[Snyk] Fix for 19 vulnerabilities

[snyk-levine]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-1014544	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MOUT-2342654	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @cypress/browserify-preprocessor

The new version differs by 59 commits.

• 2b1c1f4 chore: Upgrade node to 16.13.0, use https for npm registry ([Snyk] Fix for 12 vulnerabilities #94)
• 927b76a fix: release
• 67ea9f6 chore: Fix semantic release ([Snyk] Security upgrade debug from 2.0.0 to 2.6.9 #93)
• a8ff57f fix: release
• a8adb24 chore: Bump circle node orb and non-major deps ([Snyk] Fix for 66 vulnerabilities #92)
• c66ae40 chore(docs): remove note about being default ([Snyk] Fix for 66 vulnerabilities #91)
• 76edfbe chore(deps): update dependency semantic-release to version 17.2.3 🌟 ([Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #76)
• 61dae70 fix(deps): update dependency glob-parent to version 5.1.2 🌟 ([Snyk] Fix for 66 vulnerabilities #84)
• fc9f2ee Merge pull request [Snyk] Security upgrade mout from 1.1.0 to 1.2.4 #77 from cypress-io/renovate/npm-set-value-vulnerability
• 60e408b Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #67 from cypress-io/renovate/npm-elliptic-vulnerability
• d0a76d7 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #68 from cypress-io/renovate/npm-handlebars-vulnerability
• f1273c8 Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #65 from cypress-io/renovate/npm-acorn-vulnerability
• d9467f2 Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #66 from cypress-io/renovate/npm-dot-prop-vulnerability
• b882246 chore(deps): update set-value to 2.0.1 🌟
• 91dbb34 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #69 from cypress-io/renovate/npm-https-proxy-agent-vulnerability
• 8f20054 Merge pull request [Snyk] Security upgrade node-fetch from 1.7.3 to 3.2.10 #70 from cypress-io/renovate/npm-ini-vulnerability
• 9044660 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 10.3.3 #71 from cypress-io/renovate/npm-lodash-vulnerability
• 1309f48 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #72 from cypress-io/renovate/npm-marked-vulnerability
• e9c9043 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #73 from cypress-io/renovate/npm-mixin-deep-vulnerability
• cff2acb Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #74 from cypress-io/renovate/npm-node-fetch-vulnerability
• 170a37c chore(deps): update node-fetch to 2.6.1 🌟
• 0526cb6 chore(deps): update mixin-deep to 1.3.2 🌟
• e000efc chore(deps): update marked to 0.7.0 🌟
• 494c6bd chore(deps): update lodash to 4.17.19 🌟

See the full diff

Package name: chokidar

The new version differs by 201 commits.

• 7b8e02a Release 3.0.0.
• e7bfe2f Move stuff.
• df7f22e Remove changelog from npm, move to hidden dir.
• 3df7692 Improve naming.
• 6e94ca2 Clean-up.
• 2de2f9c test: Add testing of Node.js v12 in Travis pipeline. ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#833)
• 9e0965a Fix Windows tests in Travis CI ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#832)
• c95a98f Update stuff.
• 187ff2b test: Trying to fix blinked tests for Travis CI. ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#825)
• db99076 fix(Windows): Add converting from windows to unix path for all ignored paths. ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#824)
• 41f8782 fix(FsEvents): Remove situation with NaN depth. ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#823)
• 7cf3f7e Update readdirp to stable.
• 0927a62 Bump packages.
• 11cd857 Update nyc.
• 99c14d7 Uncomment fsevents.
• cf330a5 Update fsevents.
• 0e4fca5 Fix deps.
• 9c575d4 Fix Windows version ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#821)
• 3323d59 fix(Linux): Make event loop hack for keep testing valid. ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#820)
• 06214c5 Update to latest readdirp.
• 793639f Rename osxfswatch.
• 078bc2d Refactor and fix freaking tests.
• 2b9bb41 Try node 11.
• 3fe3d4e Test travis.

See the full diff

Package name: html-webpack-plugin

The new version differs by 139 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: jsdom

The new version differs by 250 commits.

• 74a8d1e Version 16.6.0
• f51f2ec Remove the dependency on request
• 2b6d5ae Update dependencies
• b72b33b Disable now-crashing canvas test
• 39b7972 Handle null and undefined thrown as exceptions
• 04f6c13 Add ParentNode.replaceChildren() ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/npm-lockfiles#3176)
• e4c4004 Version 16.5.3
• 2f41466 Fix MutationObserver infinite loop bugs ([Snyk(Unlimited)] Upgrade dustjs-linkedin from 2.5.0 to 2.7.5 snyk-fixtures/npm-lockfiles#3173)
• b232f2a Run partially-failing WPTs in the custom-elements directory
• 35e103e Run partially-failing WPTs in the cors directory
• 77b660a Run partially-failing WPTs in the FileAPI directory
• d8a245f Use `InnerHTML` mixin for `innerHTML` definition ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#2981)
• bd50bbe Version 16.5.2
• d5cfd69 Fix event handler ObjectEnvironment instantiation
• 93e3d4a Remove vestigial concurrentNodeIterators option-passing
• c92f9c1 Check all associated elements for form validity
• 2202703 Fix failing WPTs calculation
• 21c7671 Upgrade dependencies
• c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
• a13d854 Use WeakRefs for NodeIterator tracking when supported
• fdf97d8 Fix radio/checkbox to not fire events when disconnected
• 761d8cc Refactor <output>
• b36d418 Make customElements.whenDefined() resolve with the constructor
• c5d13bb Remove a variety of redundant to-port tests

See the full diff

Package name: karma

The new version differs by 139 commits.

• 42933c9 chore: release v4.2.0
• db1ea57 chore: update contributors
• a1049c6 chore: update eslint packages to latest and fix complaints ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3312)
• 70b72a9 fix(logging): Util inspect for logging the config. ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.7.0 snyk-fixtures/npm-lockfiles#3332)
• 1087926 fix typo: ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-fixtures/npm-lockfiles#3334)
• 182c04d fix(reporter): format stack with 1-based column ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#3325)
• f0c4677 docs(travis): Correct the docs to also show how to do it on Xenial ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#3316)
• 3aea7ec chore(deps): update core-js -> ^3.1.3 ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#3321)
• 5e11340 chore: revert back to Mocha 4 ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#3313)
• 1205bce chore(test): fix flaky test cases ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#3314)
• 7f40349 Cleanup dependencies ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#3309)
• 7828bea chore: update braces and chokidar to latest versions ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3307)
• fe9a1dd fix(server): Add error handler for webserver socket. ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.7.0 snyk-fixtures/npm-lockfiles#3300)
• 13ed695 chore: release v4.1.0
• d844a48 chore: update contributors
• ce6825f fix(client): Only create the funky object if message is not a string ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#3298)
• 7968db6 fix(client): Enable loading different file types when running in parent mode without iframe ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#3289)
• 6556ab4 fix(launcher): Log state transitions in debug ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#3294)
• 7eb48c5 fix(middleware): log invalid filetype ([Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 snyk-fixtures/npm-lockfiles#3292)
• c7ebf0b chore: release v4.0.1
• c190c4a chore: update contributors
• 375bb5e fix(filelist): correct logger name. ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3262)
• c43f584 fix: remove vulnerable dependency combine-lists ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#3273)
• 4ec4f6f fix: remove vulnerable dependency expand-braces ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3270)

See the full diff

Package name: less

The new version differs by 176 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 ([Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-fixtures/npm-lockfiles#3540)
• d5aa9d1 Fixes [Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3371 Allow conditional evaluation of function args ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-fixtures/npm-lockfiles#3532)
• a722237 Remove lib folder from git ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3531)
• e0f5c1a Move changelog to root ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.7.0 snyk-fixtures/npm-lockfiles#3530)
• f7bdce7 Duplicate dist files in root for older links ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-fixtures/npm-lockfiles#3529)
• 0925cf1 Test-data module ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#3525)
• 51fb02b Fixes [Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-fixtures/npm-lockfiles#3504 / organizes tests ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-fixtures/npm-lockfiles#3523)
• efb76ec Restore nuked scripts (?), replace dependencies ([Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3501) ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling ([Snyk(Unlimited)] Upgrade yargs from 11.1.0 to 11.1.1 snyk-fixtures/npm-lockfiles#3521)
• a3641e4 Resolve [Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.4 snyk-fixtures/npm-lockfiles#3398 Add flag to disable sourcemap url annotation ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#3517)
• e018ba8 fix([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#3294): use loadFileSync when loading plugins with syncImport: true ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#3506)
• 95b9007 Update changelog
• 6238bbc Fixes [Snyk(Unlimited)] Upgrade humanize-ms from 1.0.1 to 1.2.1 snyk-fixtures/npm-lockfiles#3508 ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3498)
• 0f271f3 issue#3481 ignore missing debugInfo ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.24.0 snyk-fixtures/npm-lockfiles#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment ([Snyk(Unlimited)] Upgrade mongoose from 4.2.4 to 4.13.19 snyk-fixtures/npm-lockfiles#3494)
• 0715d90 fix: Use make-dir instead of mkdirp ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#3490)
• 2634494 Properly exit calc mode after use ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3493)
• 096dd22 Convert to auto-changelog ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.15.1 snyk-fixtures/npm-lockfiles#3477)
• 842386b Fixes [Snyk(Unlimited)] Upgrade st from 0.2.4 to 0.5.5 snyk-fixtures/npm-lockfiles#3469 - Include tslib dependency ([Snyk(Unlimited)] Upgrade cfenv from 1.1.0 to 1.2.2 snyk-fixtures/npm-lockfiles#3475)
• 1adaadb 3.11.0 ([Snyk(Unlimited)] Upgrade errorhandler from 1.2.0 to 1.5.1 snyk-fixtures/npm-lockfiles#3468)

See the full diff

Package name: less-cache

The new version differs by 6 commits.

• e8bb5a3 1.1.1
• ea484ed Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #17 from aminya/less3
• 9f85e26 rebump devDeps
• b80d80b dynamic require from the cjs dist of less
• 99ed498 updating the dependencies
• 9de02d0 using node scripts instead of grunt

See the full diff

Package name: mongodb-js-fmt

The new version differs by 7 commits.

• c6eb112 0.0.4
• 4045480 Sunsetting this project
• 2376730 chore(package): update dependencies ([Snyk] Fix for 1 vulnerabilities #3)
• 244ded0 Update package.json with correct github url ([Snyk] Security upgrade nyc from 14.0.0 to 15.0.0 #2)
• da67a88 Update travis.yml to node_js 4 from iojs-v2.3.4 ([Snyk] Security upgrade nyc from 14.0.0 to 15.0.0 #1)
• 453ab45 💚
• d26536f 👕

See the full diff

Package name: mongodb-query-parser

The new version differs by 45 commits.

• da40e5a 2.4.7
• 1108056 Allow usage with bson 5 ([Snyk] Fix for 2 vulnerabilities #124)
• 24d4426 2.4.6
• 3068234 Bump ejson shell parser ([Snyk] Fix for 1 vulnerabilities #112)
• bf3a43a Merge branch 'master' of https://github.com/mongodb-js/query-parser
• 2595659 2.4.5
• dd2c93e fix: quotes around RegExp options COMPASS-4758 COMPASS-3128 ([Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #110)
• e9324f4 2.4.4
• f75fc36 fix: fix invalid int32 stringify, update bson dependency for toString int32 helper COMPASS-4210 ([Snyk] Security upgrade decode-uri-component from 0.2.0 to 0.2.2 #105)
• 5cedbce 2.4.3
• 83e548d fix: support db passed to DBRef constructor (COMPASS-4835) ([Snyk] Fix for 1 vulnerabilities #103)
• 7d033fc 2.4.2
• caef887 fix(sort): Handle empty sort input in internal parse method and not only in exported one
• 9c2af19 2.4.1
• 80ed0e2 fix(sort): Always parse sort before validating so null and undefined can be properly handled ([Snyk] Security upgrade adm-zip from 0.4.7 to 0.5.2 #85)
• c867d24 2.4.0
• 26a3a99 Merge pull request [Snyk] Security upgrade snyk from 1.389.0 to 1.996.0 #79 from mongodb-js/compass-4258-change-sort-validation
• b8ede6b Merge pull request [Snyk] Security upgrade css-what from 2.1.0 to 2.1.3 #78 from mongodb-js/ease-validation-rules-in-query-parser
• e8224f8 refactor(sort): Allow arrays in sort query option
• dd9c274 feat: Ease project values validation, but make sure that only documents can be used COMPASS-4644
• 406ed4e 2.3.0
• 4883eae feat: allow functions in query ([Snyk] Security upgrade tap from 5.8.0 to 10.3.3 #71)
• 4d8f6d1 2.2.0
• c6ff007 Merge pull request [Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #66 from mongodb-js/increase-default-max-time-ms

See the full diff

Package name: mongodb-schema

The new version differs by 41 commits.

• afac3d9 10.0.0
• a56b24c chore: typescript, update deps, node versions in github actions ([Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #183)
• 8f8aaa1 Update 'sample' to 'number' for settings sampleSize ([Snyk] Fix for 1 vulnerabilities #169)
• 01d70e2 9.0.0
• f4147ea Update package-lock.json
• c4e8dba Bump lodash from 4.17.20 to 4.17.21 ([Snyk] Security upgrade @babel/traverse from 7.0.0 to 7.23.2 #149)
• 983b2d1 Bump cli-table from 0.3.4 to 0.3.5 ([Snyk] Security upgrade snyk from 1.389.0 to 1.518.0 #151)
• a1f3342 Bump mocha from 8.3.0 to 8.3.2 ([Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #152)
• 88b20c2 Reduce the usage of lodash (round 2) ([Snyk] Security upgrade cypress from 4.12.0 to 13.0.0 #145)
• 33e0f51 Update Github workflow location
• 68a401b Added github workflow to exec. unit tests ([Snyk] Security upgrade mongoose from 4.2.4 to 4.2.5 #144)
• beb4387 Bump mocha from 3.5.3 to 8.2.1 ([Snyk] Fix for 2 vulnerabilities #124)
• d73f838 Added promise support for library ([Snyk] Security upgrade mongoose from 4.2.4 to 5.13.20 #140)
• 39af582 End support for legacy Node.js versions 🩺 ([Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #136)
• 17bbff4 Bump mongodb from 3.5.2 to 3.5.3 ([Snyk] Fix for 66 vulnerabilities #84)
• 21a2fc7 Bump mongodb-js-precommit from 2.2.0 to 2.2.1 ([Snyk] Fix for 18 vulnerabilities #82)
• 8997b3e Bump debug from 2.6.9 to 4.1.1 ([Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #68)
• 915ba85 build(deps): Bump mongodb-ns from 2.0.0 to 2.2.0 ([Snyk] Security upgrade snyk from 1.389.0 to 1.996.0 #79)
• b6e367a build(deps-dev): [Security] Bump bson from 0.5.7 to 1.0.5 ([Snyk] Security upgrade mout from 1.1.0 to 1.2.4 #77)
• 069b051 build(deps): Bump stats-lite from 2.1.1 to 2.2.0 ([Snyk] Security upgrade node-fetch from 1.7.3 to 3.2.10 #70)
• ecdbdf0 build(deps): Bump ms from 0.7.3 to 2.1.2 ([Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #66)
• 2f41b46 Bump mongodb-js-precommit from 2.0.0 to 2.2.0 ([Snyk] Security upgrade tap from 5.8.0 to 10.3.3 #71)
• e06e39a chore(deps): Bump mongodb-extended-json from 1.10.0 to 1.11.0 ([Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #75)
• 79fd908 build(deps): Bump mongodb from 3.1.4 to 3.5.2 ([Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #76)

See the full diff

Package name: react-middle-truncate

The new version differs by 12 commits.

• 41a37e7 1.0.1
• b9c235d RC v1.0.1 ([Snyk] Security upgrade marked from 0.3.5 to 4.0.10 #7)
• 3f3c1fe fix: resolve alias for utils folder for library webpack config
• 5c0967b fix: Readme typos.
• e455feb Merge branch 'master' of github.com:matt-d-rat/react-middle-truncate
• 6575007 fix: Security vulnerabilities in dev dependencies + upgrade dev dependencies ([Snyk] Security upgrade marked from 0.3.5 to 4.0.10 #6)
• ec9004e Merge branch 'master' of github.com:matt-d-rat/react-middle-truncate
• 3104743 fix: `measure-text` security vulnerability ([Snyk] Security upgrade mout from 1.1.0 to 1.2.3 #5)
• 0bbfd4f Merge branch 'master' of github.com:matt-d-rat/react-middle-truncate
• 2f1dc21 go with class properties all the way ([Snyk] Security upgrade nyc from 14.0.0 to 15.0.0 #2)
• c192168 chore: Add development setup section to the contributing docs.
• 83ab391 chore: fix typo in README.md

See the full diff

Package name: universal-analytics

The new version differs by 6 commits.

• bb7abdd Version 0.4.21
• aa8a790 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 4.2.5 #144 from beeman/beeman/dependencies
• fe696ff Upgrade request to native-request
• 859bc37 Upgrade package versions
• e534517 Version 0.4.20
• 127aa72 Version 0.4.19

See the full diff

Package name: watchify

The new version differs by 9 commits.

• 7b27a3c 4.0.0
• 5d4842a bump deps ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#380)
• b840f29 disable package-lock.json
• bae5e02 update chokidar and anymatch ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#378)
• 3445775 ci: use github actions ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#379)
• f79e59f Change URLs from "Substack" (someones personal site & acc) to "browserify" ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#369)
• bd2f677 ci: run on more node versions
• 563a90d Merge pull request [Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#367 from Trott/update-readme-badge
• bb2b429 chore: Fix Travis-CI badge in readme.markdown

See the full diff

Package name: watchpack

The new version differs by 22 commits.

• d5b9c58 1.7.1
• 1cacc77 add chokidar2 package to package.json files
• 2db42a7 1.7.0
• 59a4990 Merge pull request [Snyk] Fix for 59 vulnerabilities #153 from coreyward/update-chokidar
• f53f6c7 run CI with node.js 14
• e95336f add additional assumption test to ensure chokidar do not emit events after close
• e27a81f Update chokidar to 3.4.0
• 11caedf use chokidar 2 or 3 depending on node.js version
• f6d5f77 log out watching errors
• da8c244 catch errors on closing
• 9efbb97 enforce readdirp@3.4.0
• 7dd76d9 Update chokidar to 3.3.0
• 88e13a6 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #155 from webpack/ci/appveyor-yarn
• 1403402 run appveyor with yarn too
• c5a3346 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #154 from webpack/ci/fix
• 0e6a867 update lockfile to be node 6 compatible in CI
• 4097e48 1.6.1
• 4fd09bc add lockfile
• 31500fb Merge pull request [Snyk] Fix for 1 vulnerabilities #148 from mjziolko/chokidar-vuln
• 669aaa1 Merge pull request [Snyk] Security upgrade snyk from 1.389.0 to 1.518.0 #151 from webpack/ci/node-version
• 4ea9ed2 remove outdated node.js version, add latest ones
• 1549c44 Update Chokidar to the new minor version that fixes the prototype pollution vulnerability through minimist: https://npmjs.com/advisories/1179

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn