[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: forever

The new version differs by 52 commits.

• 9fde732 Bump to 4.0.3
• 0ecfa3e Prepare to release 4.0.3
• a0fb120 Upgrade Winston (#1128)
• 980ea04 Prepare to release 4.0.2
• b20a9e8 Pin colors version (#1127)
• 2211e32 Prepare 4.0.1 for release
• 3b3c81c Update eventemitter2 (#1116)
• 6c7f0a5 forever.config Configstore init and usage fixes (#1115)
• 4705421 Prepare 4.0.0 for release
• 35a4062 Remove y18n due to CVE 2020 7774 part 5 (#1112)
• 1f6108e Move getopts to devDependencies (#1113)
• aa22041 Replace yargs with getopts (CVE-2020-777) (#1110)
• ae6d88e Update in-range dependencies (#1108)
• 4a404f7 Drop `deep-equal` (#1101)
• b2120f9 Remove utile (#1099)
• 071cc04 Update changelog
• c1bcbff Remove dependency on broadway (#1098)
• 3586afe Prepare 3.0.1 for release
• 67cc950 Prepare 3.0.1 for release
• 877d93a Replaced optimist with yargs (#1093)
• a36330a Update forever-monitor (#1081)
• 0c5d32a Update dependencies and test Node 14 (#1080)
• 9e85c59 Fix argument type of fs.writeFileSync (#1075)
• 58eb131 Add CLI test for starting/stopping from a directory with space (#1068)

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 43b63ae chore: release 5.7.3
• 06112b0 docs(validation): remove deprecated `isAsync` from validation docs in favor of emphasizing promises
• 7fee719 docs(documents): add overwriting section
• 98b5a73 fix: make CoreMongooseArray#includes() handle `fromIndex` parameter
• 6c91dea style: fix lint
• 9bb4b03 refactor: remove async as a prod dependency
• 3647292 refactor(cursor): remove async.queue() from eachAsync() re: #8073 #5502
• e60db1b refactor(cursor): remove dependency on async.times()
• c5b2355 docs(promises): add note about queries being thenable
• da77b8d Merge pull request #8192 from birdofpreyru/fix-8093-1
• c371500 fix(update): cast right hand side of `$pull` as a query instead of an update for document arrays
• 9d455ad test(update): repro #8166
• 8c98a3a chore: now working on 5.7.3
• 0a33412 fix(populate): handle virtual populate of an embedded discriminator nested path
• b42d0f5 test(populate): repro #8173 #6488
• 1db5982 docs: link to map blog post
• c76e062 Fixes the previous commit
• 1a01713 [#8093] Fixes performance of update validator, and flatten function logic
• dea0b95 chore: release 5.7.2
• fb0bd0d fix(populate): avoid converting mixed paths into arrays if populating an object path under `Mixed`
• bdfce8f docs: add mongoosejs-cli to readme
• e2d191a fix(discriminator): support `tiedValue` parameter for embedded discriminators analagous to top-level discriminators
• d8cc819 test: fix tests
• 952120a fix(query): handle `toConstructor()` with entries-style sort syntax

See the full diff

Package name: newrelic

The new version differs by 250 commits.

• 16f99e6 6.12.0
• 70d13cb Merge pull request #461 from newrelic/release/v6.12.0
• 419cdf9 fix typo
• 406ba50 Release/v6.12.0
• 46f76a9 Merge pull request #456 from tomashanacek/fix-large-json-insert-obfluscation
• dd7094d Merge pull request #458 from michaelgoin/bump-native-metrics-version
• eab7131 Updates native metrics license for license tests.
• 0bd8f8d Bumps @ newrelic/native-metrics to ^5.3.0.
• c87837a Fix large JSON inserts obfluscation
• 791a719 Merge pull request #454 from michaelgoin/bump-aws-sdk
• bdf7aa7 Fix @ newrelic/aws-sdk license in licenses tests.
• 647e28e Bumps @ newrelic/aws-sdk to ^2.0.0.
• a8fc4e6 Merge pull request #450 from RyanCopley/patch-1
• d0e8304 Improved logging in the case of a failed instrumentation
• 4fa8cad --oops-- Forgot to save test changes. I need to use a new module considering the require cache gets in the way.
• 7c94c90 BE BOLD.
• dd01e3e Merge branch 'astorm/shimmer-integration' of github.com:newrelic/node-newrelic into NR-416443
• 0cd22ec Adding test for __NR_instrumented
• e25afb1 Correct code style to match New Relic ESLint rules.
• dd6cee3 NR-416443: On failed instrumentation, prevent multiple requires from re-wrapping shims
• 761ba2c Merge pull request #448 from michaelgoin/update-license-formatting
• e701087 Fixes first-line formatting for license file.
• b66180a Merge pull request #447 from michaelgoin/remove-readme-language
• 8b098ef Removes the 'remove this...' language from readme.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution