[Snyk] Fix for 62 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/demo-os/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HTMLTOTEXT-571464	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JSBEAUTIFY-2311652	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	SQL Injection SNYK-JS-KNEX-471962	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) npm:handlebars:20151207	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	SQL Injection npm:knex:20150413	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:moment:20160126	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	424/1000 Why? Has a fix available, CVSS 4.2	Insecure Randomness npm:node-uuid:20160328	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Buffer Overflow npm:validator:20160218	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 197 commits.

• b2659a7 1.18.2
• 6339bf7 perf: remove argument reassignment
• d5f9a4a deps: debug@2.6.9
• d041563 1.18.1
• 9efa9ab deps: content-type@~1.0.4
• f1ef6cc deps: qs@6.5.1
• e438db5 deps: raw-body@2.3.2
• 15c3585 deps: iconv-lite@0.4.19
• adfa01c 1.18.0
• 0632e2f Include the "type" property on all generated errors
• b8f97cd Include the "body" property on verify errors
• c659e8a tests: add test for err.body on json parse error
• 4e15325 tests: reorganize json error tests
• 5bd7ed5 tests: reorganize json strict option tests
• 3cb380b tests: store server on mocha context instead of variable shadowing
• 29c8cd0 docs: document too many parameters error
• 7b9cb14 Use http-errors to set status code on errors
• 29a27f1 docs: fix typo in jsdoc comment
• 448dc57 Fix JSON strict violation error to match native parse error
• 87df7e6 tests: add leading whitespace strict json test
• 1841248 deps: raw-body@2.3.1
• e666dbe deps: http-errors@~1.6.2
• c2a110a deps: bytes@3.0.0
• a1a2e31 build: Node.js@8.4

See the full diff

Package name: bookshelf

The new version differs by 250 commits.

• 3afecc4 Prepare for release
• a81945a Merge pull request [Snyk] Fix for 1 vulnerabilities #1305 from tgriesser/feature/gh-pages-script
• b497ce0 Remove test from `prepublish`.
• ea66c18 Try to fix tests
• 1822e74 Add postpublish script to tag and push
• 96b7668 gh-pages script
• ab426d9 Update changelog for next release
• 6a77562 Merge pull request [Snyk] Fix for 1 vulnerabilities #1287 from acburdine/lodash-4
• 4c7212f update changelog
• 12c9af8 cleanup extend function and super method calls
• 937eb59 deps: lodash@4.13.1
• 619414c Merge pull request [Snyk] Security upgrade gulp from 3.9.1 to 4.0.0 #1294 from chamini2/registry
• bb8300f Changed registry plugin to re-implement only the _relation method
• 0124c0b Merge pull request [Snyk] Fix for 1 vulnerabilities #1288 from vellotis/fix-beolngs_to_many-jsdocs
• 4f48a7f Fix belongsToMany jsdocs
• 54c2237 Merge pull request [Snyk] Security upgrade eslint from 4.12.1 to 7.0.0 #1279 from 1mike12/1mike12-patch-1
• e92f5f4 fix typo in docs
• adeccde Merge pull request [Snyk] Fix for 1 vulnerabilities #1273 from vellotis/fix-linter-warnings
• 637ea90 Merge pull request [Snyk] Security upgrade semver from 5.7.1 to 7.5.2 #1271 from vellotis/restore-postinstall-script
• a099e98 Remove two linter warnings
• 382f2c4 Fix Travis CI by restoring `postinstall` script in package.json
• 89b888c Merge pull request [Snyk] Fix for 6 vulnerabilities #1107 from gergelyke/master
• cbb8fef Merge pull request [Snyk] Fix for 1 vulnerabilities #1268 from jadengore/fix/documentation-model-where
• 1182485 Add missing fetch() in Model#where

See the full diff

Package name: cheerio

The new version differs by 106 commits.

• c3ec1cd Release 0.20.0
• ef848ca Add coveralls badge, remove link to old report
• dbcbe90 Merge pull request [Snyk] Security upgrade undefsafe from 1.3.1 to 2.0.5 #808 from leifhanack/lodash4
• c04ead1 Merge pull request [Snyk] Security upgrade qs from 0.6.6 to 6.0.4 #668 from rwaldin/prop-method
• b5531bb Merge pull request [Snyk] Fix for 55 vulnerabilities #671 from twolfson/dev/fallback.select.content.sqwished
• 9d98bd7 Merge pull request [Snyk] Fix for 1 vulnerabilities #704 from Rycochet/master
• 1b9c5c9 Merge pull request [Snyk] Security upgrade tap from 11.1.3 to 14.6.8 #797 from Delgan/641-appendTo_prependTo
• b12cbe8 Update lodash dependeny to 4.1.0
• 8c9b2e0 Merge pull request [Snyk] Fix for 1 vulnerabilities #796 from Delgan/fix_780
• b09db31 Fix PR [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5.1 #726 adding 'appendTo()' and 'prependTo()'
• ce8829d Added appendTo and prependTo with tests [Snyk] Security upgrade npm from 2.15.12 to 7.21.0 #641
• 4779762 Fix [Snyk] Security upgrade python from 3.6-slim to 3.12.0a3-slim #780 by changing options context in '.find()'
• 8dc1cc9 Add an unit test checking the query of child
• b27bed6 fix [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #667: attr({foo: null}) removes attribute foo, like attr('foo', null)
• 70c5608 Include reference to dedicated "Loading" section
• fa70a84 Added load method to $
• 4e8483a update css-select to 1.2.0
• 5f2777a Merge pull request [Snyk] Security upgrade sinatra from 1.3.2 to 2.2.3 #732 from jugglinmike/reinstate-toarray
• 106e42a Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #776 from dYale/master
• 97149d3 Fixing Grammatical Error
• a1367ee Merge pull request [Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #739 from TrySound/npm-files
• 6c73b7a Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #773 from JaKXz/patch-1
• 48bb22d Test against node v0.12 --> v4.2
• ec2414d Correct output in example

See the full diff

Package name: compression

The new version differs by 117 commits.

• 93586e7 1.7.1
• bd3fa8a deps: bytes@3.0.0
• e1ce980 deps: vary@~1.1.2
• d0f7eab deps: debug@2.6.9
• 931c346 build: Node.js@8.4
• 8c8e36a deps: compressible@~2.0.11
• 8a5e773 deps: accepts@~1.3.4
• 7b4a7e2 build: eslint-plugin-node@5.1.1
• de30e3a build: mocha@2.5.3
• 8c3f7ea 1.7.0
• c27dc0f build: support Node.js 8.x
• d886306 build: eslint-config-standard@10.2.1
• 598d876 Use safe-buffer for improved Buffer API
• 47fca12 build: eslint-plugin-markdown@1.0.0-beta.6
• 3c78e39 build: Node.js@6.11
• 6c4c539 deps: debug@2.6.8
• 6d2de08 deps: compressible@~2.0.10
• ac13bc4 deps: bytes@2.5.0
• 527907c deps: debug@2.6.4
• 6488fc2 build: Node.js@7.10
• 55532e1 build: Node.js@6.10
• 0e4ad01 build: Node.js@4.8
• be58132 deps: compressible@~2.0.10
• 4d5238e deps: vary@~1.1.1

See the full diff

Package name: cookie-session

The new version differs by 43 commits.

• 9e9c681 1.3.2
• 62a6ec8 deps: debug@2.6.9
• 3d81629 1.3.1
• 269e5dd build: Node.js@8.4
• 84414e9 docs: fix date of 1.3.0 release
• 6d6c0b5 docs: add some comparison to express-session
• 0718b0b deps: cookies@0.7.1
• 096353e 1.3.0
• dfe1279 build: supertest@1.1.0
• ef47255 build: istanbul@0.4.5
• 3cf0b6c build: support Node.js 4.x - 8.x
• 0739b01 deps: cookies@0.7.0
• f8c02a3 build: support io.js 3.x
• a53eb76 deps: on-headers@~1.0.1
• 7eb6a41 build: reduce runtime versions to one per major
• 64de88f build: mocha@2.5.3
• f11ffdc deps: debug@2.6.8
• c8867bc build: remove unnecessary Travis CI command
• 92608fb build: io.js@2.5
• e7613aa build: fix running Node.js 0.8 tests on Travis CI
• 24334af 1.2.0
• caf462d Make req.sessionOptions a shallow clone to override per-request
• 5117478 docs: expand req.session documentation
• 5d3a73c perf: remove argument reassignments

See the full diff

Package name: express

The new version differs by 250 commits.

• f974d22 4.16.0
• 8d4ceb6 docs: add more information to installation
• c0136d8 Add express.json and express.urlencoded to parse bodies
• 86f5df0 deps: serve-static@1.13.0
• 4196458 deps: send@0.16.0
• ddeb713 tests: add maxAge option tests for res.sendFile
• 7154014 Add "escape json" setting for res.json and res.jsonp
• 628438d deps: update example dependencies
• a24fd0c Add options to res.download
• 95fb5cc perf: remove dead .charset set in res.jsonp
• 44591fe deps: vary@~1.1.2
• 2df1ad2 Improve error messages when non-function provided as middleware
• 12c3712 Use safe-buffer for improved Buffer API
• fa272ed docs: fix typo in jsdoc comment
• d9d09b8 perf: re-use options object when generating ETags
• 02a9d5f deps: proxy-addr@~2.0.2
• c2f4fb5 deps: finalhandler@1.1.0
• 673d51f deps: utils-merge@1.0.1
• 5cc761c deps: parseurl@~1.3.2
• ad7d96d deps: qs@6.5.1
• e62bb8b deps: etag@~1.8.1
• 70589c3 deps: content-type@~1.0.4
• 9a99c15 deps: accepts@~1.3.4
• 550043c deps: setprototypeof@1.1.0

See the full diff

Package name: glob

The new version differs by 76 commits.

• 3a7e71d v5.0.15
• 841fda0 use latest minimatch
• 4ba54a8 Skip some tests on Windows, make others pass
• 3936e1e Build: Add build for node v4
• c47d451 v5.0.14
• 821fac8 Handle ENOTSUP for sync glob as well as async
• 9625618 Test for when readdir raises ENOTSUP
• 0a2b519 Generate fixtures more effectively, with -O instead of eval
• f96190b Use js for benchmark cleanup
• 957fd93 Fix some 'use strict' errors
• bf3381e Treat ENOTSUP like ENOTDIR in readdir
• 507733d v5.0.13
• f5878af Do not emit 'match' events for ignored items
• 9439afd v5.0.12
• 6071f3a Revert "Use graceful-fs if available"
• 38ff16c v5.0.11
• f09292b Use graceful-fs if available
• 4f39b60 Remove duplicate option description
• e3cdccc v5.0.10
• 480da05 ignore .nyc_output, upgrade tap, use coverage, rm fixtures
• 155124b add more sync cb thrower tests
• f7302ca Test base-matching
• 7530e88 v5.0.9
• b185987 reduce cases where tests need to be regenerated

See the full diff

Package name: html-to-text

The new version differs by 197 commits.

• f277a07 Version bumped to 6.0.0
• ecf344c Tidy up the changelog [ci skip]
• b5ec48c npm badges [ci skip]
• 9987864 Codeclimate - don't use eslint plugin at all [ci skip]
• e5912e7 Update Travis config
• 8fb71fc Codeclimate - attempt 4 to fix eslint checks [ci skip]
• f41d013 Codeclimate - attempt 3 to fix eslint checks [ci skip]
• 6c7526b Codeclimate - attempt 2 to fix eslint checks [ci skip]
• f87c5af Codeclimate - attempt to fix eslint checks [ci skip]
• e8e5fe5 Codeclimate - eslint version [ci skip]
• a15ac45 Codeclimate config update [ci skip]
• 58b84c2 Contributors
• 6b37a99 Tidy up the license
• 8bc501d Link from Readme to Changelog
• ffc735f Note about the repo move
• 465786f Update repository links
• ccfac06 Changelog - missing change note [ci skip]
• a48400e Fix typo
• ccecba4 Maximum input length limit
• 4d57bf4 Update changelog
• 27cce50 Update readme
• 939baa3 Rewritten formatting, block-level tags, reorganized options, ...
• fc45e3b Change from "prepare" to "prepublishOnly"
• 304070c Let CLI tests more time for slow machines

See the full diff

Package name: morgan

The new version differs by 149 commits.

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• 73cb666 build: eslint@4.19.1
• edc95aa build: Node.js@6.14
• ace86c3 build: Node.js@4.9
• 4dd1180 lint: apply standard 11 style
• 60c31e8 build: Node.js@9.8
• 05e382f build: Node.js@8.10
• 1a5be20 build: Node.js@6.13
• cf9565f docs: remove gratipay badge
• b66251d build: eslint-plugin-node@5.2.0
• 0113732 build: eslint-plugin-import@2.8.0
• 47659a9 deps: depd@~1.1.2
• 695f659 build: support Node.js 9.x
• f4c51e9 build: Node.js@8.9
• 4f15f36 build: Node.js@6.12

See the full diff

Package name: node-uuid

The new version differs by 14 commits.

• 17365b4 v1.4.6
• 3ff5482 Merge branch 'master' of github.com:broofa/node-uuid
• c206db8 v1.4.5
• 7bb3cb6 workaround for [Snyk] Security upgrade django from 2.0.1 to 2.2.25 #126
• b18ad26 close [Snyk] Fix for 1 vulnerabilities #70
• 672f383 v1.4.4: close [Snyk] Security upgrade django from 1.6.1 to 2.2.25 #122 [Snyk] Security upgrade django from 1.6.1 to 2.2.24 #118 [Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #108
• 8baa708 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 2.2.25 #123 from coolaj86/patch-1
• 616ad38 fix node.js security vulnerability
• 4ff82d5 Merge pull request [Snyk] Security upgrade jsonpointer from 2.0.0 to 5.0.0 #113 from bcoe/coverage
• 2e45d22 add coverage reporting using nyc
• 49a74b4 Merge pull request [Snyk] Security upgrade sanitize from 4.6.2 to 4.6.2 #112 from pdehaan/patch-1
• 7683aa2 Update license attribute
• 95a9c54 Merge pull request [Snyk] Security upgrade actionpack from 4.2.5 to 4.2.5 #107 from danorton2/master
• da999e9 Provide support of MSIE 11 msCrypto

See the full diff

Package name: passport

The new version differs by 183 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request [Snyk] Fix for 1 vulnerabilities #900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.
• 29a90d6 No need to guard callback existence.
• bfba8a1 Add tests.
• 17111d7 Add option to keep session data on logout.
• a349c2b Add option to keep session data.
• e69834e Add optional options to login and logout.