[Snyk] Fix for 1 vulnerabilities

[dkeroski]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: method-override

The new version differs by 19 commits.

• 5b83d4f 3.0.0
• 0aef6c8 deps: [email protected]
• ddb4bcc build: [email protected]
• baed633 build: [email protected]
• b357d8e Drop support for Node.js below 0.10
• 09582af build: support Node.js 10.x
• 7579004 lint: apply standard 11 style
• 00ca04a build: support Node.js 9.x
• c92384c build: [email protected]
• 4947f58 build: [email protected]
• 6fb651a build: support Node.js 8.x
• 21c08c3 build: [email protected]
• 254b6ef build: [email protected]
• 26ba0ce build: [email protected]
• 4aef9e5 build: [email protected]
• 7aced59 docs: remove gratipay badge
• b232f67 build: [email protected]
• d96eb1f build: [email protected]
• 78421d2 build: fix Node.js 0.8 npm install

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• d4f507f chore: release 5.2.6
• 7eac18c style: fix lint
• e47b669 fix(populate): make error reported when no `localField` specified catchable
• 1e27f09 test(populate): repro #6767
• 2b5e18a fix(query): upgrade mquery for readConcern() helper
• 2bf81e7 test: try skipping in before()
• d5b43da test: more test fixes re: #6754
• e91d404 test(transactions): skip nested suite if parent suite skipped
• 22c6c33 fix(query): propagate top-level session down to `populate()`
• 0f24449 test(query): repro #6754
• bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
• f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
• 4071de4 Merge pull request #6771 from Automattic/gh6750
• 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
• 695cb6f test(document): repro #6779
• 0ca947e docs(document): add missing params for `toObject()`
• b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
• 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
• 451c50e test: add quick spot check for webpack build
• a0aaa82 Merge branch 'master' into gh6750
• 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
• 28621a5 test(document): repro #6754
• 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
• 42ddc42 test(connection): repro #6756

See the full diff

Package name: nodemailer

The new version differs by 121 commits.

• eaef3b5 Merge pull request #719 from nodemailer/v3.0.0
• de5b6f6 updated license
• 652ad8e Do not use PRO in name
• 6218b8d Setup files for EUPL licensed v3.0.0
• a108bc1 bumped mailcomposer
• e1da543 v2.7.1
• 3663c79 updated readme
• 9314fcd Merge branch 'master' of github.com:nodemailer/nodemailer
• 17c7702 v2.7.0
• 5e22dad Merge pull request #685 from vijay22sai/fix-readme-typo
• adb8bd0 Fix a typo in README
• ee795f7 Merge pull request #676 from sadika9/patch-1
• 9eddf01 Fix typo
• dadeb9f Merge pull request #675 from killmenot/patch-1
• 88a5cc2 added a link to nodemailer trap plugin
• 0ca29c4 Merge pull request #674 from ekryski/patch-1
• f1cb087 Adding mailgun transport link
• 9b55bbe Merge pull request #672 from niftylettuce/master
• d9e4e43 Added reference to newly published nodemailer-base64-to-s3
• 06af6d2 updated package.json
• a1d65e1 updated package.json
• 125e3f6 updated package.json
• 35bb998 updated package.json
• 829ccf1 Update README.md

See the full diff

Package name: socket.io

The new version differs by 77 commits.

• db831a3 [chore] Release 2.1.0
• ac945d1 [feat] Add support for dynamic namespaces (#3195)
• ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
• 1f1d64b [fix] Include the protocol in the origins check (#3198)
• f4fc517 [fix] Properly emit 'connect' when using a custom namespace (#3197)
• be61ba0 [docs] Add link to a Dart client implementation (#2940)
• c0c79f0 [feat] Add support for dynamic namespaces (#3187)
• dea5214 [chore] Bump superagent and supertest versions (#3186)
• b1941d5 [chore] Bump engine.io to version 3.2.0
• a23007a [docs] Update license year (#3153)
• f48a06c [feat] Add a 'binary' flag (#3185)
• 0539a2c [test] Update travis configuration
• c06ac07 [docs] Fix typo (#3157)
• 52b0960 [chore] Bump debug to version 3.1.0
• 1c108a3 [chore] Release 2.0.4
• f333479 [test] Use npm scripts instead of gulp (#3078)
• 3f61165 [docs] Fix a grammar mistake in the API docs (#3076)
• e26b71c [docs] Fix typo in API docs (#3066)
• 3386e15 [docs] Actually prevent input from having injected markup in chat example (#2987)
• 3684d59 [docs] Use path.join instead of concatenating paths (#3014)
• dd69abb [fix] Reset rooms object before broadcasting from namespace (#3039)
• 1f0e64a [fix] Do not throw when receiving an unhandled error packet (#3038)
• 9d170a7 [docs] Add io.emit in the cheat sheet (#2992)
• 7199d1b [docs] Fix misnamed 'Object.keys' in API docs (#2979)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)