[Snyk] Fix for 9 vulnerabilities #28

yesmancan · 2022-09-29T23:33:36Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	No	Proof of Concept
671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-MONGOOSE-2961688	No	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	No	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-REDIS-1255645	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

ca7996b chore: release 5.13.15
e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
a1144dc test: run node 7 tests with upgraded npm re: #12297
dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
b9e985c test: more strict @ types/node version
4d813fa test: fix @ types/node version in tests re: #12297
99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
5eb11dd made function non async
6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
a2ec28d Merge pull request #11366 from laissonsilveira/5.x
05ce577 Fix broken link from findandmodify method deprecation
d2b846f chore: release 5.13.14
69c1f6c docs(models): fix up nModified example for 5.x
4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
a738440 chore: release 5.13.13
4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
d205c4d make value optional
c6fd7f7 Fix ts types for query set
22e9b3b [gh-10902 v5] Add node major version to utils
5468642 [gh-10902 v5] Emit end event in before close
271bc60 Merge pull request #10910 from lorand-horvath/patch-2
b7ebeec Update mongodb driver to 3.7.3

Package name: nodemon

The new version differs by 98 commits.

27e91c3 fix: update packge-lock
0144e4f fix: bump update-notifier to v6.0.0 (#2029)
c870342 chore: update supporters
5c0b472 chore: add supporter
e26aaa9 fix: support windows by using path.delimiter
9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
de5d32a docs: Unified Node.js capitalization (#1986)
e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
bc4547b chore: update sponsors
07159c5 chore: add supporters
cd100da chore: update supporters
6a34922 chore: supporters
e5d6067 chore: updating supporters
242f9f7 Merge branch 'main' of github.com:remy/nodemon
141e58c chore: update supporters
53422af ci(release): workflow uses 'npm' cache (#1933)
581c641 ci(node.js): workflow uses 'npm' cache (#1934)
cb1c8b9 docs: Fix typo in faq.md (#1950)
54784ab fix: bump prod dep versions
26db983 chore: update supporters
61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938)
b449171 docs: Fix typo in faq.md
0a3175f chore: update supporters
18516d8 chore: add supporter

Package name: redis

The new version differs by 31 commits.

fc28860 Bump version to 3.1.1 (#1597)
2d11b6d fix #1569 - improve monitor_regex (#1595)
7e77de8 Add Chat (#1594)
5d3e995 Merge branch 'master' of https://github.com/NodeRedis/node-redis
b797cf2 add user to README.md
79f34c2 Bump version to 3.1.0 (#1590)
7fdc54e fix for 428e1c8a7b2322c2650294638cb1663ac5692728 - fix auth retry when redis is in loading state
09f0fe8 "fix" tests
428e1c8 Add support for Redis 6 `auth pass [user]` (#1508)
bb208d0 Add codeclimate badge (#1572)
47e2e38 Exclude examples from deepsource (#1579)
fbca5cd Upgrade node and dependencies (#1578)
2188744 Create codeql-analysis.yml (#1577)
32861b5 Create .deepsource.toml (#1574)
2a34d41 Add LGTM badge (#1571)
69b7094 Workflows fixes (#1570)
49c4131 Merge pull request #1531 from marnikvde/improve-docs
3c8ff5c Merge branch 'master' into improve-docs
685a72d Merge pull request #1277 from dcharbonnier/patch-1
055f5c5 Merge branch 'master' into patch-1
c78b6d5 Merge pull request #1527 from heynikhil/patch-1
53f1468 Merge branch 'master' into patch-1
232f191 Merge pull request #1563 from lebseu/patch-1
e4cb073 Update README.md