Pin dependencies

[renovate[bot]]

This PR contains the following updates:

Package	Type	Update	Change
assets-webpack-plugin	devDependencies	pin	^3.5.1 -> 3.5.1
autoprefixer	devDependencies	pin	^7.1.1 -> 7.1.2
babel-cli (source)	devDependencies	pin	^6.24.1 -> 6.26.0
babel-core (source)	devDependencies	pin	^6.25.0 -> 6.26.0
babel-eslint	devDependencies	pin	^7.2.3 -> 7.2.3
babel-jest	devDependencies	pin	^20.0.3 -> 20.0.3
babel-loader	devDependencies	pin	^7.1.1 -> 7.1.2
babel-plugin-rewire	devDependencies	pin	^1.1.0 -> 1.1.0
babel-polyfill (source)	dependencies	pin	^6.23.0 -> 6.26.0
babel-preset-env (source)	devDependencies	pin	^1.5.2 -> 1.6.0
babel-preset-react (source)	devDependencies	pin	^6.24.1 -> 6.24.1
babel-preset-react-optimize	devDependencies	pin	^1.0.1 -> 1.0.1
babel-preset-stage-2 (source)	devDependencies	pin	^6.24.1 -> 6.24.1
babel-register	devDependencies	pin	^6.24.1 -> 6.26.0
babel-template (source)	devDependencies	pin	^6.25.0 -> 6.26.0
babel-types (source)	devDependencies	pin	^6.25.0 -> 6.26.0
bluebird	dependencies	pin	^3.5.0 -> 3.5.0
body-parser	dependencies	pin	^1.17.2 -> 1.17.2
browser-sync (source)	devDependencies	pin	^2.18.12 -> 2.18.13
chokidar	devDependencies	pin	^1.7.0 -> 1.7.0
classnames	dependencies	pin	^2.2.5 -> 2.2.5
cookie-parser	dependencies	pin	^1.4.3 -> 1.4.3
core-js	dependencies	pin	^2.4.1 -> 2.5.0
cross-env	devDependencies	pin	^5.0.1 -> 5.0.5
css-loader	devDependencies	pin	^0.28.4 -> 0.28.5
enzyme (source)	devDependencies	pin	^2.9.1 -> 2.9.1
eslint (source)	devDependencies	pin	^4.4.1 -> 4.19.1
eslint-config-airbnb	devDependencies	pin	^15.0.1 -> 15.1.0
eslint-config-prettier	devDependencies	pin	^2.3.0 -> 2.3.0
eslint-import-resolver-node	devDependencies	pin	^0.3.1 -> 0.3.1
eslint-loader	devDependencies	pin	^1.8.0 -> 1.9.0
eslint-plugin-css-modules	devDependencies	pin	^2.7.1 -> 2.7.4
eslint-plugin-flowtype	devDependencies	pin	^2.34.1 -> 2.35.0
eslint-plugin-import	devDependencies	pin	^2.6.1 -> 2.7.0
eslint-plugin-jsx-a11y	devDependencies	pin	^6.0.2 -> 6.0.2
eslint-plugin-prettier	devDependencies	pin	^2.1.2 -> 2.2.0
eslint-plugin-react	devDependencies	pin	^7.0.1 -> 7.3.0
express (source)	dependencies	pin	^4.15.3 -> 4.15.4
express-graphql	dependencies	pin	^0.6.6 -> 0.6.7
express-jwt	dependencies	pin	^6.0.0 -> 6.0.0
file-loader	devDependencies	pin	^0.11.2 -> 0.11.2
front-matter	devDependencies	pin	^2.1.2 -> 2.1.2
glob	devDependencies	pin	^7.1.2 -> 7.1.2
graphql	dependencies	pin	^0.10.3 -> 0.10.5
history	dependencies	pin	^4.6.3 -> 4.6.3
husky	devDependencies	pin	^0.14.1 -> 0.14.3
identity-obj-proxy	devDependencies	pin	^3.0.0 -> 3.0.0
isomorphic-style-loader	dependencies	pin	^4.0.0 -> 4.0.0
jest (source)	devDependencies	pin	^20.0.4 -> 20.0.4
jest-codemods	devDependencies	pin	^0.12.0 -> 0.12.0
jscodeshift	devDependencies	pin	^0.3.32 -> 0.3.32
jsonwebtoken	dependencies	pin	^7.4.1 -> 7.4.3
lint-staged	devDependencies	pin	^4.0.0 -> 4.0.3
markdown-it	devDependencies	pin	^8.3.1 -> 8.3.2
mkdirp	devDependencies	pin	^0.5.1 -> 0.5.1
node-fetch	dependencies	pin	^2.0.0 -> 2.6.1
normalize.css (source)	dependencies	pin	^7.0.0 -> 7.0.0
null-loader	devDependencies	pin	^0.1.1 -> 0.1.1
opn-cli	devDependencies	pin	^3.1.0 -> 3.1.0
passport (source)	dependencies	pin	^0.4.0 -> 0.4.0
passport-facebook	dependencies	pin	^2.1.1 -> 2.1.1
pixrem	devDependencies	pin	^4.0.1 -> 4.0.1
pleeease-filters	devDependencies	pin	^4.0.0 -> 4.0.0
postcss (source)	devDependencies	pin	^6.0.4 -> 6.0.9
postcss-calc	devDependencies	pin	^6.0.0 -> 6.0.0
postcss-color-function	devDependencies	pin	^4.0.0 -> 4.0.0
postcss-custom-media	devDependencies	pin	^6.0.0 -> 6.0.0
postcss-custom-properties	devDependencies	pin	^6.1.0 -> 6.1.0
postcss-custom-selectors	devDependencies	pin	^4.0.1 -> 4.0.1
postcss-flexbugs-fixes	devDependencies	pin	^3.0.0 -> 3.2.0
postcss-import	devDependencies	pin	^10.0.0 -> 10.0.0
postcss-loader	devDependencies	pin	^2.0.6 -> 2.0.6
postcss-media-minmax	devDependencies	pin	^3.0.0 -> 3.0.0
postcss-nested	devDependencies	pin	^2.0.2 -> 2.1.2
postcss-nesting	devDependencies	pin	^4.0.1 -> 4.1.0
postcss-pseudoelements	devDependencies	pin	^5.0.0 -> 5.0.0
postcss-selector-matches	devDependencies	pin	^3.0.1 -> 3.0.1
postcss-selector-not	devDependencies	pin	^3.0.1 -> 3.0.1
prettier (source)	devDependencies	pin	^1.5.2 -> 1.5.3
pretty-error	dependencies	pin	^2.1.1 -> 2.1.1
prop-types (source)	dependencies	pin	^15.5.10 -> 15.5.10
query-string	dependencies	pin	^5.0.0 -> 5.0.0
raw-loader	devDependencies	pin	^0.5.1 -> 0.5.1
react (source)	dependencies	pin	^15.5.4 -> 15.6.1
react-deep-force-update	devDependencies	pin	^2.0.1 -> 2.1.0
react-dom (source)	dependencies	pin	^15.5.4 -> 15.6.1
react-error-overlay	devDependencies	pin	^1.0.9 -> 1.0.10
react-hot-loader	devDependencies	pin	^3.0.0-beta.7 -> 3.0.0-beta.7
react-test-renderer (source)	devDependencies	pin	^15.6.1 -> 15.6.1
rimraf	devDependencies	pin	^2.6.1 -> 2.6.1
sequelize (source)	dependencies	pin	^4.2.1 -> 4.44.4
serialize-javascript	dependencies	pin	^3.0.0 -> 3.1.0
sinon (source)	devDependencies	pin	^3.2.0 -> 3.2.1
source-map-support	dependencies	pin	^0.4.15 -> 0.4.16
sqlite3	dependencies	pin	^3.1.8 -> 3.1.9
stylelint (source)	devDependencies	pin	^8.0.0 -> 8.0.0
stylelint-config-standard	devDependencies	pin	^17.0.0 -> 17.0.0
stylelint-order	devDependencies	pin	^0.6.0 -> 0.6.0
svg-url-loader	devDependencies	pin	^2.1.1 -> 2.1.1
universal-router (source)	dependencies	pin	^3.2.0 -> 3.2.0
url-loader	devDependencies	pin	^0.5.9 -> 0.5.9
webpack	devDependencies	pin	^3.0.0 -> 3.5.5
webpack-bundle-analyzer	devDependencies	pin	^3.0.0 -> 3.9.0
webpack-dev-middleware	devDependencies	pin	^1.11.0 -> 1.12.0
webpack-hot-middleware	devDependencies	pin	^2.18.0 -> 2.18.2
webpack-node-externals	devDependencies	pin	^1.6.0 -> 1.6.0
whatwg-fetch	dependencies	pin	^2.0.3 -> 2.0.3

:pushpin: Important: Renovate will wait until you have merged this Pin PR before creating any upgrade PRs for the affected packages. Add the preset :preserveSemverRanges to your config if you instead don't wish to pin dependencies.

---

Renovate configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

:ghost: Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[secure-code-warrior-for-github[bot]]

Micro-Learning Topic: SQL Injection (Detected by phrase)

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Examine code which interacts with relational databases and identify how each statement or query is constructed. Check if any statements are built by joining strings with external inputs and trace these data flows to see whether proper filtering or encoding was performed. Determine if special characters (such as single quotes) and keywords (such as SELECT or DROP) supplied in inputs can affect the statement that is constructed.

Try this challenge in Secure Code Warrior