[Snyk] Fix for 2 vulnerabilities

[KayvanMazaheri]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less

The new version differs by 127 commits.

• b873737 Merge pull request #3177 from Kartoffelsalat/master
• bd2a93f chore(package): update request to 2.83.0
• 3699921 Merge pull request #3170 from thorn0/patch-1
• 6985541 Having `inline` and `less` imports of the same name lead to a race condition
• 2f1386f Merge pull request #3168 from matthew-dean/master
• 4272871 Fixes #3116 - lessc not loading plugins in 3.0
• ba5ad9c Point badges at master branch
• 4962988 Update CHANGELOG.md
• 12fe0c6 Update README.md
• 45d06b9 Merge pull request #3163 from matthew-dean/master
• 9590b7b Add dist files
• 0b6536b Merge branch '3.x'
• a48c24c calc() fix - fixes #974 (partially #1880)
• 367b46a Merge pull request #3161 from matthew-dean/3.x
• 4508495 Remove legacy upgrade
• 2a4a63a Update CHANGELOG.md with 3.x list
• bb6da28 Update README.md
• f80a021 Merge pull request #3159 from matthew-dean/3.x
• 8b4524f Bump to 3.0.0-RC.1
• d30e3a6 Merge pull request #3150 from anthony-redFox/3.x
• 0b7c81c Removed install npm 2 version for appveyor. It was hotfix for old node version.
• 5d230dd Drop node 0.10 and 0.12 and added node 9 matrix testing
• 385da8f Update stale.yml
• d384779 Create stale.yml

See the full diff

Package name: passport

The new version differs by 160 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• 17111d7 Add option to keep session data on logout.
• a349c2b Add option to keep session data.
• e69834e Add optional options to login and logout.
• 8825a9a Add tests.
• c1991cf Add tests.
• 294f22c Better session detection and exceptions.
• 80cc4e3 Add tests.
• 3001654 Add tests.
• b395106 Clean up tests.
• cfa8259 Add tests.
• ee0bf81 Add tests.
• cc7606c Add tests.
• 71c54f6 Add test.
• 88c1f1b Handle logout without session manager.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.