[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

Commit messages

Package name: express

The new version differs by 250 commits.

• 6da454c 4.15.3
• 5cf473d deps: [email protected]
• 6549469 build: [email protected]
• bc2986f deps: finalhandler@~1.0.3
• 58cfc99 deps: [email protected]
• ad4456c deps: [email protected]
• 1ba9a9a deps: update example dependencies
• ae0b630 Fix error when res.set cannot add charset to Content-Type
• 5ea2a8f build: [email protected]
• de41c0b Fix res.cookie jsdoc comment
• a13938e tests: add tests for res.location('back')
• 1b6e700 deps: [email protected]
• 2d1dade deps: [email protected]
• df4f271 deps: type-is@~1.6.15
• c087a45 Fix typo in variable name setPrototypeOf
• 347d4db deps: proxy-addr@~1.1.4
• aabf780 docs: fix the security issues heading format
• 3763d73 examples: replace jade with hbs in mvc example
• 8acaa9a deps: finalhandler@~1.0.1
• dbf092d deps: vary@~1.1.1
• efd7032 build: Add .editorconfig
• 2189ff1 lint: remove trailing new lines from docs
• 245fa89 examples: replace jade with ejs in route-separation
• 1b6ad08 deps: [email protected]

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 23efdcf chore: release 4.10.2
• f627ba5 fix: bump ms -> 2.0.0
• b8263d6 fix: bump mquery for regexp vulnerability
• 84b3e28 docs: improve projection descriptions re: #1534
• ca5e53c chore: now working on 4.10.2
• 3474d8d chore: release 4.10.1
• dc6f887 fix(populate): handle doc.populate() with virtuals
• a6dd311 test(populate): repro #5240
• 6a2d405 fix(aggregate): handle sorting by text score correctly
• b386516 test(aggregate): repro #5258
• 54f624e Merge branch 'master' of github.com:Automattic/mongoose
• 5038635 fix(schema): enforce that _id is never null
• f7cbbdc docs: list a couple intermediate changes in changelog
• d951bed chore: now working on 4.10.1
• 274ed0f docs: add missing ignore
• 43752e8 chore: release 4.10.0
• 142fbba Merge pull request #5270 from Automattic/4.10
• 4bc7b3e docs: add missing ignores to sharding plugin
• e8c8789 Merge branch '4.10' of github.com:Automattic/mongoose into 4.10
• 9d4c9d4 Merge branch 'master' into 4.10
• b8f0dd8 Merge pull request #5253 from Automattic/5145
• f3805fa Merge pull request #5252 from Automattic/4569
• 8ba7869 Merge pull request #5268 from clozanosanchez/patch-2
• 373bb6f Update clone method to include indexes

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#89)
• b83b36d chore(package): update eslint to version 3.19.0 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#85)
• bd49cec chore(package): update xo to version 0.18.0 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#84)
• d4a94b1 chore(package): update serve to version 5.0.3 (feat: added support for CloudFoundry snyk-labs/nodejs-goof#83)
• 923eee1 chore(package): update serve to version 5.0.2 ([Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#82)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic