypoint-comment-your-javascript-code freeCodeCamp/freeCodeCamp#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (typo mistake. #111111 is dark grey, not light grey freeCodeCamp/freeCodeCamp#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Onboarding freeCodeCamp/freeCodeCamp#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Text "[object Object]" found on the Learning Map freeCodeCamp/freeCodeCamp#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Beta: Waypoint: Modify Array Data With Indexes freeCodeCamp/freeCodeCamp#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (spam freeCodeCamp/freeCodeCamp#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Fix for #1644 freeCodeCamp/freeCodeCamp#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Beta: Waypoint: Use Hex Code for Specific Colors - wording on 2nd checkpoint freeCodeCamp/freeCodeCamp#1609)

See the full diff

Package name: gulp-babel

The new version differs by 4 commits.

• 8e6fa78 7.0.0
• 8afcd30 make babel-core a peerDep, similar to babel-loader ([Snyk] Fix for 1 vulnerabilities #122)
• 744f633 7.0.0-alpha.18
• 21bf286 Babel 7 alpha ([Snyk] Security upgrade sanitize-html from 1.27.5 to 2.12.1 #112)

See the full diff

Package name: gulp-eslint

The new version differs by 25 commits.

• 1d79ed0 4.0.1
• 8f7e966 replace all HTTP protocols with HTTPS
• b48a04a remove deprecated gulp-util dependency (User password hash in Stories freeCodeCamp/freeCodeCamp#213)
• 35eae57 update devDependencies (Feature: Board to find people to live pair with freeCodeCamp/freeCodeCamp#207)
• 47bd269 use npx to simplify after_script
• 29dbab5 inherit autofix-related props even if `quiet` option is enabled
• a398838 4.0.0
• 18a4299 emit an error when it fails to load an ESLint plugin
• b8bf261 update ESLint from v3 to v4 (Fixed bonfire selected tab bug freeCodeCamp/freeCodeCamp#198)
• c0e82ce use `Buffer.from` instead of `new Buffer`
• e6c67a2 drop support for linting `Stream` contents
• 132d5cc Fix formatting issues in README.md (After completing a challenge all points from bonefires are removed freeCodeCamp/freeCodeCamp#194)
• 7f65378 remove link to config file `globals` doc
• 8ddfb84 correct the type of `globals` option in README
• 6059c22 3.0.1
• b0c2816 ensure sharable config works
• 08b9212 test the case where babel-eslint is actually useful
• eb98701 mock stream-mode vinyl files with from2-string
• bcd7736 fix invalid `envs` option
• 286b0c4 remove unused fixtures
• e2723e1 Remove unnecessary `object-assign` dependency
• 82c1949 3.0.0
• 97d8638 Remove invalid options in example code
• 505779d Remove option aliases

See the full diff

Package name: gulp-less

The new version differs by 2 commits.

• 7d9df97 4.0.0
• cde149b Update accord to support [email protected] - closes Bonfire Challenges freeCodeCamp/freeCodeCamp#269

See the full diff

Package name: gulp-notify

The new version differs by 25 commits.

• 398d0a4 v3.1.0
• fc51ff2 Merge pull request [Snyk] Security upgrade gulp-notify from 2.2.0 to 5.0.0 #124 from ohbarye/replace-gulp-util
• 46efdc6 Move vinyl to devDependencies
• 173fcb0 Use ansi-colors instead of chalk due to node version compatibility
• 1e8c372 Remove unused through import
• 3284a51 Drop dependency on deprecated gulp-util
• 455250c npm install chalk fancy-log plugin-error lodash.template vinyl
• 658efc5 v3.0.0
• b1ba7a2 Adds changelog for bump with node-notifier
• 7d6944e Updates all dependencies
• 08244ea Adds log files to ignore
• 8df5320 Bumps node-notifier dependency to latest
• 507e21f Merge pull request [Snyk] Fix for 2 vulnerabilities #105 from queicherius/patch-1
• f32b692 Update node-notifier dependency
• f5d3f46 Merge pull request [Snyk] Security upgrade cheerio from 0.20.0 to 0.22.0 #103 from Toby-S/patch-1
• bbcc4d1 Correct indent_style in .editorconfig
• c0d7501 Update README.md
• 21eed88 Update README.md
• 084f6a1 Adds support for overriding host/port/appname onError. Fixes [Snyk] Security upgrade yargs from 4.8.1 to 7.0.0 #91
• e45ef63 Merge pull request [Snyk] Fix for 1 vulnerabilities #85 from stevelacy/patch-1
• ef56795 Update license attribute
• 80a4c0d Merge pull request [Snyk] Fix for 1 vulnerabilities #72 from dhruska/master
• 0783a5c Typo fix in README
• b4e95ec Merge pull request [Snyk] Fix for 2 vulnerabilities #71 from Andorbal/master

See the full diff

Package name: gulp-rev

The new version differs by 21 commits.

• bb3a3fd 8.1.1
• e46406b Replace gulp-util with smaller modules (codemirror initial value should come from bonifre freeCodeCamp/freeCodeCamp#237)
• 6c9bcac Remove Code Sponsor
• fe0c551 8.1.0
• 47ffbe0 Bump `rev-path`
• fc74b5b Try out Code Sponsor
• cdf63fa Pass resolved, absolute paths to relPath() (fix bug in server side checking for username, closes #219 freeCodeCamp/freeCodeCamp#220) (fullUser fixes freeCodeCamp/freeCodeCamp#222)
• 567c340 Update readme.md (Unknown Windows/connect-mongo bug freeCodeCamp/freeCodeCamp#224)
• 898dffc 8.0.0
• d290ff8 Meta tweaks
• a89f0df Make tests independent of platform specific path separator (Account page doesn't enforce unique username freeCodeCamp/freeCodeCamp#219) (unblock the cdn paths that firefox over-vigilantly blocked freeCodeCamp/freeCodeCamp#221)
• 71a0377 Add a note about non-deterministic streams order (User password hash in Stories freeCodeCamp/freeCodeCamp#213)
• f5ee9ee Meta tweaks
• 731be70 Move list of maintainers into the readme for visibility
• 192a075 Meta tweaks
• 7acdb13 Move tests from Mocha to AVA (Bug with email login freeCodeCamp/freeCodeCamp#212)
• 82c185c More realistic example (There should be a resource section where all sites that have been listed in challenges should be there in alphabetical order freeCodeCamp/freeCodeCamp#203)
• 02fbeba add XO badge
• 8686e62 [breaking] ES2015ify and require Node.js 4
• ed53cef meta tweaks
• 17d6bb4 docs: change number of approaches (Selecting text and tab indenting it freeCodeCamp/freeCodeCamp#196)

See the full diff

Package name: gulp-uglify

The new version differs by 9 commits.

• e4f9045 2.0.0
• 566ec6a refactor(tests): write tests with mocha
• 5651111 refactor(tests): replace `cmem` with `testdouble`
• b82387b refactor(tests): compose streams with `mississippi` utilities
• 1232c3c fix(errors): emit errors of type `GulpUglifyError`
• 5632cee fix(minifer): use `gulplog` for the warning
• 8160697 feat(minifier): use UglifyJS 2.7.0's input map support
• 3ec8fc3 chore(package): update uglify-js to version 2.7.0
• a9c55b9 doc(README): spelling mistake in example

See the full diff

Package name: less

The new version differs by 250 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 (Falsy Bouncer not passing freeCodeCamp/freeCodeCamp#3540)
• d5aa9d1 Fixes Labels for issues freeCodeCamp/freeCodeCamp#3371 Allow conditional evaluation of function args (fix search results formatting for mobile and desktop camper news freeCodeCamp/freeCodeCamp#3532)
• a722237 Remove lib folder from git (Last test of palindrome has typos, which causes incorrect answer.  freeCodeCamp/freeCodeCamp#3531)
• e0f5c1a Move changelog to root (add facebook sharing to map on completed challenges freeCodeCamp/freeCodeCamp#3530)
• f7bdce7 Duplicate dist files in root for older links (Confusing Wording on Bonfire: Diff Two Arrays freeCodeCamp/freeCodeCamp#3529)
• 0925cf1 Test-data module (intermediate pull freeCodeCamp/freeCodeCamp#3525)
• 51fb02b Fixes Edit last test case for Bonfire: Where art thou freeCodeCamp/freeCodeCamp#3504 / organizes tests (Problem in Waypoint #4 in the jQuery track freeCodeCamp/freeCodeCamp#3523)
• efb76ec Restore nuked scripts (?), replace dependencies (Add beginnings of webcomponent and polymer challenges freeCodeCamp/freeCodeCamp#3501) (supriyantomaftuh freeCodeCamp/freeCodeCamp#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling (update the tshirt campaign text freeCodeCamp/freeCodeCamp#3521)
• a3641e4 Resolve Add russian translation for the intermediate-ziplines. freeCodeCamp/freeCodeCamp#3398 Add flag to disable sourcemap url annotation (fix tshirt version 2 not submitting properly bug freeCodeCamp/freeCodeCamp#3517)
• e018ba8 fix(fixes 'only 11 lines' issue freeCodeCamp/freeCodeCamp#3294): use loadFileSync when loading plugins with syncImport: true (-SOLVED- disappearing check list freeCodeCamp/freeCodeCamp#3506)
• 95b9007 Update changelog
• 6238bbc Fixes use proper formating freeCodeCamp/freeCodeCamp#3508 (Pass even if it's not correct freeCodeCamp/freeCodeCamp#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager (The page's elements are getting displayed twice on the iPhone screen to the right. freeCodeCamp/freeCodeCamp#3498)
• 0f271f3 issue#3481 ignore missing debugInfo (the Check for Palindromes does not pass v3 freeCodeCamp/freeCodeCamp#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment (Code works, won't pass. Firefox, works on chrome freeCodeCamp/freeCodeCamp#3494)
• 0715d90 fix: Use make-dir instead of mkdirp (Palindrome Challenge (Returns correct boolean value but won't mark them as passed). freeCodeCamp/freeCodeCamp#3490)
• 2634494 Properly exit calc mode after use (Bad solution to the problem- sloppy code passes, but simple clear code doesn't freeCodeCamp/freeCodeCamp#3493)
• 096dd22 Convert to auto-changelog (fix prevent redirect to /news/hot freeCodeCamp/freeCodeCamp#3477)
• 842386b Fixes Create the “step-by-step” style challenge view to replace our video challenges freeCodeCamp/freeCodeCamp#3469 - Include tslib dependency (fix only allow redirects on whitelist freeCodeCamp/freeCodeCamp#3475)
• 1adaadb 3.11.0 (rewrite and simplify explanation of For Loops freeCodeCamp/freeCodeCamp#3468)

See the full diff

Package name: loopback

The new version differs by 250 commits.

• 7d93b27 3.20.0
• 5a87f8d Merge pull request Bonfire: Chunky Monkey code is not being executed freeCodeCamp/freeCodeCamp#3911 from strongloop/update-strong-globalize
• f17346b Update strong-globalize to 4.x
• 995c14e Merge pull request typo freeCodeCamp/freeCodeCamp#3585 from mitsos1os/nodemailer-update
• 83fc62c Update nodemailer to v4.x
• 58090b4 Merge pull request fix signin button to use signin instead of login for path freeCodeCamp/freeCodeCamp#3908 from strongloop/drop-node-4x
• ec46c45 Drop support for Node.js 4.x
• 85aa3fd 3.19.3
• 8c4c91a Merge pull request Waypoint: Add Borders Around your Elements freeCodeCamp/freeCodeCamp#3904 from itaditya/patch-1
• cf5b78f Provide link to CODEOWNERS
• c6d8565 Merge pull request Stylistic change: Waypoint: Use jQuery to Modify the Entire Page freeCodeCamp/freeCodeCamp#3896 from wolrajhti/patch-2
• cc4fc21 fix bug in User.verify when confirm is disabled
• eb3301a Merge pull request Suggested addition to "Waypoint: Construct JavaScript Objects with Functions" freeCodeCamp/freeCodeCamp#3899 from strongloop/add-node-10
• 36ef35d Enable Node.js 10.x on Travis CI
• 59b1409 3.19.2
• c2077df Merge pull request Move time text out of icon element on map page freeCodeCamp/freeCodeCamp#3779 from nitro404/hotfix/case-insensitive-user-email
• b2bc449 Add check for undefined user email in setter
• 3e3092c 3.19.1
• 07e7592 Merge pull request Bonfire: Falsy Bouncer freeCodeCamp/freeCodeCamp#3883 from strongloop/fix/principal-type-polymorphic-user
• 2aead13 Fix isOwner() bug in multiple-principal setup
• df70f83 3.19.0
• 7a148ca Merge pull request Re-enable linting freeCodeCamp/freeCodeCamp#3858 from strongloop/feature/remove-model
• 0cd380c feat: remove all references to a Model
• 77a3523 3.18.3

See the full diff

Package name: nodemailer

The new version differs by 4 commits.

• eaef3b5 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-try-camper-news has an issue  freeCodeCamp/freeCodeCamp#719 from nodemailer/v3.0.0
• de5b6f6 updated license
• 652ad8e Do not use PRO in name
• 6218b8d Setup files for EUPL licensed v3.0.0

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request alert showing h2 should be blue though it's already blue in style attribute freeCodeCamp/freeCodeCamp#3988 from malstoun/bug/2664
• 260e413 Merge pull request fix typo and add comma freeCodeCamp/freeCodeCamp#3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request Allude to 'this' keyword as suggested by @ParkinT freeCodeCamp/freeCodeCamp#3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request red text freeCodeCamp/freeCodeCamp#3977 from malstoun/bug/2664
• fc1a43b Merge pull request Users Should Be Alerted That Only Chrome is Supported freeCodeCamp/freeCodeCamp#3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request Fix Waypoint Get JSON Tests and Typo freeCodeCamp/freeCodeCamp#3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request Fix Waypoint Count Backwards Seed Code freeCodeCamp/freeCodeCamp#3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request Fix Get JSON challenge text & quote specificity  freeCodeCamp/freeCodeCamp#3969 from webpack/bugfix/issue-3964

See the full diff

Package name: webpack-stream

The new version differs by 30 commits.

• 7aa049a v4.0.1
• 5b92d84 Update copyright year
• 0859da6 Updating deps
• 8bb72bc Merge pull request Style codemirror text area to match codemirror area freeCodeCamp/freeCodeCamp#176 from demurgos/issue-175
• c94ad9c Drop dependency on deprecated `gulp-util`
• 38445b1 Remove node 0.10 and add latest node version
• b445690 v4.0.0
• 69ee9e0 Last of the manual release history
• d327ac7 Test on more travis versions
• eca18b1 Merge branch 'master' of github.com:shama/webpack-stream
• 6ec5dcf Merge pull request Clean up comment CSS freeCodeCamp/freeCodeCamp#155 from sirlancelot/patch/update-dependencies
• 59b734a Update backwards compat deps to latest
• 711fd52 Merge branch 'master' of github.com:shama/webpack-stream
• ab27f87 Merge pull request refactor uncompletedBonfires and uncompletedCoursewares to reference a list external to the user object instead of storing on the user object freeCodeCamp/freeCodeCamp#129 from renaesop/master
• 5f76f26 Merge pull request [Snyk] Fix for 1 vulnerabilities #123 from Simek/patch-1
• 0743db0 Merge pull request Add jsx/bundle task to gulp file freeCodeCamp/freeCodeCamp#140 from logicrebel/peetersdiet-readme-multi-compiler
• 7121ea1 Merge pull request Create a Comment model freeCodeCamp/freeCodeCamp#143 from FrancescElies/patch-1
• 1d90268 Update copyright year
• ad685b7 Merge pull request Show all coursewares not showing the HTML and JS coursewares freeCodeCamp/freeCodeCamp#137 from renminghao/master
• 25b953b Merge pull request Get Gulpfile working with Loopback freeCodeCamp/freeCodeCamp#126 from jeroennoten/patch-1
• 2e35808 Fix lint warning
• 096119b Add Webpack to devDependencies; fix tests
• 2f5009c Update dependencies
• 6d1cb17 Move Webpack out of dependencies

See the full diff

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 [Prototyp...