[Snyk] Fix for 15 vulnerabilities

[jcentino]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Signature Verification Bypass SNYK-JS-JWTSIMPLE-174523	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept
	424/1000 Why? Has a fix available, CVSS 4.2	Forgeable public/private tokens npm:jwt-simple:20160804	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: connect-assets

The new version differs by 50 commits.

• 0f1db01 Publish v5.2.2.
• 3d32fd4 updated packages
• 2b66161 Release version 5.2.1.
• c8c3bea Added more explanation for using compile option from the CLI.
• 263f1ac Release version 5.2.0.
• de0efc6 Updated changelog to include inline addition.
• 33d171a Updated readme to include inline variants.
• 06ac2b7 Refactored code to reuse helper instead of having a separate method for inline tag writers. Merged tests into helper.
• 6ef4eb6 Merge branch 'v5.2.0' into OOShoppingnl-feature/allow-for-inline-tags
• 434c0f3 Updated missed test to use bundle instead of build.
• eb5e5c0 Merge branch 'v5.2.0' into OOShoppingnl-feature/allow-for-inline-tags
• a571450 Merge branch 'feature/allow-for-inline-tags' of git://github.com/OOShoppingnl/connect-assets into OOShoppingnl-feature/allow-for-inline-tags
• 458fc81 Changed build option -> bundle option and using build option to control whether the assets are stored to disk, matching the original intent.
• 461857a Updated changelog.
• b0951f4 Updated all dependancies to the latest.
• 48778cb Release version 5.1.1.
• d39678b Fixed style from I can post a story/comment as another user freeCodeCamp/freeCodeCamp#327.
• 6a8bc12 Merge branch 'inukshuk-patch-1'
• ef19a36 Merge branch 'patch-1' of git://github.com/inukshuk/connect-assets into inukshuk-patch-1
• 13f4e5b Added test for pull request dependency on fbgraph is missing freeCodeCamp/freeCodeCamp#323.
• ec0e6be Broke out test commands in package.json to allow for passing flags to mocha.
• 16fce64 Merge branch 'master' of git://github.com/dapriett/connect-assets into dapriett-master
• 3073921 Update README.md
• eb7466a add some tests for the basic inline css/js output functionality

See the full diff

Package name: fbgraph

The new version differs by 14 commits.

• 9f9389a version bump
• 2574ff2 Merge pull request "Cash Register" bonfire bug freeCodeCamp/freeCodeCamp#103 from trakout/master
• b36a29a update request module to 2.72.x
• 092d1bb Update README.md
• 8585362 Merge pull request Typos freeCodeCamp/freeCodeCamp#92 from tjmcewan/patch-1
• e3b88dc quick note on how to set api version
• 2a20f71 version adustment for npm
• 9cde4eb Merge pull request Fix typos freeCodeCamp/freeCodeCamp#85 from apostopher/master
• 8aceec0 with documentation
• abd3e1a with access to api request
• fadbdd4 Update README.md
• 13cb5c0 Merge pull request Infinite Challenges/Points freeCodeCamp/freeCodeCamp#78 from hermanbosma/master
• 217e72b Issue Update README with mongo server instructions freeCodeCamp/freeCodeCamp#77 - Switch to graph version 2.0
• 2f720e8 Update README.md

See the full diff

Package name: helmet

The new version differs by 24 commits.

• 013a135 0.7.1
• 1c2bc50 Bump dependency versions
• 8864c69 Readme: Used to be 9, now is 10 middlewares
• 56b0844 Recommend HPP module
• 64f8cd8 0.7.0
• 0697d1c Update history
• 9a2e0e6 Add note about default middlewares
• a6ee110 Add hpkp
• e913076 Update Travis config to use Node 0.12
• 7798164 Add "minor code cleanup" to unreleased history
• 3379d9c 0.6.2
• 50d730c Prepare 0.6.2 release
• 0a44b61 Add "improve xssFilter performance" to history
• e466dda Minor: add whitespace in a test
• c3ad054 Minor: remove an unneeded line break from a test
• 32eb649 0.6.1
• 9e96cf9 Publishing 0.6.1
• 4805cc1 Update HISTORY
• efe5df9 Update history with readme addition
• 35dfcaf Recommend the CORS package
• 87bb29b Add "Other recommended modules" to README
• 84d5cc7 0.6.0
• 68843ae Bump dependency versions
• 650b4b7 Bump csp to 0.2.0

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• ddff80d release 4.0.0
• 2ef9a42 Merge branch '3.8.x'
• 02b4865 chore; backport makefile changes for 4.0 release
• 73d7dc6 Merge pull request The last test won't pass even though the three li's are closed freeCodeCamp/freeCodeCamp#2791 from Automattic/docs-switch
• 06ee56c fix; docs generation for embedded docs
• c339edd chore; set up legacy / master doc generation
• 3846944 chore; update gitter badge to Automattic/, reference acquit in README
• 5eb0b7d upgraded; node driver to 2.0.24
• 5ed48e2 Merge pull request Nested a element not recognized in editor freeCodeCamp/freeCodeCamp#2789 from chetverikov/patch-2
• 343811b Merge pull request combines two tests in one freeCodeCamp/freeCodeCamp#2788 from chetverikov/errors
• 5d488e1 LearnBoost -> Automattic
• 9408e1d Fix errors is not defined
• 174e1f0 fix; test broken from 3.8.x merge
• 0ffbf77 Merge branch '3.8.x'
• 1624116 Merge pull request I can't move on past this page freeCodeCamp/freeCodeCamp#2783 from artiifix/patch-1
• 5a4e6fd Merge pull request Replace instances of return(someVal) with return someVal freeCodeCamp/freeCodeCamp#2784 from LearnBoost/Your left-well element should have a red background - it does but i can't pass  freeCodeCamp/freeCodeCamp#1934
• 78f4f6f Fix Your left-well element should have a red background - it does but i can't pass  freeCodeCamp/freeCodeCamp#1934; bump mquery to 1.4.0
• 9c64595 Repro Your left-well element should have a red background - it does but i can't pass  freeCodeCamp/freeCodeCamp#1934
• e1196a9 Correct typo in documentation
• 8454a49 Merge branch '3.8.x'
• b7c7040 Fix Not sure if this is right. freeCodeCamp/freeCodeCamp#2656; upgrade to node driver 2.0.23
• ea2558b Merge pull request Won't move on to next waypoint freeCodeCamp/freeCodeCamp#2775 from LearnBoost/improve-cast-error
• 3d201b9 Persist cast errors across calls to validate()
• 5371e36 Repro issue with cast errors not persisting across validation

See the full diff

Package name: node-linkedin

The new version differs by 50 commits.

• c3d78c4 bump version (0.5.4)
• c9c5269 Merge pull request Angular images freeCodeCamp/freeCodeCamp#68 from YasharF/DependencyStatus
• 6ccf725 Merge pull request edit profile button if logged in and looking at own profile, and update ... freeCodeCamp/freeCodeCamp#69 from YasharF/updateRequestDep
• bebb87f Update readme.md to add Vulnerability Check Badge
• cef763e Updating requestJS to the latest version
• fa4960f Update readme.md to add Dependency Status
• 5a9d906 Merge pull request update bonfire URL on regex match if incomplete url freeCodeCamp/freeCodeCamp#66 from nickbarry/corrections
• 331e3e0 Copyedits in readme
• 5ea438f Merge pull request More graceful merging of different oauth accounts freeCodeCamp/freeCodeCamp#63 from mystery-man/master
• e2d5683 Fixed CSRF issue
• d2f91c9 Merge pull request Ensure order of post/save/fetch operation in bonfire completions. freeCodeCamp/freeCodeCamp#55 from b12consulting/master
• 69054d5 Merge pull request Use should.eql to compare arrays freeCodeCamp/freeCodeCamp#58 from zgianos/master
• ca2ea29 Merge pull request Update bonfires.json with two new challenges freeCodeCamp/freeCodeCamp#61 from mystery-man/master
• 59c7448 Readme updated
• 81c4786 Api added to get a single update of a company
• 200d6ed Merge pull request [Snyk Update] New fixes for 9 vulnerable dependency paths #2 from ArkeologeN/master
• caf0549 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #1 from zgianos/develop
• 60dc783 Fix missing "};"
• 076b0b6 Add "followers_stats", "status_update_stats" and "update" in companies API
• 248c1cf bump version (0.5.3)
• 001f6e5 Merge pull request Login/Avatar/Profile Edit Problem freeCodeCamp/freeCodeCamp#54 from UI-Jakob/master
• 6dbbf35 bump version (0.5.2)
• 02b799f added historical follower stats and impressions stats and tests
• 6b50575 Merge pull request Bonfire Challenges freeCodeCamp/freeCodeCamp#53 from UI-Jakob/master

See the full diff

Package name: twilio

The new version differs by 250 commits.

• 07891d5 Release 3.41.0
• 3120c68 [Librarian] Regenerated @ b99d9f1d3667442d965805ac71bf6185ee04b82c
• c76264e fix: remove the lock file since this is a library
• d073d8c fix: Page JSON parsing and integration tests (Add spinner to camper news search freeCodeCamp/freeCodeCamp#546)
• ef0d339 fix: add overloaded TS definitions for non-required params (Fix for issue #491 freeCodeCamp/freeCodeCamp#545)
• 465d158 fix: Add method overload to VoiceResponse.prototype.play (Challenge http://www.freecodecamp.com/challenges/waypoint-turn-an-image-into-a-link has an issue  freeCodeCamp/freeCodeCamp#544)
• 747a091 fix: don't re-parse parsed JSON (Challenge http://www.freecodecamp.com/challenges/waypoint-add-borders-around-your-elements has an issue  freeCodeCamp/freeCodeCamp#543)
• 6266910 feat: migrate from deprecated request module to axios (Create a "Sign up for a GitHub account" waypoint freeCodeCamp/freeCodeCamp#542)
• 5249e3b [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
• ad2e98b Release 3.40.0
• ec54ee2 [Librarian] Regenerated @ ee964c66599ebcd125eb411ba410bde1e62b3503
• 5a65128 docs: add url parameter documentation in twilio.webhook() (Challenge http://www.freecodecamp.com/challenges/waypoint-headline-with-the-h2-element has an issue  freeCodeCamp/freeCodeCamp#541)
• 6d96611 fix: proper indentation (Challenge http://www.freecodecamp.com/challenges/waypoint-wrap-an-anchor-element-within-a-paragraph has an issue  freeCodeCamp/freeCodeCamp#534)
• 3b07aca docs: guide for enabling lazy loading (Challenge http://www.freecodecamp.com/challenges/waypoint-line-up-form-elements-responsively-with-bootstrap has an issue  freeCodeCamp/freeCodeCamp#532)
• 25ec77d feat: Faster requiring using optional lazy loading (Challenge http://www.freecodecamp.com/challenges/waypoint-check-radio-buttons-and-checkboxes-by-default has an issue  freeCodeCamp/freeCodeCamp#526)
• deca8ff Release 3.39.5
• f8f368c [Librarian] Regenerated @ 59055a0e4517ecbe8ab584e0f9b38f2a70cd94a8
• 3d0e4a1 Release 3.39.4
• 2d7f7fa [Librarian] Regenerated @ 0d359fdcea150a7f3ec36771ffeb0bd2bf34ea1d
• 412b484 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 1294266 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 0d96c5b [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 1286866 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9
• 548eed3 [Librarian] Regenerated @ d279b32f822f241b774d58939b2c4c04ca4152e9

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Forgeable public/private tokens
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn