[Snyk] Fix for 1 vulnerabilities

[civilizador]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mocha

The new version differs by 28 commits.

• f4fc95a Release v6.1.0
• bd29dbd update CHANGELOG for v6.1.0 [ci skip]
• aaf2b72 Use cwd-relative pathname to load config file (#3829)
• b079d24 upgrade deps as per npm audit fix; closes #3854
• e87c689 Deprecate this.skip() for "after all" hooks (#3719)
• 81cfa90 Copy Suite property "root" when cloning; closes #3847 (#3848)
• 8aa2fc4 Fix issue 3714, hide pound icon showing on hover header on docs page (#3850)
• 586bf78 Update JS-YAML to address security issue (#3845)
• d1024a3 Update doc examples "tests.html" (#3811)
• 1d570e0 Delete "/docs/example/chai.js"
• ade8b90 runner.js: "self.test" undefined in Browser (#3835)
• 0098147 Replace findup-sync with find-up for faster startup (#3830)
• d5ba121 Remove "package" flag from sample config file because it can only be passes as CLI arg (#3793)
• a3089ad update package-lock
• 75430ec Upgrade yargs-parser dependency to avoid loading 2 copies of yargs
• ca9eba6 guard against undefined timeout option in constructor; closes #3813
• 735161f MarkdownMagic script updates (#3815)
• e654253 update yargs; closes #3742
• b27bc60 Add autoprefixer to documentation page CSS
• a0c03e3 set allowUncaught on hooks (#3669); closes #2302
• df1937b Completed website HTML tweaks (#3807)
• f1662ac Fix this.skip() async calls (#3745)
• 754cbf9 Update devDependencies.
• 2c626ca Use HTML5 syntax for charset declaration (#3809)

See the full diff

Package name: nodemon

The new version differs by 42 commits.

• 9a67f36 feat: update chokidar to v3
• 6781b40 docs: add license file
• 0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
• b58cf7d chore: Merge branch 'master'
• 95a4c09 docs: add to faq
• 3a2eaf7 choe: merge master
• 3d90879 chore: add logo to site
• 7d6c1a8 fix: Replace `jade` references by `pug`
• 74c8749 chore: test funding.yml change
• c1a8b75 chore: update funding
• d5b9891 test: ensure ignore relative paths
• eead311 fix: to avoid confusion like in #1528, always report used extension
• 12b66cd fix: langauge around "watching" (#1591)
• 2e6e2c4 docs: README Grammar (#1601)
• 5124ae9 Merge branch 'master' of github.com:remy/nodemon
• 95fa05a chore: git card
• d84f421 chore: adding funding file
• 13afac2 fix: ensure signal is sent to exit event
• d088cb6 chore: update stalebot
• 20ccb62 feat: add message event
• 886527f fix: disable fork only if string starts with dash
• 64b474e feat: add TypeScript to default execPath (#1552)
• 2973afb fix: Quote zero-length strings in arguments (#1551)
• aa41ab2 fix: hard bump of chokidar@2.1.5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution