Update vulnerable packages, replace slug with urlSlug package

frontend/package.json

@@ -11,17 +11,16 @@
   },
   "dependencies": {
     "axios": "^0.15.3",
-    "babel-preset-env": "^1.6.0",
     "child_process": "^1.0.2",
     "d3": "^4.9.1",
     "fs": "0.0.1-security",
     "highlight.js": "^9.10.0",
     "lodash.throttle": "^4.1.1",
     "marked": "^0.3.9",
-    "node-sass": "^4.5.3",
+    "node-sass": "^4.9.4",
     "nprogress": "^0.2.0",
     "sass-loader": "^6.0.6",
-    "socket.io-client": "^1.7.3",
+    "socket.io-client": "^2.1.1",
     "vue": "^2.4.2",
     "vue-axios": "^2.0.2",
     "vue-router": "^2.7.0",
@@ -29,11 +28,11 @@
   },
   "devDependencies": {
     "autoprefixer": "^7.1.2",
-    "babel-core": "^6.22.1",
+    "babel-core": "^6.26.3",
     "babel-loader": "^7.1.1",
     "babel-plugin-syntax-dynamic-import": "^6.18.0",
     "babel-plugin-transform-runtime": "^6.22.0",
-    "babel-preset-env": "^1.3.2",
+    "babel-preset-env": "^1.7.0",
     "babel-preset-stage-2": "^6.22.0",
     "babel-register": "^6.22.0",
     "chalk": "^2.0.1",
@@ -42,24 +41,24 @@
     "css-loader": "^0.28.0",
     "cssnano": "^3.10.0",
     "eventsource-polyfill": "^0.9.6",
-    "express": "^4.14.1",
+    "express": "^4.16.4",
     "extract-text-webpack-plugin": "^2.0.0",
     "file-loader": "^0.11.1",
     "friendly-errors-webpack-plugin": "^1.1.3",
     "html-webpack-plugin": "^2.28.0",
-    "http-proxy-middleware": "^0.17.3",
+    "http-proxy-middleware": "^0.19.0",
     "opn": "^5.1.0",
     "optimize-css-assets-webpack-plugin": "^2.0.0",
     "ora": "^1.2.0",
     "rimraf": "^2.6.0",
     "semver": "^5.3.0",
     "shelljs": "^0.7.6",
-    "url-loader": "^0.5.8",
+    "url-loader": "^1.1.2",
     "vue-loader": "^13.0.4",
     "vue-style-loader": "^3.0.1",
     "vue-template-compiler": "^2.4.2",
     "webpack": "^2.6.1",
-    "webpack-bundle-analyzer": "^2.2.1",
+    "webpack-bundle-analyzer": "^3.0.3",
     "webpack-dev-middleware": "^1.10.0",
     "webpack-hot-middleware": "^2.18.0",
     "webpack-merge": "^4.1.0"

models/thread.js

@@ -1,4 +1,4 @@
-let slug = require('slug')
+let urlSlug = require('url-slug')
 
 module.exports = (sequelize, DataTypes) => {
 	let Thread = sequelize.define('Thread', {
@@ -6,7 +6,15 @@ module.exports = (sequelize, DataTypes) => {
 			type: DataTypes.TEXT,
 			set (val) {
 				this.setDataValue('name', val)
-				if(val) this.setDataValue('slug', slug(val).toLowerCase() || '_')
+				if(val) {
+					this.setDataValue(
+						'slug',
+						//if you don't covert to lowercase it doesn't
+						//correctly slugify diacritics, e.g. thrËad
+						//becomes 'thr-ead' not 'thread'
+						urlSlug(val.toString().toLowerCase() || '') || '_'
+					)
+				}
 			},
 			allowNull: false,
 			validate: {

package.json

@@ -18,12 +18,12 @@
     "bcryptjs": "^2.4.3",
     "body-parser": "^1.16.0",
     "cheerio": "^1.0.0-rc.2",
-    "compression": "^1.7.0",
+    "compression": "^1.7.3",
     "connect-session-sequelize": "^5.1.0",
     "cross-env": "^3.1.4",
     "ejs": "^2.5.7",
-    "express": "^4.14.1",
-    "express-session": "^1.15.1",
+    "express": "^4.16.4",
+    "express-session": "^1.15.6",
     "helmet": "^3.9.0",
     "highlight.js": "^9.10.0",
     "lodash.debounce": "^4.0.8",
@@ -36,15 +36,15 @@
     "sequelize": "^3.33.0",
     "sequelize-cli": "^4.1.1",
     "sharp": "^0.18.4",
-    "slug": "^0.9.1",
-    "socket.io": "^1.7.3"
+    "socket.io": "^2.1.1",
+    "url-slug": "^2.0.0"
   },
   "devDependencies": {
     "chai": "^3.5.0",
-    "chai-http": "^3.0.0",
+    "chai-http": "^4.2.0",
     "chai-things": "^0.2.0",
-    "mocha": "^3.2.0",
-    "socket.io-client": "^1.7.3",
-    "morgan": "^1.7.0"
+    "mocha": "^5.2.0",
+    "morgan": "^1.9.1",
+    "socket.io-client": "^2.1.1"
   }
 }