[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	No	Proof of Concept
	778/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.7	Server-side Request Forgery (SSRF) SNYK-JS-NETMASK-1089716	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• f8d2721 chore: release 5.12.3
• 58cad73 fix(connection): use queueing instead of event emitter for `createCollection()` and other helpers to avoid event emitter warning
• 5382408 fix(index.d.ts): add `transform` to PopulateOptions interface
• dca1d70 Merge branch 'master' of github.com:Automattic/mongoose
• 2648088 fix(index.d.ts): add DocumentQuery type for backwards compatibility
• 966770f Merge pull request #10063 from Automattic/gh-10044
• 9e4a083 style: fix lint
• f3cd3a8 chore: use variable instead of function
• f24953c fix(query): add `writeConcern()` method to avoid writeConcern deprecation warning
• 7d2e9c9 chore: upgrade mquery -> 3.2.5 re: Security Fix for Prototype Pollution - huntr.dev mongoosejs/mquery#121
• d1a9a1e made requested changes
• cf1b666 Merge pull request #10078 from pezzu/master
• 2aef528 Merge pull request #10062 from Automattic/gh-10025
• 452c77c Fixes #10072
• c9bfb30 Update model.indexes.test.js
• 6f0133a removed comments
• 9e98cd8 Merge pull request #10055 from emrebass/patch-1
• 1c20044 Merge pull request #10054 from coro101/add-discriminator-type
• 4e74ea7 TIL that includes() is also not supported in all browsers
• f231d7b should work and is designed to handle multiple text fields
• c4897f9 TIL Object.values in not supported on all browsers
• 391ecec collation not added to text indexes
• 7a93c16 linter fix
• 6deb668 fix: connection ids are now scoped

See the full diff

Package name: snyk

The new version differs by 250 commits.

• 8987918 Merge pull request #1781 from snyk/fix/replace-proxy
• eec11b7 test: raise timeout for snyk protect tests hitting real Snyk API
• 8045ceb test: update proxy tests for the new proxy global-agent
• 0d0c76a feat: support lowercase http_proxy envvars
• e597846 test(proxy): acceptance test for Proxy envvar settings
• 6d67579 fix: replace vulnerable proxy dependency
• 1449c57 Merge pull request #1707 from snyk/feat/snyk-fix
• 3d872fb test: assert exact errors for unsupported
• 5ebd685 Merge pull request #1777 from snyk/feat/fix-with-version-provenance
• 17e3431 Merge pull request #1778 from snyk/feat/dont-force-https
• fdd7f1a docs: update SNYK_HTTP_PROTOCOL_UPGRADE description
• 165b4b9 feat: introduce envvar to control HTTP-HTTPS upgrade behavior
• 77e6665 chore: lerna release with exact version
• f14819f Merge pull request #1760 from snyk/feat/support-critical-in-sarif
• b286418 feat: v1 support for previously fixed reqs.txt
• 0384020 feat: basic pip fix -r support
• f94c558 feat: include pins optionally
• 66ca77a feat: do not skip files with -r directive
• bc44f9a refactor: fix individual reqs manifest
• 6e84322 feat: fix individual file with provenance
• 9ed99f3 Merge pull request #1764 from snyk/feat/update-code-client
• c92599b Merge pull request #1774 from snyk/refactor/change-binaries-release-script
• ca508ac test: smoke test for `snyk fix`
• c68c7da feat: add @ snyk/fix as a dep

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic