[Snyk] Fix for 5 vulnerabilities #60

ajeetchaulagain · 2022-10-05T21:42:31Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	No	Proof of Concept
671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-MONGOOSE-2961688	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

ca7996b chore: release 5.13.15
e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
a1144dc test: run node 7 tests with upgraded npm re: #12297
dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
b9e985c test: more strict @ types/node version
4d813fa test: fix @ types/node version in tests re: #12297
99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
5eb11dd made function non async
6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
a2ec28d Merge pull request #11366 from laissonsilveira/5.x
05ce577 Fix broken link from findandmodify method deprecation
d2b846f chore: release 5.13.14
69c1f6c docs(models): fix up nModified example for 5.x
4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
a738440 chore: release 5.13.13
4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
d205c4d make value optional
c6fd7f7 Fix ts types for query set
22e9b3b [gh-10902 v5] Add node major version to utils
5468642 [gh-10902 v5] Emit end event in before close
271bc60 Merge pull request #10910 from lorand-horvath/patch-2
b7ebeec Update mongodb driver to 3.7.3

Package name: nodemon

The new version differs by 82 commits.

27e91c3 fix: update packge-lock
0144e4f fix: bump update-notifier to v6.0.0 (#2029)
c870342 chore: update supporters
5c0b472 chore: add supporter
e26aaa9 fix: support windows by using path.delimiter
9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
de5d32a docs: Unified Node.js capitalization (#1986)
e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
bc4547b chore: update sponsors
07159c5 chore: add supporters
cd100da chore: update supporters
6a34922 chore: supporters
e5d6067 chore: updating supporters
242f9f7 Merge branch 'main' of github.com:remy/nodemon
141e58c chore: update supporters
53422af ci(release): workflow uses 'npm' cache (#1933)
581c641 ci(node.js): workflow uses 'npm' cache (#1934)
cb1c8b9 docs: Fix typo in faq.md (#1950)
54784ab fix: bump prod dep versions
26db983 chore: update supporters
61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938)
b449171 docs: Fix typo in faq.md
0a3175f chore: update supporters
18516d8 chore: add supporter