[Snyk] Fix for 12 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00089, Social Trends: No, Days since published: 667, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept	No Path Found
	235/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 113, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 10.1, Likelihood: 2.33, Score Version: V5	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept	No Path Found
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 432, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept	No Path Found
	149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00209, Social Trends: No, Days since published: 811, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 1.9, Score Version: V5	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit	No Path Found
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1083, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept	No Path Found
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00606, Social Trends: No, Days since published: 1083, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept	No Path Found
	114/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0033, Social Trends: No, Days since published: 669, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit	No Path Found
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.002, Social Trends: No, Days since published: 576, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept	No Path Found
	104/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00137, Social Trends: No, Days since published: 747, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.73, Score Version: V5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit	No Path Found
	101/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00096, Social Trends: No, Days since published: 1240, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.67, Score Version: V5	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit	No Path Found
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00437, Social Trends: No, Days since published: 426, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept	No Path Found
	160/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00632, Social Trends: No, Days since published: 1194, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.66, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: babel-eslint

• 10.1.0 - 2020-02-26
  
  • Added ability to parse Flow enums #812 (@ gkz)
• 10.0.3 - 2019-08-25
  

  Fixes #791, also eslint/eslint#12117

  Some context: #793 (comment)

  We ended up going with @ JLHwung's PR #794 which uses ESLint's deps instead of going with peerDeps since it really depends on the version being used and we don't want users to have to install it directly on their own.

  babel-eslint is patching patches of the dependencies of ESLint itself so these kinds of issues have happened in the past. We'll need to look into figuring out how to have a more solid way of modifying behavior instead of this monkeypatching type of thing for future releases.

• 10.0.2 - 2019-06-17
  

  Fixes #772

• 10.0.1 - 2018-09-27
  

  v10.0.1

  • Reverting #584

  The TypeAlias "conversion" to a function has issues. Sounds like we need to rethink the change, most likely we can just actually change the scoping rather than hardcode an AST change.

• 10.0.0 - 2018-09-25
  

  v10.0.0

  Small breaking change: add a peerDependency starting from the ESLint version that added a parser feature that we were monkeypatching before (and drop that code). If already using ESLint 5 shouldn't be any different.

  • Bugfix for TypeAlias: #584
  /* @ flow */
  type Node<T> = { head: T; tail: Node<T> }

  // or

  type File = {chunks: Array<Chunk>}
  type Chunk = {file: File}

  • Update to test against ESLint 5, add a peerDependency: #689
  • Drop monkeypatching behavior: #690
• 9.0.0 - 2018-08-27
  

  v9.0.0

  We've released v7: https://twitter.com/left_pad/status/1034204330352500736, so this just updates babel-eslint to use those versions internally. That in itself doesn't break anything but:

  • Babel now supports the new decorators proposal by default, so we need to switch between the new and the old proposal. This is a breaking change.

  To enable the legacy decorators proposal users should add a specific parser option:

  {
    parserOptions: {
      ecmaFeatures: {
        legacyDecorators: true
      }
    }
  }

  • Babel removed the support for Node 4 , so I propagated that here.

from babel-eslint GitHub release notes

Package name: css

• 3.0.0 - 2020-07-02
  

  … node version by a mile

• 2.2.4 - 2018-09-04
  

  2.2.4

• 2.2.3 - 2018-05-02
  

  2.2.3

from css GitHub release notes

Package name: expand-brackets

• 4.0.0 - 2018-04-30
  

  4.0.0

• 3.0.0 - 2018-03-26
  

  3.0.0

• 2.1.4 - 2016-12-12
  

  2.1.4

from expand-brackets GitHub release notes

Package name: extglob

• 3.0.0 - 2018-04-30
  

  3.0.0

• 2.0.4 - 2018-01-12
  

  closes #11

from extglob GitHub release notes

Package name: mongodb-extended-json

• 1.11.1 - 2021-07-06
  

  1.11.1

• 1.11.0 - 2020-01-21
  

  1.11.0

• 1.10.2 - 2019-09-25
  

  1.10.2

• 1.10.1 - 2018-11-28
  

  1.10.1

from mongodb-extended-json GitHub release notes

Package name: mongodb-stitch-browser-core

• 4.8.0 - 2020-01-03
  
  • Add customData to user object
  • Add ability to refresh customData to StitchAuth
• 4.7.1 - 2019-11-11
  

  • STITCH-3383 Update browser README SDK version to 4.7.1

  • STITCH-3383 Release v4.7.1

• 4.7.0 - 2019-11-06
  
  • Add Custom Function authentication auth provider
  • Add custom reset password function to UserPass auth provider
• 4.6.0 - 2019-10-23
  

  STITCH-3376 Release 4.6.0

• 4.5.0 - 2019-07-12
• 4.4.1 - 2019-06-11
• 4.4.0 - 2019-05-16
• 4.3.2 - 2019-03-12
• 4.3.1 - 2019-03-05
• 4.3.0 - 2019-02-15
• 4.2.0 - 2019-01-29
• 4.1.3 - 2019-01-24
• 4.1.2 - 2018-12-26
• 4.1.1 - 2018-12-06
• 4.1.0 - 2018-11-27
• 4.0.15-beta-2.0 - 2018-11-26
• 4.0.15-beta-1.0 - 2018-11-20
• 4.0.15-0 - 2018-10-15

from mongodb-stitch-browser-core GitHub release notes

Package name: mongodb-stitch-browser-sdk

• 4.8.0 - 2020-01-03
  
  • Add customData to user object
  • Add ability to refresh customData to StitchAuth
• 4.7.1 - 2019-11-11
  

  • STITCH-3383 Update browser README SDK version to 4.7.1

  • STITCH-3383 Release v4.7.1

• 4.7.0 - 2019-11-06
  
  • Add Custom Function authentication auth provider
  • Add custom reset password function to UserPass auth provider
• 4.6.0 - 2019-10-23
  

  STITCH-3376 Release 4.6.0

• 4.5.0 - 2019-07-12
• 4.4.1 - 2019-06-11
• 4.4.0 - 2019-05-16
• 4.3.2 - 2019-03-12
• 4.3.1 - 2019-03-05
• 4.3.0 - 2019-02-15
• 4.2.0 - 2019-01-29
• 4.1.3 - 2019-01-24
• 4.1.2 - 2018-12-26
• 4.1.1 - 2018-12-06
• 4.1.0 - 2018-11-27
• 4.0.15-beta-2.0 - 2018-11-26
• 4.0.15-beta-1.0 - 2018-11-20
• 4.0.15-0 - 2018-10-15

from mongodb-stitch-browser-sdk GitHub release notes

Package name: mongodb-stitch-browser-services-mongodb-remote

• 4.8.0 - 2020-01-03
  
  • Add customData to user object
  • Add ability to refresh customData to StitchAuth
• 4.7.1 - 2019-11-11
  

  • STITCH-3383 Update browser README SDK version to 4.7.1

  • STITCH-3383 Release v4.7.1

• 4.7.0 - 2019-11-06
  
  • Add Custom Function authentication auth provider
  • Add custom reset password function to UserPass auth provider
• 4.6.0 - 2019-10-23
  

  STITCH-3376 Release 4.6.0

• 4.5.0 - 2019-07-12
• 4.4.1 - 2019-06-11
• 4.4.0 - 2019-05-16
• 4.3.2 - 2019-03-12
• 4.3.1 - 2019-03-05
• 4.3.0 - 2019-02-15
• 4.2.0 - 2019-01-29
• 4.1.3 - 2019-01-24
• 4.1.2 - 2018-12-26
• 4.1.1 - 2018-12-06
• 4.1.0 - 2018-11-27
• 4.0.15-beta-2.0 - 2018-11-26
• 4.0.15-beta-1.0 - 2018-11-20
• 4.0.15-0 - 2018-10-15

from mongodb-stitch-browser-services-mongodb-remote GitHub release notes

Package name: mongodb-stitch-core-sdk

• 4.8.0 - 2020-01-03
  
  • Add customData to user object
  • Add ability to refresh customData to StitchAuth
• 4.7.1 - 2019-11-11
  

  • STITCH-3383 Update browser README SDK version to 4.7.1

  • STITCH-3383 Release v4.7.1

• 4.7.0 - 2019-11-06
  
  • Add Custom Function authentication auth provider
  • Add custom reset password function to UserPass auth provider
• 4.6.0 - 2019-10-23
  

  STITCH-3376 Release 4.6.0

• 4.5.0 - 2019-07-12
• 4.4.1 - 2019-06-11
• 4.4.0 - 2019-05-16
• 4.3.2 - 2019-03-12
• 4.3.1 - 2019-03-05
• 4.3.0 - 2019-02-15
• 4.2.0 - 2019-01-29
• 4.1.3 - 2019-01-24
• 4.1.2 - 2018-12-26
• 4.1.1 - 2018-12-06
• 4.1.0 - 2018-11-27
• 4.0.15-beta-2.0 - 2018-11-26
• 4.0.15-beta-1.0 - 2018-11-20
• 4.0.15-0 - 2018-10-15

from mongodb-stitch-core-sdk GitHub release notes

Package name: mongodb-stitch-core-services-mongodb-remote

• 4.8.0 - 2020-01-03
  
  • Add customData to user object
  • Add ability to refresh customData to StitchAuth
• 4.7.1 - 2019-11-11
  

  • STITCH-3383 Update browser README SDK version to 4.7.1

  • STITCH-3383 Release v4.7.1

• 4.7.0 - 2019-11-06
  
  • Add Custom Function authentication auth provider
  • Add custom reset password function to UserPass auth provider
• 4.6.0 - 2019-10-23
  

  STITCH-3376 Release 4.6.0

• 4.5.0 - 2019-07-12
• 4.4.1 - 2019-06-11
• 4.4.0 - 2019-05-16
• 4.3.2 - 2019-03-12
• 4.3.1 - 2019-03-05
• 4.3.0 - 2019-02-15
• 4.2.0 - 2019-01-29
• 4.1.3 - 2019-01-24
• 4.1.2 - 2018-12-26
• 4.1.1 - 2018-12-06
• 4.1.0 - 2018-11-27
• 4.0.15-beta-2.0 - 2018-11-26
• 4.0.15-beta-1.0 - 2018-11-20
• 4.0.15-0 - 2018-10-15

from mongodb-stitch-core-services-mongodb-remote GitHub release notes

Package name: request

• 2.88.2 - 2020-02-11
• 2.88.0 - 2018-08-10
  

  2.88.0

from request GitHub release notes

Package name: request-promise-native

• 1.0.9 - 2020-07-22
  

  Version 1.0.9

• 1.0.8 - 2019-11-04
  No content.
• 1.0.7 - 2019-02-15
  No content.
• 1.0.6 - 2019-02-15
  No content.
• 1.0.5 - 2017-09-22
  No content.

from request-promise-native GitHub release notes

Package name: snapdragon

• 0.12.1 - 2021-04-09
  
  • Update source-map-resolve to v0.6.0
• 0.12.0 - 2018-04-18
  

  0.12.0

• 0.11.5 - 2018-04-18
• 0.11.4 - 2018-04-09
  

  0.11.4

• 0.11.3 - 2018-03-21
  

  0.11.3

• 0.11.2 - 2018-02-24
  

  0.11.2

• 0.11.1 - 2018-02-24
  

  0.11.1

• 0.11.0 - 2017-03-12
• 0.10.1 - 2017-02-09
• 0.10.0 - 2017-02-07
• 0.9.1 - 2017-02-02
• 0.9.0 - 2017-01-21
• 0.8.2 - 2018-03-11

from snapdragon GitHub release notes

Package name: source-map-resolve

• 0.6.0 - 2020-03-21
  

  source-map-resolve v0.6.0

• 0.5.3 - 2019-12-28
  

  source-map-resolve v0.5.3

• 0.5.2 - 2018-05-10
  

  source-map-resolve v0.5.2

• 0.5.1 - 2017-10-21
  

  source-map-resolve v0.5.1

from source-map-resolve GitHub release notes

Package name: trim

• 1.0.1 - 2021-04-01
  

  1.0.1

• 1.0.0 - 2020-11-13
  

  1.0.0

• 0.0.3 - 2020-11-05
  

  0.0.3

• 0.0.2 - 2020-11-05
  

  0.0.2

• 0.0.1 - 2013-03-12
  

  use native methods when possible.

from trim GitHub release notes

Commit messages

Package name: babel-eslint

The new version differs by 13 commits.

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert [Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#584 ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• 020d012 Treat type alias declarationlike function declaration ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#584)
• b400cb1 Test eslint5, update peerDep ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#690)
• c333bd6 Drop old monkeypatching behavior ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#689)

See the full diff

Package name: css

The new version differs by 4 commits.

• 838d071 Bump major version since we updated major version deps and bumped the node version by a mile
• c0aa45c Update/remove dependencies ([Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #140)
• 64910e8 2.2.4
• 042922e Upgrade dependencies ([Snyk] Security upgrade mongoose from 4.2.4 to 5.13.20 #115)

See the full diff

Package name: expand-brackets

The new version differs by 18 commits.

• 1a70cc2 4.0.0
• af96dc5 Update changelog [skip ci]
• c7ea1c3 Update Readme [skip ci]
• 354cfbf Use let, const
• 13e0d90 Update dev dependencies
• f5a833e Remove extend-shallow
• fb74412 Drop support for node <4
• 914cfb2 Update snapdragon to 0.12 ([Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #10)
• 39b83e3 Update Readme
• 58f2f1f 3.0.0
• 3060a56 Revert "Fix appveyor link"
• 232670e Fix appveyor link
• 7e996fb Update Readme
• 7c0bdfc Remove debug
• c204656 Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #9 from danez/update-snapdragon
• 8219034 Update snapdragon to 0.11
• cc56339 Merge pull request [Snyk] Fix for 2 vulnerabilities #7 from mjbvz/patch-1
• ae88242 Update Repository Urls

See the full diff

Package name: extglob

The new version differs by 7 commits.

• 0daa3ed 3.0.0
• dedd109 Merge pull request [Snyk] Security upgrade karma from 2.0.3 to 3.0.0 #12 from micromatch/snap-11
• e90b000 Use let/const
• ff338f9 Fix linting
• 8fdd4e2 Drop support for node <4
• 841c540 Update dependencies
• ed10fb2 Update snapdragon to 0.11

See the full diff

Package name: mongodb-extended-json

The new version differs by 15 commits.

• 51d6644 1.11.1
• 7872203 fix: prefer _bsontype over constructor.name in DBRef serializer ([Snyk] Security upgrade express from 4.12.4 to 4.19.2 #152)
• 7b1cd35 build(deps-dev): bump mongodb-js-precommit from 2.2.0 to 2.2.1 ([Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #104)
• 1a02262 build(deps-dev): bump mongodb-js-precommit from 0.2.9 to 2.2.0 ([Snyk] Security upgrade adm-zip from 0.4.7 to 0.4.11 #103)
• 6ae4046 1.11.0
• f3d1c18 build(deps-dev): bump mocha from 7.0.0 to 7.0.1 ([Snyk] Security upgrade snyk from 1.389.0 to 1.685.0 #102)
• 3366df4 build(deps): bump async from 3.1.0 to 3.1.1 ([Snyk] Fix for 1 vulnerabilities #101)
• cbadf43 chore(security): npm audit fix
• 9d446bd build(deps): bump moment from 2.22.2 to 2.24.0 ([Snyk] Fix for 1 vulnerabilities #96)
• 59c569f Bump mocha from 3.2.0 to 7.0.0 ([Snyk] Fix for 92 vulnerabilities #100)
• 4c5b008 build(deps): bump async from 2.6.1 to 3.1.0 ([Snyk] Fix for 1 vulnerabilities #98)
• 28981c0 build(deps): bump debug from 2.6.9 to 4.1.1 ([Snyk] Fix for 6 vulnerabilities #99)
• 5e7020a build(deps-dev): bump eslint-config-mongodb-js from 2.3.0 to 5.0.3 ([Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #97)
• 4b240d1 1.10.2
• 6186f8a COMPASS-3836: Handle Binary properly across BSON versions

See the full diff

Package name: request-promise-native

The new version differs by 23 commits.

• 578970f Version 1.0.9
• 8388f42 chore: bumped request-promise-core due to security vulnerability of lodash
• f53ac09 docs: reference to request deprecation and alternative libs
• 1165c4e Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #58 from shisama/readme-shows-deprecation
• 086632b docs: deprecated as well as request
• 6498be1 Version 1.0.8
• 3e8df67 Merge branch 'master' of https://github.com/request/request-promise-native
• 1592a31 chore: updated request-promise-core that updates lodash
• 171f3b5 Merge pull request [Snyk] Security upgrade humanize-ms from 1.0.1 to 1.2.1 #46 from tbjgolden/docs/clarify-es6-finally
• 239ce46 docs: es6+, finally
• 2ae195a Version 1.0.7
• ecf8621 fix: tough-cookie version
• 7c5f721 chore: updated publish-please config
• 7ad655a Version 1.0.6 (now really)
• 1240b80 fix: updated indirect lodash dependency to fix security vulnerability
• 80947a1 Version 1.0.6
• ad529a3 chore: fix ci build for node v8+
• c2c54c4 Merge pull request [Snyk] Fix for 9 vulnerabilities #33 from jasonmit/u/jasonmit/fix-node-6
• 67f7ed2 Merge branch 'master' into u/jasonmit/fix-node-6
• 4633d4c fix: breaking change in tough-cookie v3
• 14aa6ee chore: added node 8 and 10 to ci build
• 9cfcaaa Update package.json
• 049152b fix: target tough-cookie 2.x to preserve node 6 support

See the full diff

Package name: source-map-resolve

The new version differs by 16 commits.

• eeed61b source-map-resolve v0.6.0
• a7444bb Fix files in package.json
• 19ce716 Update copyright years
• 2cf4e93 Actually run test/read.js
• 71e9b9d Move to index.js
• df81125 Get rid of the browser version and inline some dependencies
• 34c23e3 Update npm packages
• b8244f1 source-map-resolve v0.5.3
• 8cb7ab5 Reduce size of npm package
• adbaef1 Remove trailing spaces
• a44979e Update license
• 1a58d53 Update npm packages
• ff057d4 Fix utf8 support for dataUri base64 ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #15)
• 858cd9e source-map-resolve v0.5.2
• dc72273 Remove testling
• 70bc4f5 Update dependencies and add package-lock.json

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn