[Snyk] Fix for 1 vulnerabilities

[jcentino]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cheerio

The new version differs by 106 commits.

• c3ec1cd Release 0.20.0
• ef848ca Add coveralls badge, remove link to old report
• dbcbe90 Merge pull request Bootstrap css link is not on the tutorial description freeCodeCamp/freeCodeCamp#808 from leifhanack/lodash4
• c04ead1 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-scope-your-variables has an issue  freeCodeCamp/freeCodeCamp#668 from rwaldin/prop-method
• b5531bb Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-use-clockwise-notation-to-specify-the-margin-of-an-element has an issue  freeCodeCamp/freeCodeCamp#671 from twolfson/dev/fallback.select.content.sqwished
• 9d98bd7 Merge pull request Challenge http://www.freecodecamp.com/challenges/waypoint-add-borders-around-your-elements has an issue  freeCodeCamp/freeCodeCamp#704 from Rycochet/master
• 1b9c5c9 Merge pull request Basic Javascript waypoints translated into ES [WIP] freeCodeCamp/freeCodeCamp#797 from Delgan/641-appendTo_prependTo
• b12cbe8 Update lodash dependeny to 4.1.0
• 8c9b2e0 Merge pull request Blacklist usernames freeCodeCamp/freeCodeCamp#796 from Delgan/fix_780
• b09db31 Fix PR fixed bug where the 'next challenge' button in tablet view couldn't… freeCodeCamp/freeCodeCamp#726 adding 'appendTo()' and 'prependTo()'
• ce8829d Added appendTo and prependTo with tests Fix to issue #633 and a hand full of the other issues related to the challenge freeCodeCamp/freeCodeCamp#641
• 4779762 Fix Set font-family: "Monospace" renders as serif freeCodeCamp/freeCodeCamp#780 by changing options context in '.find()'
• 8dc1cc9 Add an unit test checking the query of child
• b27bed6 fix Minor typo: Challenge http://www.freecodecamp.com/challenges/waypoint-responsively-style-a-radio-buttons has an issue  freeCodeCamp/freeCodeCamp#667: attr({foo: null}) removes attribute foo, like attr('foo', null)
• 70c5608 Include reference to dedicated "Loading" section
• fa70a84 Added load method to $
• 4e8483a update css-select to 1.2.0
• 5f2777a Merge pull request Example app freeCodeCamp/freeCodeCamp#732 from jugglinmike/reinstate-toarray
• 106e42a Merge pull request Challenge isn't checking where code is added freeCodeCamp/freeCodeCamp#776 from dYale/master
• 97149d3 Fixing Grammatical Error
• a1367ee Merge pull request class not working freeCodeCamp/freeCodeCamp#739 from TrySound/npm-files
• 6c73b7a Merge pull request Challenge doesn't accept CSS shorthand freeCodeCamp/freeCodeCamp#773 from JaKXz/patch-1
• 48bb22d Test against node v0.12 --> v4.2
• ec2414d Correct output in example

See the full diff

Package name: connect-assets

The new version differs by 46 commits.

• 263f1ac Release version 5.2.0.
• de0efc6 Updated changelog to include inline addition.
• 33d171a Updated readme to include inline variants.
• 06ac2b7 Refactored code to reuse helper instead of having a separate method for inline tag writers. Merged tests into helper.
• 6ef4eb6 Merge branch 'v5.2.0' into OOShoppingnl-feature/allow-for-inline-tags
• 434c0f3 Updated missed test to use bundle instead of build.
• eb5e5c0 Merge branch 'v5.2.0' into OOShoppingnl-feature/allow-for-inline-tags
• a571450 Merge branch 'feature/allow-for-inline-tags' of git://github.com/OOShoppingnl/connect-assets into OOShoppingnl-feature/allow-for-inline-tags
• 458fc81 Changed build option -> bundle option and using build option to control whether the assets are stored to disk, matching the original intent.
• 461857a Updated changelog.
• b0951f4 Updated all dependancies to the latest.
• 48778cb Release version 5.1.1.
• d39678b Fixed style from I can post a story/comment as another user freeCodeCamp/freeCodeCamp#327.
• 6a8bc12 Merge branch 'inukshuk-patch-1'
• ef19a36 Merge branch 'patch-1' of git://github.com/inukshuk/connect-assets into inukshuk-patch-1
• 13f4e5b Added test for pull request dependency on fbgraph is missing freeCodeCamp/freeCodeCamp#323.
• ec0e6be Broke out test commands in package.json to allow for passing flags to mocha.
• 16fce64 Merge branch 'master' of git://github.com/dapriett/connect-assets into dapriett-master
• 3073921 Update README.md
• eb7466a add some tests for the basic inline css/js output functionality
• 9a7504e expose helpers that generate inline JS/CSS output
• c878196 add function capable of driving a tag-writer function that outputs a css/js asset inline
• 2dce3fb Release version 5.1.0.
• 200976e Add test to ensure mincer is exposed.

See the full diff

Package name: express-validator

The new version differs by 44 commits.

• cdfb5dc Upgrade to 3.0.0
• fa25f11 Specify fail message of optional when using schema
• d99417f Ignore tests and other dotfiles from npm package
• f3c0a40 Move optional flag after other validation in optionalSchemaTest
• 417a653 Merge pull request Move Bonfires into Coursewares freeCodeCamp/freeCodeCamp#285 from ctavan/errors-result
• ebdd10d readme: rename non existing variable in Usage
• 6d96a97 readme: add missing regex routes section
• 5e204dc readme: readd docs about deprecated methods
• 8f10fa6 readme: add a table of contents
• bbb9b4e Rename #getValidationErrors() to #getValidationResult()
• 40e966f readme: update docs for usage of #getValidationErrors()
• d054608 JSHint: set expr rule to true
• 5db0b0f getValidationErrors(): return a result object instead of errors directly
• d6b666a Merge branch 'pr-280'
• 1db8f0d Improve IDE autocomplete for methods
• 2551e9c Separate utils from the main file
• 6ec3bd8 Switch README badges to Shields.io
• 4e0d126 Merge pull request Create dynamic named routes for resources freeCodeCamp/freeCodeCamp#282 from IOAyman/patch-optional-schema
• 1afe320 Bug Fix: Optional validate method may not be applied when using a schema
• 42c065d Fix branch of the coverage badge in the README
• 0ffd03d Add missing tests for #checkHeaders()
• 17cb82e Make headers validation and sanitization case insensitive
• 8c2f536 Merge branch 'pr-232'
• 1694cda Add tests for #checkCookies()

See the full diff

Package name: helmet

The new version differs by 37 commits.

• e99bcb8 0.8.0
• 9a1262b Prepare changelog for 0.8.0 release
• f22cb82 More notes that this is an HTTP header module
• 4344ee7 Minor: changelog order should be new, update, fix, remove
• e0c3039 Add "deprecate crossdomain" notes to history file
• bf65c0f Deprecate crossdomain in the code and add relevant tests
• ecf4f40 Remove "crossdomain.xml" from npm keywords
• ddc4ce8 Remove crossdomain from the readme
• 86da539 Bump frameguard to 0.2.2
• 10ddccf Update CSP and HSTS modules to latest
• d89df25 Small readme tweaks
• 6907874 Recommend express-content-length-validator module
• fed5bfd Readme: disclaimer in recommended modules section
• 013a135 0.7.1
• 1c2bc50 Bump dependency versions
• 8864c69 Readme: Used to be 9, now is 10 middlewares
• 56b0844 Recommend HPP module
• 64f8cd8 0.7.0
• 0697d1c Update history
• 9a2e0e6 Add note about default middlewares
• a6ee110 Add hpkp
• e913076 Update Travis config to use Node 0.12
• 7798164 Add "minor code cleanup" to unreleased history
• 3379d9c 0.6.2

See the full diff

Package name: node-linkedin

The new version differs by 62 commits.

• 4c3ed27 0.5.6
• 4a00a1a Merge pull request Fixed routing if a user types bonfires/ freeCodeCamp/freeCodeCamp#74 from soumak77/support-mobile-access-tokens
• 53895e2 rename config option
• 8afc600 Update README.md
• df016f7 cleanup docs
• 0aa140b cleanup
• 90844c7 remove oauth2_access_token option when using client token
• 6c6e3d8 add Authorization header for client access token calls
• 1245f89 add useMobileSdk option
• c382a01 0.5.5
• 000a648 Merge pull request Image URL in profile need not end with any extension freeCodeCamp/freeCodeCamp#72 from jkhaykin/master
• 500f873 Updated lodash version
• c3d78c4 bump version (0.5.4)
• c9c5269 Merge pull request Angular images freeCodeCamp/freeCodeCamp#68 from YasharF/DependencyStatus
• 6ccf725 Merge pull request edit profile button if logged in and looking at own profile, and update ... freeCodeCamp/freeCodeCamp#69 from YasharF/updateRequestDep
• bebb87f Update readme.md to add Vulnerability Check Badge
• cef763e Updating requestJS to the latest version
• fa4960f Update readme.md to add Dependency Status
• 5a9d906 Merge pull request update bonfire URL on regex match if incomplete url freeCodeCamp/freeCodeCamp#66 from nickbarry/corrections
• 331e3e0 Copyedits in readme
• 5ea438f Merge pull request More graceful merging of different oauth accounts freeCodeCamp/freeCodeCamp#63 from mystery-man/master
• e2d5683 Fixed CSRF issue
• d2f91c9 Merge pull request Ensure order of post/save/fetch operation in bonfire completions. freeCodeCamp/freeCodeCamp#55 from b12consulting/master
• 69054d5 Merge pull request Use should.eql to compare arrays freeCodeCamp/freeCodeCamp#58 from zgianos/master

See the full diff

Package name: stripe

The new version differs by 51 commits.

• 71e34ef Bump version to 4.6.0
• b49ee6b create sub resource supporting CRUDL and add tests (unable to login freeCodeCamp/freeCodeCamp#239)
• 6ce568d Merge pull request Change decay rate of hot stories to 48 hours freeCodeCamp/freeCodeCamp#243 from stripe/brandur-update-dependencies
• e7251af Update dependencies; bump lodash to 4.x.x series
• 4970f44 Merge pull request Add code execute button freeCodeCamp/freeCodeCamp#241 from implausible/remove-eval
• 6353089 Remove eval from url interpolator
• 0d17f1b Correct formatting in changelog
• c655715 Bump version to 4.5.0
• a455881 Merge pull request refactor footer freeCodeCamp/freeCodeCamp#234 from stripe/gregsabo-add-account-reject
• 5068958 Add Account.reject method.
• 77e012b Bump version to 4.4.0
• 36218d4 Merge pull request Codemirror code input broken freeCodeCamp/freeCodeCamp#229 from stripe/remi-countryspecs-support
• b9709ad Added support for the CountrySpec endpoint
• d84bb88 Bump version to 4.3.0
• 552ed0a Merge pull request fix email validation issue #212 freeCodeCamp/freeCodeCamp#226 from stripe/rasmus-support_sku_product_deletion
• c7ee12c Update README with SKU/product resources.
• 23c6c83 Support product and SKU deletion.
• e2cb165 Bump version to 4.2.0
• 0da4628 Merge pull request Stories js var double output fix freeCodeCamp/freeCodeCamp#223 from olalonde/master
• f13a83f Expose .lastResponse property on resources.
• 80afb4c Merge pull request unblock the cdn paths that firefox over-vigilantly blocked freeCodeCamp/freeCodeCamp#221 from kbouzidi/master
• 20c7768 Fix Account page doesn't enforce unique username freeCodeCamp/freeCodeCamp#219 Card expiration year is invalid
• cd6e257 Merge pull request Design Flaw in Bonfires  freeCodeCamp/freeCodeCamp#218 from stripe/brandur-err-through-callback
• 6b482f3 Elaborate on error messages + improve the name of spec

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution