[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express

The new version differs by 250 commits.

• 6da454c 4.15.3
• 5cf473d deps: debug@2.6.7
• 6549469 build: mocha@3.4.1
• bc2986f deps: finalhandler@~1.0.3
• 58cfc99 deps: serve-static@1.12.3
• ad4456c deps: send@0.15.3
• 1ba9a9a deps: update example dependencies
• ae0b630 Fix error when res.set cannot add charset to Content-Type
• 5ea2a8f build: Node.js@7.9
• de41c0b Fix res.cookie jsdoc comment
• a13938e tests: add tests for res.location('back')
• 1b6e700 deps: send@0.15.2
• 2d1dade deps: serve-static@1.12.2
• df4f271 deps: type-is@~1.6.15
• c087a45 Fix typo in variable name setPrototypeOf
• 347d4db deps: proxy-addr@~1.1.4
• aabf780 docs: fix the security issues heading format
• 3763d73 examples: replace jade with hbs in mvc example
• 8acaa9a deps: finalhandler@~1.0.1
• dbf092d deps: vary@~1.1.1
• efd7032 build: Add .editorconfig
• 2189ff1 lint: remove trailing new lines from docs
• 245fa89 examples: replace jade with ejs in route-separation
• 1b6ad08 deps: debug@2.6.3

See the full diff

Package name: method-override

The new version differs by 88 commits.

• a3b1bf2 2.3.9
• 6489fda build: eslint-config-standard@10.2.1
• 3a125dc deps: debug@2.6.8
• c4eb9fe deps: vary@~1.1.1
• c9ee68b build: eslint@3.19.0
• 99d48e6 build: eslint-plugin-markdown@1.0.0-beta.6
• 9e5799f build: Node.js@7.10
• 96422fd 2.3.8
• 5ebf813 build: eslint-config-standard@7.1.0
• 40e4ffd build: eslint-plugin-markdown@1.0.0-beta.4
• cf4de6b deps: debug@2.6.3
• 14848cd build: Node.js@7.7
• 4a98176 build: Node.js@6.10
• c0b827f build: Node.js@4.8
• 9688e46 deps: debug@2.6.0
• 71e5e69 build: eslint@3.14.0
• 3a0cf36 build: Node.js@7.4
• f09e0ef build: Node.js@4.7
• 8d6d290 2.3.7
• 98ed01f docs: add preamble to install section
• 9c3d654 perf: remove argument reassignment
• 6f0f2e4 deps: debug@2.3.3
• bedf5bb docs: change connect to express in examples
• 29bc503 lint: use standard style in README

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 23efdcf chore: release 4.10.2
• f627ba5 fix: bump ms -> 2.0.0
• b8263d6 fix: bump mquery for regexp vulnerability
• 84b3e28 docs: improve projection descriptions re: Testing (Karma = e2e & unit, API = mocha) HabitRPG/habitica#1534
• ca5e53c chore: now working on 4.10.2
• 3474d8d chore: release 4.10.1
• dc6f887 fix(populate): handle doc.populate() with virtuals
• a6dd311 test(populate): repro Quests not starting when all party members accept HabitRPG/habitica#5240
• 6a2d405 fix(aggregate): handle sorting by text score correctly
• b386516 test(aggregate): repro Background doesn't appear in iPhone app HabitRPG/habitica#5258
• 54f624e Merge branch 'master' of github.com:Automattic/mongoose
• 5038635 fix(schema): enforce that _id is never null
• f7cbbdc docs: list a couple intermediate changes in changelog
• d951bed chore: now working on 4.10.1
• 274ed0f docs: add missing ignore
• 43752e8 chore: release 4.10.0
• 142fbba Merge pull request Made text on static/contact translatable HabitRPG/habitica#5270 from Automattic/4.10
• 4bc7b3e docs: add missing ignores to sharding plugin
• e8c8789 Merge branch '4.10' of github.com:Automattic/mongoose into 4.10
• 9d4c9d4 Merge branch 'master' into 4.10
• b8f0dd8 Merge pull request when player deletes HabitRPG account, they are not removed from party (and guilds?) HabitRPG/habitica#5253 from Automattic/5145
• f3805fa Merge pull request Error - cannot start new quests HabitRPG/habitica#5252 from Automattic/4569
• 8ba7869 Merge pull request Added hidable markdown help table and added formatting-help to private messages HabitRPG/habitica#5268 from clozanosanchez/patch-2
• 373bb6f Update clone method to include indexes

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.