[Snyk] Fix for 9 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: marked

The new version differs by 250 commits.

• 98c9d14 Update home page
• 5d5fa04 0.3.18
• f886f40 Merge pull request #1147 from 8fold/update-badges
• 044683b Remove Authors ~Head
• cceac77 Merge remote-tracking branch 'upstream/master' into update-badges
• 265d6c1 pre-commit
• 341d128 Merge branch 'master' into update-badges
• eef9de4 Add /docs directory for GitHub Pages (#1138)
• 682b9c6 grammar
• e3489ca Add marked mark maker badge
• 03d0ed0 [editorconfig]: All md files except in test use tab (#1111)
• c22be25 Create CNAME for marked.js.org
• 35214c5 Add initial docs with logo
• 3e681a6 Move most of README.md to /docs/README.md
• 94b8b3e Move existing docs to /docs dir
• 2509660 Rename doc to docs
• d4e7bb4 Code of conduct (#1094)
• 214468b Merge pull request #1121 from UziTech/jasmine
• ad0585d Merge pull request #1122 from alextrastero/patch-1
• e3a988c Fix usage links in README
• ecbf4b0 Minor docs update for easier maintenance (#1116)
• 5768180 travis build stages (#1113)
• 9c6c13f fix tests
• 79325aa add tests

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 5549f26 chore: release 5.12.2
• 4b1aaac Merge pull request #10050 from SoftwareSing/fix-bulkwrite-with-timestamps-false
• 3759f34 chore: address CR comments
• 5ffbb8e fix(query): apply schema-level `select` option from array schematypes
• 7d19c9f test(query): repro #10029
• 4b0052e fix(schema): support setting `ref` as an option on an array SchemaType
• 171c31f test(schema): repro #10029
• 96f7905 fix(index.d.ts): make query methods return `QueryWithHelpers` so query helpers pass through chaining
• 04f880f fix(index.d.ts): add back `Aggregate#project()` types that were mistakenly removed in 5.12.0
• 9a3a7b4 style: fix lint
• 91f003a Merge pull request #10053 from 418sec/1-npm-mongoose
• 3ed44ff Merge pull request [Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #1 from zpbrent/patch-2
• 00e059d fix(index.d.ts): add `upserted` array to `updateOne()`, `updateMany()`, `update()` result
• 003e477 add missing issue number
• 0101ab8 fix(bulkwrite): make bulkWrite can work with `timestamps: false`
• 9559c46 test(bulkwrite): repro #10048
• 1bb97ba chore: update opencollective sponsors
• 5888269 docs(mongoose+browser): fix broken links to info about `mongoose.Types`
• 43b0cfa Merge branch 'master' of github.com:Automattic/mongoose
• 03905c5 fix(index.d.ts): always allow setting `type` in Schema to a SchemaType class or a Schema instance
• 422620b Merge pull request #10015 from Automattic/gh-9982
• 7b14258 test(QueryCursor): fix tests from #10015
• f2651d7 docs(transactions): introduce `session.withTransaction()` before `session.startTransaction()` because `withTransaction()` is the recommended approach
• 61d313b chore: update opencollective sponsor logo

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Directory Traversal
🦉 More lessons are available in Snyk Learn