[Snyk] Fix for 22 vulnerabilities

[netcode]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	Yes	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• ddff80d release 4.0.0
• 2ef9a42 Merge branch '3.8.x'
• 73d7dc6 Merge pull request #2791 from Automattic/docs-switch
• 06ee56c fix; docs generation for embedded docs
• c339edd chore; set up legacy / master doc generation
• 3846944 chore; update gitter badge to Automattic/, reference acquit in README
• 5eb0b7d upgraded; node driver to 2.0.24
• 5ed48e2 Merge pull request #2789 from chetverikov/patch-2
• 343811b Merge pull request #2788 from chetverikov/errors
• 5d488e1 LearnBoost -> Automattic
• 9408e1d Fix errors is not defined
• 174e1f0 fix; test broken from 3.8.x merge
• 0ffbf77 Merge branch '3.8.x'
• 1624116 Merge pull request #2783 from artiifix/patch-1
• e1196a9 Correct typo in documentation
• 8454a49 Merge branch '3.8.x'
• b7c7040 Fix #2656; upgrade to node driver 2.0.23
• ea2558b Merge pull request #2775 from LearnBoost/improve-cast-error
• 3d201b9 Persist cast errors across calls to validate()
• 5371e36 Repro issue with cast errors not persisting across validation
• ad4462c Merge pull request #2773 from chetverikov/gh2719
• 80f8332 Merge branch 'master' into gh2719
• a6a47cd Merge remote-tracking branch 'upstream/master'
• 78f3ebb Fix #2719

See the full diff

Package name: phantom-render-stream

The new version differs by 13 commits.

• be7ec63 2.0.0
• f4074df Update HISTORY.md
• ff287b1 Merge pull request #93 from joelmukuthu/master
• 37729cc Added a section for the 2.0.0 release
• c59949b Trimmed trailing whitespace and extra lines breaks
• 22a9069 Bumped 'phantomjs-prebuilt' to 2.1.4 and set a caret version range for it
• 267206a Update HISTORY.md
• 536e47f s/phantomjs/PhantomJS in the README
• cd033bf Updated references of 'phantomjs' to 'phantomjs-prebuilt'
• a2adcee Renamed 'phantomjs' dependency to 'phantomjs-prebuilt'
• 1c8fa11 Updated phantomjs dependency to 2.1.x
• 64df47e Merge pull request #87 from markstos/patch-1
• 8f2b408 Fix doc-bug: the document default value of maxRenders was out of sync with the current code.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Prototype Override Protection Bypass
🦉 More lessons are available in Snyk Learn