[Snyk] Fix for 1 vulnerabilities

[bobby-lin]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 43 commits.

• 0f20099 5.0.0
• 278579f Update README.md
• 11c2f03 Merge pull request Add MDN links to Bonfires freeCodeCamp/freeCodeCamp#255 from deepsweet/npm-ignore
• 3b5f8f4 include only `index.js` in npm package
• c0f1110 delete `.npmignore`
• f399c89 Merge pull request Standardize "steps", "details", "description" across modesl freeCodeCamp/freeCodeCamp#250 from danez/patch-1
• c71392e adjust test to also cover issue unable to login freeCodeCamp/freeCodeCamp#239
• 413b80e 5.0.0-beta10
• 7a038d5 Merge pull request symmetric-difference - inconsistent instructions freeCodeCamp/freeCodeCamp#246 from babel/escope-patterns
• c80a386 fixup tests
• 36f6638 fix typo
• bd4eee9 check using `__esModule`
• b26bc58 Prevent escope referencer from traversing into param pattern type annotations
• 0d30882 5.0.0-beta9
• 71fadf0 Merge pull request Ux improvements freeCodeCamp/freeCodeCamp#244 from christophehurpeau/patch-1
• d8ac8f9 fix Change decay rate of hot stories to 48 hours freeCodeCamp/freeCodeCamp#243
• 3dcb32c 5.0.0-beta8
• ac4d3f0 Add a test for use strict and directive ast change
• 937eceb 5.0.0-beta7
• 880dc03 Merge pull request Add code execute button freeCodeCamp/freeCodeCamp#241 from jmm/rule-strict
• 80f7a48 temporarily remove test
• 04838a2 Add tests for `strict` rule.
• 4a3a35d Merge pull request bonfire more info button arrow needs to change freeCodeCamp/freeCodeCamp#232 from vaibhavmule/patch-1
• 0cf92d3 update Licenses date

See the full diff

Package name: babel-loader

The new version differs by 13 commits.

• 321852e Merge branch 'release/6.0.0'
• e7565ee Add @ malyw 's guide to upgrade babel
• 862b7b1 Update travis badge url
• ff3bc7a Update dependencies.
• fc2bfe4 Merge branch 'shinnn-travis-ci' into develop
• a6f3fc0 Change options to query. Increase timeout interval
• 94d6308 Merge remote-tracking branch 'werk85/master' into develop
• f4e40c5 README updated
• 0823f6a Upgraded to Babel 6
• bb110a8 set up Travis CI
• f84ef50 Merge branch 'develop' of github.com:babel/babel-loader into develop
• 719eb70 Merge branch 'hotfix/5.3.1' into develop
• 6b33020 Merge branch 'release/5.3.0' into develop

See the full diff

Package name: gulp

The new version differs by 134 commits.

• 55eb23a Release: 4.0.0
• 173a532 Docs: Fix the installation instructions
• ec54d09 Docs: Improve note about out-of-date docs
• 03b7c98 Docs: Update recipes to install gulp@next
• 2eba29e Docs: Remove run-sequence from recipes
• 76eb4d6 Docs: Add installation instructions & update badges
• fbc162f Docs: Remove references to gulp-util
• 3011cf9 Scaffold: Normalize repository
• f27be05 Update: Remove graceful-fs from test suite
• 361ab63 Upgrade: Update glob-watcher
• 064d100 Build: Avoid broken node 9
• 057df59 Release: 4.0.0-alpha.3
• c1ba80c Breaking: Upgrade major versions of glob-watcher, gulp-cli & vinyl-fs
• 89acc5c Docs: Improve ES2015 task exporting examples (errors on waypoint-comment-your-javascript-code freeCodeCamp/freeCodeCamp#1999)
• 0ac9e04 Docs: Add "Project structure" section to CONTRIBUTING.md (typo mistake. #111111 is dark grey, not light grey freeCodeCamp/freeCodeCamp#1859)
• 723cbc4 Docs: Fix syntax in recipe example (Onboarding freeCodeCamp/freeCodeCamp#1715)
• d420a6a Docs: Have gulp.lastRun take a function to avoid task registration (Text "[object Object]" found on the Learning Map freeCodeCamp/freeCodeCamp#1828)
• 29ece6f Upgrade: Update undertaker
• e931cb0 Docs: Fix changelog typos (Beta: Waypoint: Modify Array Data With Indexes freeCodeCamp/freeCodeCamp#1696)
• 477db84 Docs: Add a "BrowserSync with Gulp 4" recipe (spam freeCodeCamp/freeCodeCamp#1659)
• d4ed3c7 Docs: Add options.cwd for gulp.src API (Fix for #1644 freeCodeCamp/freeCodeCamp#1645)
• 5dc3b07 Docs: Update gulp.watch API to align with glob-watcher
• 0c66069 Breaking: Replace chokidar as gulp.watch with glob-watcher wrapper
• c3dbc10 Docs: Clarify incremental builds example (Beta: Waypoint: Use Hex Code for Specific Colors - wording on 2nd checkpoint freeCodeCamp/freeCodeCamp#1609)

See the full diff

Package name: gulp-babel

The new version differs by 3 commits.

• 8392545 6.0.0
• 39e81e0 tweaks
• 94addac Close [Snyk] Fix for 1 vulnerabilities #46 PR: chore: update babel-core to 6.0.2.

See the full diff

Package name: rev-del

The new version differs by 22 commits.

• de7ddcf 2.0.0
• a53017b Merge pull request [Snyk] Fix for 1 vulnerabilities #20 from jakezatecky/master
• f95803a Merge pull request [Snyk] Security upgrade cheerio from 0.19.0 to 0.20.0 #16 from joostdekeijzer/deleteMapExtensions-issue-10
• c58cf53 Update dependencies
• cf4592b deleteMapExtensions help text
• bb0647a deleteMapExtensions option defaults to false
• 3e6352a Update travis test version
• be9d676 Merge pull request [Snyk] Security upgrade forever from 0.15.3 to 4.0.0 #13 from nickescallon/add-range-dep-for-lodash
• 6cb4e66 Merge pull request [Snyk] Security upgrade forever from 0.15.3 to 4.0.0 #12 from piotr-cz/patch-1
• 6083c07 Merge pull request [Snyk] Fix for 1 vulnerabilities #14 from silverbackdan/master
• 099fc8c Remove statSync from secondary potential map file path
• ce37d62 Coding style whitespace update
• ab3a318 Change existsSync to statSync and coding style update
• 9929902 Conflict resolve
• dae8438 First local to remote commit
• 218f09d .map find fixes
• b9e10b6 Lookup key for file to locate .map
• 9ab2b0c Respect deleteMapExtensions option
• a0a913e .map extension check
• aa4db05 Option for checking and deleting .map extenions
• acea599 increase lodash dependency version range
• bd6105e Fix path resolution on windwos

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[socket-security]

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package	Script field	Location
core-js@2.6.12 (added)	postinstall	package.json via babel-core@6.10.4, babel-runtime@6.26.0

Socket.dev scan summary

Issue	Status
Did you mean?	✅ no new possible package typos
Install scripts	⚠️ 1 new install script detected
Telemetry	✅ no new telemetry
Troll package	✅ no new troll packages
Malware	✅ no new malware
Native code	✅ no new native modules

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

• @SocketSecurity ignore core-js@2.6.12

Powered by socket.dev