[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chai-http

The new version differs by 69 commits.

• d9a8d1f 4.0.0 (Nodejs-ex app failed to start on Openshift sclorg/nodejs-ex#202)
• a315dd0 chore(package): fixed license typo (Add support for binding style env vars sclorg/nodejs-ex#199)
• 832f6c2 docs: add note about agent server not closing (close Update index.html sclorg/nodejs-ex#188) (Updated heading on welcome page sclorg/nodejs-ex#190)
• cee5dbd Merge pull request Spacebar added sclorg/nodejs-ex#184 from chaijs/fix-178
• 3d7ab70 feat(node-request): close connections after request
• d3d9ec6 chore(package): update devdependencies
• e2e80ce chore(package): update all package versions
• 80c880c chore(package): update superagent to 3.7 (name in title ok sclorg/nodejs-ex#183)
• 80b4efb docs: add chai.expect usage to readme (Feat/merge loopback sclorg/nodejs-ex#173)
• 2604c3b mention login in the persistent session guide (process.env.DATABASE_SERVICE_NAME is undefined sclorg/nodejs-ex#167)
• 77a7a93 docs: fix form test example in README (How to connect mongo db using mongoose sclorg/nodejs-ex#166)
• 6e88c38 Merge pull request add template completion detection sclorg/nodejs-ex#131 from meeber/chai-v4
• 7426715 Update for Chai v4.0
• cf52191 Merge pull request Fix invalid JSON in template: nodejs.json sclorg/nodejs-ex#160 from mcky/patch-1
• dfffa63 Add to.not.redirect example to README
• 1ea9265 Merge pull request Sheehyjohn sclorg/nodejs-ex#154 from tonymet/issue/147
• ad0c3be revise error message
• 6ab3b9a revert whitespace change
• 7eef16a add 307,308 to redirect assertion HTTP 307 and 308 status codes are not treated as redirects chaijs/chai-http#147
• 3a37080 Merge pull request Pull sclorg/nodejs-ex#133 from yashsriv/fix/agent-cookies
• 12ddde4 Merge pull request add template 'app' label sclorg/nodejs-ex#149 from vieiralucas/drop-old-node
• 1436147 chore: update supported Node versions
• d6e1294 Merge pull request Application not available, waits for ever: Recreate deployment is running sclorg/nodejs-ex#142 from chaijs/vieiralucas-patch-1
• 4470f99 Fix some bad semicolon placements at README.md

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (#4026)
• 3f7b987 uncaughtException: report more than one exception per test (#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes #4035 (#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (#4025)
• 9650d3f add OpenJS Foundation logo to website (#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (#3971)
• aca8895 Add link checking to docs build step (#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (#3986)
• 18ad1c1 treat '--require esm' as Node option (#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (#3984)
• ad4860e Remove extraGlobals() (#3970)
• b269ad0 Clarify effect of .skip() (#3947)
• 1e6cf3b Add Matomo to website (#3765)
• 91b3a54 fix style on mochajs.org (#3886)

See the full diff

Package name: mongodb

The new version differs by 250 commits.

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• ffbe90b chore(travis): run sharded tests in travis as well
• 9bef6e7 feat(core): update to mongodb-core v3.1.11
• e4bb39e chore(release): 3.1.11
• 76c0130 chore(core): bump version of mongodb-core
• a3adb3f fix(bulk): fix error propagation in empty bulk.execute
• ec0e30e doc(change-streams): correct typo, add missing example
• 10ea992 chore(package): update lock file
• fcb3ec1 test(sharded): reduce some sharded errors
• d4eae97 test(sessions): undo hack for apm events in sessions tests
• 0eaca21 test(sessions): fixing broken session test
• 6790a74 test(sharding): fixing old sharding tests
• 98f0c68 test(sharded): fixing sharded operation test
• c6a9baa test(sessions): fixing session tests in sharded env
• 985f0e9 test(drop): fixing drop assertions for sharded tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic