[Snyk] Fix for 31 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • api-server/package.json
  • api-server/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COOKIEJAR-3149984	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-DOTPROP-543489	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-FASTJSONPATCH-3182961	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-FASTJSONPATCH-595663	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-UNDEFSAFE-548940	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: auth0-js

The new version differs by 250 commits.

• 7a40a58 release 9.20.2 (Friendly Date Ranges -- 4th Test Incorrectly Requiring Year in Second Element (while Requiring its Absence in the First) freeCodeCamp/freeCodeCamp#1299)
• ad6901e chore: update superagent to 7.1.5 (Feature Request: Mozilla's Open Backpack freeCodeCamp/freeCodeCamp#1296)
• c67e194 Merge pull request It says it's correct when it's not freeCodeCamp/freeCodeCamp#1295 from auth0/dependabot/npm_and_yarn/sideway/formula-3.0.1
• 2564104 Bump @ sideway/formula from 3.0.0 to 3.0.1
• 2fa95ac Merge pull request Exercise 27 ignores 'if' clauses freeCodeCamp/freeCodeCamp#1294 from auth0/dependabot/npm_and_yarn/http-cache-semantics-4.1.1
• 09ba38b Bump http-cache-semantics from 4.1.0 to 4.1.1
• 19c6253 fix(docs): document `error()` option for `renderCaptcha()`(Feature Request: "Favorites" section in Camper News freeCodeCamp/freeCodeCamp#1290)
• 2e75b62 Merge pull request Feature Request: Grouping feature for links posted by a user in Camper News freeCodeCamp/freeCodeCamp#1289 from auth0/dependabot/npm_and_yarn/cookiejar-2.1.4
• 688b3ee Bump cookiejar from 2.1.3 to 2.1.4
• 73e3ed0 Release v9.20.1 (Full JS Stuff freeCodeCamp/freeCodeCamp#1286)
• c367b3f Merge pull request Add <p> element to label the new ordered list. freeCodeCamp/freeCodeCamp#1285 from auth0/dependabot/npm_and_yarn/json5-1.0.2
• 8a7bc49 Bump json5 from 1.0.1 to 1.0.2
• edec638 Update index.js
• a606cb6 Merge pull request Bonfire #32: Smallest Common Multiple - Suggestion for a minor improvement of the description freeCodeCamp/freeCodeCamp#1282 from auth0/dependabot/npm_and_yarn/jsonwebtoken-9.0.0
• 173ac36 Bump jsonwebtoken from 8.5.1 to 9.0.0
• a05f99e Release v9.20.0 ('Basic HTML5 and CSS' Waypoint 28 auto-skipped freeCodeCamp/freeCodeCamp#1280)
• 05dbf4a Merge pull request Waypoint: Use the Bootstrap Grid... freeCodeCamp/freeCodeCamp#1277 from DominickBattistini/passwordlessCaptcha
• a03f7f4 Merge branch 'master' into passwordlessCaptcha
• 3c1b23d Merge pull request Waypoint #58 freeCodeCamp/freeCodeCamp#1279 from auth0/dependabot/npm_and_yarn/decode-uri-component-0.2.2
• 68c6a78 Bump decode-uri-component from 0.2.0 to 0.2.2
• 5fb57ea Add jsdoc for captcha argument on passwordless/start
• bd35c1a getChallenge to passwordless, additional tests
• 0e65fb4 renderPasswordlessChallenge
• de9c54a Release v9.19.2 (no confirmation bug: Waypoint: Mobile Responsive Images - freecodecamp freeCodeCamp/freeCodeCamp#1274)

See the full diff

Package name: googleapis

The new version differs by 171 commits.

• 8669d9a run npm install before npm publish (Backspace Outside of Text Editor Returns to Previous Tut - Skips Over Lesson After Resubmitting Old Tut freeCodeCamp/freeCodeCamp#944)
• d571e5d release 25.0.0 (Validation issue with the Responsive image waypoint freeCodeCamp/freeCodeCamp#932)
• 2722f1f update package-lock.json (faulty passing? freeCodeCamp/freeCodeCamp#942)
• 515fa50 chore: asyncify generator (no user tests were run" - program execution failure whatever I do or not do freeCodeCamp/freeCodeCamp#926)
• 0c306e5 chore: update source-map-support to 0.5.2 (Bonfire: No Repeats Please - test for returns a number always returns true freeCodeCamp/freeCodeCamp#941)
• 9cdb096 chore: remove node 7 from CI (Check fix in 'Bootstrap Grid'. freeCodeCamp/freeCodeCamp#940)
• eb86822 Update README.md (Faulty instructions on Truncate a String freeCodeCamp/freeCodeCamp#928)
• 658c7cb Update mocha to the latest version 🚀 (Bonfire: Diff Two Arrays - Change Helpful Links freeCodeCamp/freeCodeCamp#935)
• 8654a48 chore(package): update source-map-support to version 0.5.1 (test logic - arbitrary number of decimal places on purpose? freeCodeCamp/freeCodeCamp#931)
• 640c621 chore(package): update opn to version 5.2.0 (Reduce font size in Field Guide on mobile freeCodeCamp/freeCodeCamp#925)
• 573d96e Update js-green-licenses to the latest version 🚀 (inspite of puting the right syntax for css i am not able to enter the next file  freeCodeCamp/freeCodeCamp#933)
• e734909 Circleci tests (Fixed Zipline jQuery.getJSON() links. freeCodeCamp/freeCodeCamp#937)
• 474bed7 chore: Upgrade to the latest google-auth-library (# 32 Bonfire: Smallest Common Multiple freeCodeCamp/freeCodeCamp#891)
• efd4af5 chore(package): update semistandard to version 12.0.0 (Basic HTML/CSS Bug freeCodeCamp/freeCodeCamp#910)
• 70a2ec0 fix: cleanup and fix samples (Updating Codepen instructions for adding Bootstrap to a pen freeCodeCamp/freeCodeCamp#916)
• dfcae5a chore(package): update js-green-licenses to version 0.3.1 (Wrong link href for jQuery JSON function freeCodeCamp/freeCodeCamp#919)
• 6a9b578 publishing 24.0.0 (Added missing MDN Link freeCodeCamp/freeCodeCamp#922)
• cdf72a2 reverting breaking change (control + enter freeCodeCamp/freeCodeCamp#921)
• 8135ce0 updating googleapis (Fixed a word freeCodeCamp/freeCodeCamp#920)
• 4c4cf53 Revert "updating googleapis"
• 2ffccde Revert "bump version, fix formatting"
• a408328 bump version, fix formatting
• c0a06ba updating googleapis
• 6ab07d9 chore(package): update nock to version 9.1.5 (Waypoint: Link to External Pages with Anchor Elements freeCodeCamp/freeCodeCamp#902)

See the full diff

Package name: loopback-boot

The new version differs by 28 commits.

• 92d6a1f 3.0.0
• 63a1150 Merge pull request Zipline model, view, controller freeCodeCamp/freeCodeCamp#247 from strongloop/feature/upgrade-deps
• 3bb519d Upgrade deps and fix style issues
• 4803802 Merge pull request C-enter should test user code freeCodeCamp/freeCodeCamp#240 from supasate/provide-script-extensions-option
• d68ffc6 Provide scriptExtensions option
• 79d9ddb Merge pull request refactor footer freeCodeCamp/freeCodeCamp#234 from strongloop/update-support-URL
• ba688e0 Update paid support URL
• f7c9cbc Merge pull request Add error handling on new user validation and ajax end points freeCodeCamp/freeCodeCamp#181 from strongloop/feature/extensibility
• ac1571c Refactor for modular and pluggable design
• 314dff9 Merge pull request Update bonfire name url freeCodeCamp/freeCodeCamp#231 from strongloop/drop-support-node-0x
• ecc2d43 Add Node v7 to Travis CI platforms
• fbea19a Drop support for Node v0.10 and v0.12
• e96b080 Merge pull request connect-mongo version update freeCodeCamp/freeCodeCamp#227 from strongloop/update-new-docs-url
• a17c6c5 readme: update URL to new doc site
• 6491cc8 Merge pull request fix bug in server side checking for username, closes #219 freeCodeCamp/freeCodeCamp#220 from Sequoia/patch-1
• 94aef17 Merge pull request unblock the cdn paths that firefox over-vigilantly blocked freeCodeCamp/freeCodeCamp#221 from strongloop/add_translation3
• 295db6d Update ja translation file
• 63cc0ec Update header-browser.md
• 0d985ba Merge pull request Account page doesn't enforce unique username freeCodeCamp/freeCodeCamp#219 from strongloop/add_translation2
• 5da1420 Update translation files - round#2
• 57e5e64 Merge pull request Upvote fix freeCodeCamp/freeCodeCamp#214 from strongloop/update-lb-3-rc-1
• 49ed10c Normalize line endings to support both LF and CRLF
• 748a728 Remove "defaultForType" from datasource config
• 58ef169 Update deps to loopback 3.0.0 RC

See the full diff

Package name: passport-auth0

The new version differs by 95 commits.

• 3fe9208 Release v1.4.1 (Add meta-data scraping to news freeCodeCamp/freeCodeCamp#147)
• 7e5bd48 Fix build status badge (Use Babel as our transpiler for reactify freeCodeCamp/freeCodeCamp#145)
• 1aaf257 [SDK-2811] Replace request with axios (Profile glitch freeCodeCamp/freeCodeCamp#144)
• 53dc43e Run CI on Node 12, 14 and 16 (Create a Comment model freeCodeCamp/freeCodeCamp#143)
• 45a3d21 Run npm audit fix (Create the Post model freeCodeCamp/freeCodeCamp#142)
• 3feaf0f fix: upgrade request from 2.88.0 to 2.88.2 (Add jsx/bundle task to gulp file freeCodeCamp/freeCodeCamp#140)
• 4927efb fix: upgrade passport-oauth2 from 1.5.0 to 1.6.0 (Browserify in gulpfile.js freeCodeCamp/freeCodeCamp#141)
• fb0608d Merge pull request Clean all lint errors freeCodeCamp/freeCodeCamp#139 from auth0/circleci-project-setup
• ecec81e Migrate to CircleCI
• 1920790 Update lock file - ajv (Completion modals shouldn't use points anymore freeCodeCamp/freeCodeCamp#138)
• 7a672c8 Merge pull request [Snyk] Fix for 2 vulnerabilities #136 from auth0/add-templates
• 77f1ec9 Update config.yml
• 52b5dc7 Setup pull-request and issue templates
• 8fd4b15 Merge pull request [Snyk] Security upgrade loopback-boot from 2.27.1 to 3.0.0 #135 from auth0/davidpatrick-patch-1
• 684fbb6 README Update with Maintenance Advisory
• f19e222 Merge pull request [Snyk] Fix for 2 vulnerabilities #134 from auth0/add-templates
• f3b1214 update issue template config.yml
• e7faa31 Setup pull-request and issue templates
• 97da27d Merge pull request [Snyk] Fix for 1 vulnerabilities #133 from auth0/add-codeowners-eng
• 81ce782 Setup the CODEOWNERS for pull request reviews
• 6b715cf Merge pull request [Snyk] Fix for 1 vulnerabilities #132 from auth0/release-1.4.0
• 34c855a Release v1.4.0
• c453513 Merge pull request [Snyk] Fix for 2 vulnerabilities #131 from alexbjorlig/allow-extra-params
• 0b7f58e Merge branch 'master' into allow-extra-params

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Arbitrary Code Execution