[Snyk] Fix for 65 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/demo-os/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	Yes	Proof of Concept
	706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Remote Memory Exposure SNYK-JS-BL-608877	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	Yes	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	Yes	No Known Exploit
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	Yes	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	Yes	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HTMLTOTEXT-571464	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-JSBEAUTIFY-2311652	Yes	No Known Exploit
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	SQL Injection SNYK-JS-KNEX-3175610	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	SQL Injection SNYK-JS-KNEX-471962	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
	454/1000 Why? Has a fix available, CVSS 4.8	Session Fixation SNYK-JS-PASSPORT-2840631	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SQLITE3-2388645	Yes	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Cross-site Scripting (XSS) npm:handlebars:20151207	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	SQL Injection npm:knex:20150413	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:moment:20160126	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	No	No Known Exploit
	424/1000 Why? Has a fix available, CVSS 4.2	Insecure Randomness npm:node-uuid:20160328	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Buffer Overflow npm:validator:20160218	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 250 commits.

• 424dadd 1.19.2
• 11248a2 deps: raw-body@2.4.3
• 7a088eb build: Node.js@14.19
• ecedf31 build: Node.js@16.14
• b6bfabd build: Node.js@17.5
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: Node.js@17.4
• 70560b1 build: mocha@9.2.0
• 548a06f build: supertest@6.2.2
• 3b00678 deps: bytes@3.1.2
• d5acb61 build: mocha@9.1.4
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: qs@6.9.7
• c631b58 build: supertest@6.2.1
• c81a8e2 build: eslint-plugin-import@2.25.4
• 3c4dcb8 build: Node.js@17.3
• d0a214b 1.19.1
• fb172d4 build: eslint-plugin-promise@5.2.0
• c5e63cb build: Node.js@17.2
• c6d43bd build: eslint-plugin-import@2.25.3
• 313ed6d build: eslint-plugin-promise@5.1.1
• 8389b51 deps: bytes@3.1.1
• aae94b2 deps: http-errors@1.8.1
• 7f84d4f deps: raw-body@2.4.2

See the full diff

Package name: bookshelf

The new version differs by 250 commits.

• 3afecc4 Prepare for release
• a81945a Merge pull request feat: add new generic payload to process scan results from plugins snyk/cli#1305 from tgriesser/feature/gh-pages-script
• b497ce0 Remove test from `prepublish`.
• ea66c18 Try to fix tests
• 1822e74 Add postpublish script to tag and push
• 96b7668 gh-pages script
• ab426d9 Update changelog for next release
• 6a77562 Merge pull request chore(test): use shellspec for regression test snyk/cli#1287 from acburdine/lodash-4
• 4c7212f update changelog
• 12c9af8 cleanup extend function and super method calls
• 937eb59 deps: lodash@4.13.1
• 619414c Merge pull request chore: update run test exports to modules syntax snyk/cli#1294 from chamini2/registry
• bb8300f Changed registry plugin to re-implement only the _relation method
• 0124c0b Merge pull request feat: support pipfile on containerized cli snyk/cli#1288 from vellotis/fix-beolngs_to_many-jsdocs
• 4f48a7f Fix belongsToMany jsdocs
• 54c2237 Merge pull request fix: abridge call graph creation error messages in analytics snyk/cli#1279 from 1mike12/1mike12-patch-1
• e92f5f4 fix typo in docs
• adeccde Merge pull request chore: Update node version for Gradle with Java 11 standalone binary snyk/cli#1273 from vellotis/fix-linter-warnings
• 637ea90 Merge pull request feat: if matched display the project ID snyk/cli#1271 from vellotis/restore-postinstall-script
• a099e98 Remove two linter warnings
• 382f2c4 Fix Travis CI by restoring `postinstall` script in package.json
• 89b888c Merge pull request feat: add --json-file-output option for snyk test snyk/cli#1107 from gergelyke/master
• cbb8fef Merge pull request test: run yarn v2 tests for Node 10 snyk/cli#1268 from jadengore/fix/documentation-model-where
• 1182485 Add missing fetch() in Model#where

See the full diff

Package name: cheerio

The new version differs by 106 commits.

• c3ec1cd Release 0.20.0
• ef848ca Add coveralls badge, remove link to old report
• dbcbe90 Merge pull request [Snyk] Security upgrade express-hbs from 0.8.4 to 2.4.0 #808 from leifhanack/lodash4
• c04ead1 Merge pull request [Snyk] Fix for 13 vulnerabilities #668 from rwaldin/prop-method
• b5531bb Merge pull request [Snyk] Fix for 13 vulnerabilities #671 from twolfson/dev/fallback.select.content.sqwished
• 9d98bd7 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 3.2.19 #704 from Rycochet/master
• 1b9c5c9 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 3.2.21 #797 from Delgan/641-appendTo_prependTo
• b12cbe8 Update lodash dependeny to 4.1.0
• 8c9b2e0 Merge pull request [Snyk] Security upgrade django from 1.6.1 to 3.2.21 #796 from Delgan/fix_780
• b09db31 Fix PR [Snyk] Fix for 1 vulnerabilities #726 adding 'appendTo()' and 'prependTo()'
• ce8829d Added appendTo and prependTo with tests [Snyk] Fix for 2 vulnerabilities #641
• 4779762 Fix [Snyk] Security upgrade aiohttp from 2.2.2 to 3.8.5 #780 by changing options context in '.find()'
• 8dc1cc9 Add an unit test checking the query of child
• b27bed6 fix [Snyk] Security upgrade alpine from 3.10.3 to 3.14 #667: attr({foo: null}) removes attribute foo, like attr('foo', null)
• 70c5608 Include reference to dedicated "Loading" section
• fa70a84 Added load method to $
• 4e8483a update css-select to 1.2.0
• 5f2777a Merge pull request [Snyk] Security upgrade semver from 5.7.1 to 7.5.2 #732 from jugglinmike/reinstate-toarray
• 106e42a Merge pull request [Snyk] Security upgrade snyk-docker-plugin from 6.0.0 to 6.5.0 #776 from dYale/master
• 97149d3 Fixing Grammatical Error
• a1367ee Merge pull request [Snyk] Security upgrade semver from 2.3.2 to 7.5.2 #739 from TrySound/npm-files
• 6c73b7a Merge pull request [Snyk] Security upgrade snyk-nuget-plugin from 1.23.5 to 1.25.3 #773 from JaKXz/patch-1
• 48bb22d Test against node v0.12 --> v4.2
• ec2414d Correct output in example

See the full diff

Package name: compression

The new version differs by 117 commits.

• 93586e7 1.7.1
• bd3fa8a deps: bytes@3.0.0
• e1ce980 deps: vary@~1.1.2
• d0f7eab deps: debug@2.6.9
• 931c346 build: Node.js@8.4
• 8c8e36a deps: compressible@~2.0.11
• 8a5e773 deps: accepts@~1.3.4
• 7b4a7e2 build: eslint-plugin-node@5.1.1
• de30e3a build: mocha@2.5.3
• 8c3f7ea 1.7.0
• c27dc0f build: support Node.js 8.x
• d886306 build: eslint-config-standard@10.2.1
• 598d876 Use safe-buffer for improved Buffer API
• 47fca12 build: eslint-plugin-markdown@1.0.0-beta.6
• 3c78e39 build: Node.js@6.11
• 6c4c539 deps: debug@2.6.8
• 6d2de08 deps: compressible@~2.0.10
• ac13bc4 deps: bytes@2.5.0
• 527907c deps: debug@2.6.4
• 6488fc2 build: Node.js@7.10
• 55532e1 build: Node.js@6.10
• 0e4ad01 build: Node.js@4.8
• be58132 deps: compressible@~2.0.10
• 4d5238e deps: vary@~1.1.1

See the full diff

Package name: cookie-session

The new version differs by 43 commits.

• 9e9c681 1.3.2
• 62a6ec8 deps: debug@2.6.9
• 3d81629 1.3.1
• 269e5dd build: Node.js@8.4
• 84414e9 docs: fix date of 1.3.0 release
• 6d6c0b5 docs: add some comparison to express-session
• 0718b0b deps: cookies@0.7.1
• 096353e 1.3.0
• dfe1279 build: supertest@1.1.0
• ef47255 build: istanbul@0.4.5
• 3cf0b6c build: support Node.js 4.x - 8.x
• 0739b01 deps: cookies@0.7.0
• f8c02a3 build: support io.js 3.x
• a53eb76 deps: on-headers@~1.0.1
• 7eb6a41 build: reduce runtime versions to one per major
• 64de88f build: mocha@2.5.3
• f11ffdc deps: debug@2.6.8
• c8867bc build: remove unnecessary Travis CI command
• 92608fb build: io.js@2.5
• e7613aa build: fix running Node.js 0.8 tests on Travis CI
• 24334af 1.2.0
• caf462d Make req.sessionOptions a shallow clone to override per-request
• 5117478 docs: expand req.session documentation
• 5d3a73c perf: remove argument reassignments

See the full diff

Package name: express

The new version differs by 250 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: qs@6.9.7
• a007863 deps: body-parser@1.19.2
• e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use minimatch@3.0.4 for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: supertest@6.2.2
• 43cc56e build: clean up gitignore
• 1c7bbcc build: Node.js@14.19
• 9cbbc8a deps: cookie@0.4.2
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: glob

The new version differs by 76 commits.

• 3a7e71d v5.0.15
• 841fda0 use latest minimatch
• 4ba54a8 Skip some tests on Windows, make others pass
• 3936e1e Build: Add build for node v4
• c47d451 v5.0.14
• 821fac8 Handle ENOTSUP for sync glob as well as async
• 9625618 Test for when readdir raises ENOTSUP
• 0a2b519 Generate fixtures more effectively, with -O instead of eval
• f96190b Use js for benchmark cleanup
• 957fd93 Fix some 'use strict' errors
• bf3381e Treat ENOTSUP like ENOTDIR in readdir
• 507733d v5.0.13
• f5878af Do not emit 'match' events for ignored items
• 9439afd v5.0.12
• 6071f3a Revert "Use graceful-fs if available"
• 38ff16c v5.0.11
• f09292b Use graceful-fs if available
• 4f39b60 Remove duplicate option description
• e3cdccc v5.0.10
• 480da05 ignore .nyc_output, upgrade tap, use coverage, rm fixtures
• 155124b add more sync cb thrower tests
• f7302ca Test base-matching
• 7530e88 v5.0.9
• b185987 reduce cases where tests need to be regenerated

See the full diff

Package name: html-to-text

The new version differs by 197 commits.

• f277a07 Version bumped to 6.0.0
• ecf344c Tidy up the changelog [ci skip]
• b5ec48c npm badges [ci skip]
• 9987864 Codeclimate - don't use eslint plugin at all [ci skip]
• e5912e7 Update Travis config
• 8fb71fc Codeclimate - attempt 4 to fix eslint checks [ci skip]
• f41d013 Codeclimate - attempt 3 to fix eslint checks [ci skip]
• 6c7526b Codeclimate - attempt 2 to fix eslint checks [ci skip]
• f87c5af Codeclimate - attempt to fix eslint checks [ci skip]
• e8e5fe5 Codeclimate - eslint version [ci skip]
• a15ac45 Codeclimate config update [ci skip]
• 58b84c2 Contributors
• 6b37a99 Tidy up the license
• 8bc501d Link from Readme to Changelog
• ffc735f Note about the repo move
• 465786f Update repository links
• ccfac06 Changelog - missing change note [ci skip]
• a48400e Fix typo
• ccecba4 Maximum input length limit
• 4d57bf4 Update changelog
• 27cce50 Update readme
• 939baa3 Rewritten formatting, block-level tags, reorganized options, ...
• fc45e3b Change from "prepare" to "prepublishOnly"
• 304070c Let CLI tests more time for slow machines

See the full diff

Package name: morgan

The new version differs by 149 commits.

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• 73cb666 build: eslint@4.19.1
• edc95aa build: Node.js@6.14
• ace86c3 build: Node.js@4.9
• 4dd1180 lint: apply standard 11 style
• 60c31e8 build: Node.js@9.8
• 05e382f build: Node.js@8.10
• 1a5be20 build: Node.js@6.13
• cf9565f docs: remove gratipay badge
• b66251d build: eslint-plugin-node@5.2.0
• 0113732 build: eslint-plugin-import@2.8.0
• 47659a9 deps: depd@~1.1.2
• 695f659 build: support Node.js 9.x
• f4c51e9 build: Node.js@8.9
• 4f15f36 build: Node.js@6.12

See the full diff

Package name: node-uuid

The new version differs by 14 commits.

• 17365b4 v1.4.6
• 3ff5482 Merge branch 'master' of github.com:broofa/node-uuid
• c206db8 v1.4.5
• 7bb3cb6 workaround for [Snyk] Security upgrade form-data from 0.2.0 to 2.0.0 #126
• b18ad26 close [Snyk] Upgrade http-signature from 1.1.1 to 1.3.6 #70
• 672f383 v1.4.4: close [Snyk] Security upgrade npm from 2.15.12 to 3.0.0 #122 [Snyk] Security upgrade async from 0.9.2 to 3.2.2 #118 [Snyk] Security upgrade moment from 2.15.1 to 2.29.2 #108
• 8baa708 Merge pull request [Snyk] Security upgrade uglify-js from 2.4.24 to 2.8.6 #123 from coolaj86/patch-1
• 616ad38 fix node.js security vulnerability
• 4ff82d5 Merge pull request [Snyk] Security upgrade request from 2.57.0 to 2.75.0 #113 from bcoe/coverage
• 2e45d22 add coverage reporting using nyc
• 49a74b4 Merge pull request [Snyk] Security upgrade moment from 2.18.1 to 2.29.2 #112 from pdehaan/patch-1
• 7683aa2 Update license attribute
• 95a9c54 Merge pull request [Snyk] Security upgrade python from 3.6-slim to 3.10-slim #107 from danorton2/master
• da999e9 Provide support of MSIE 11 msCrypto

See the full diff

Package name: passport

The new version differs by 183 commits.

• c33067b 0.6.0
• 3052bb4 Update changelog.
• 42630cb Merge pull request fix: use remediation to calculate fail-on arg snyk/cli#900 from jaredhanson/fix-fixation
• 8dd79fe Use utils-merge rather than Object.assign for compatibility.
• 4f6bd5b Change keepSessionData to keepSessionData.
• 46756e5 Silence verbose logging.
• 987b191 Add tests.
• f8a175f Add tests.