[Snyk] Fix for 12 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/snyk/node_modules/mime-db/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	539/1000 Why? Has a fix available, CVSS 6.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSVPARSE-467403	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-2863123	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: csv-parse

The new version differs by 250 commits.

• fe3fe58 Bump to version 4.4.6
• b9d3594 security: remove regexp vulnerable to DOS in cast option, npm report 69742
• 76d96e1 Bump to version 4.4.5
• fecf171 ts: add buffer as allowed type for input, fix [Snyk] Security upgrade async from 0.2.10 to 3.2.2 #248
• 9c53199 fix: add buffer as allowed type for input
• 53ff6e7 Bump to version 4.4.4
• 7693582 package: latest dependencies
• 620125e fix: Detecting BOM when data is not enough
• c28279e package: update file path
• 30c11a2 Bump to version 4.4.3
• 5bd4cab package: fix files declaration [Snyk] Security upgrade async from 0.9.2 to 3.2.2 #240
• 858c38a Bump to version 4.4.2
• 5e7ea6c changelog: add parsing for BOM character
• 713e95f ts: add sync definition
• 8cedaef Added test
• e003c1d Fix bom constant
• 8cea3bc Fix parsing for BOM character
• 8a817e4 package: replace npm ignore with file field
• d7d4ae7 Bump to version 4.4.1
• ce920d4 columns: allows returning an array of string, undefined, null or false
• ebb12ca ts: Options.columns allows returning an array of string, undefined, null or false
• a3eaaf7 package: coffee lint
• 5d5d579 max_record_size: new sample
• e0ce079 bom: test false value

See the full diff

Package name: istanbul

The new version differs by 23 commits.

• 89e338f 0.4.5
• 7efe4dc update changelog, contributors
• da79378 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #673 from popomore/swap-fileset-for-glob
• 58f4c90 swap fileset for glob
• fef889b Merge pull request [Snyk] Security upgrade qs from 0.6.6 to 6.0.4 #657 from djorg83/master
• 91bb666 log filename when file fails to parse using esprima
• 5dbd62c 0.4.4
• 5642fb4 Update changelog, contributors
• f4195bb Merge pull request [Snyk] Fix for 13 vulnerabilities #507 from Victorystick/es-modules-support
• c521035 Merge pull request [Snyk] Security upgrade jinja2 from 2.7.2 to 2.11.3 #628 from inversion/use-tmp-dir
• 66fffdc Merge pull request [Snyk] Security upgrade npm from 2.15.12 to 7.21.0 #597 from JamesMGreene/patch-1
• dfcab10 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 1.8.16 #627 from a0viedo/patch-1
• abec3ae Merge pull request [Snyk] Security upgrade @google-cloud/profiler from 2.0.2 to 4.1.3 #625 from ChALkeR/tmpdir
• a9aaf53 tmp dir setting was being ignored in TmpStore
• 522f465 link build badge to master branch
• 0b5e80d use os.tmpdir() instead of os.tmpDir()
• 5069661 Set "medium" coverage CSS color scheme to yellow
• 0e8c350 Merge pull request [Snyk] Fix for 10 vulnerabilities #587 from clickthisnick/chore-remove-trailing-spaces
• e589625 CHORE - Remove Trailing Spaces
• d828255 Update according to @ guybedford's comments
• 8c4343f Fix lint warnings and tests for exports. Tweaked helper.
• 1d49eb9 Defer ExportNamedDeclarations to coverExport
• 2a089f8 Handle ExportNamedDeclarations

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection