[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• d4f507f chore: release 5.2.6
• 7eac18c style: fix lint
• e47b669 fix(populate): make error reported when no `localField` specified catchable
• 1e27f09 test(populate): repro #6767
• 2b5e18a fix(query): upgrade mquery for readConcern() helper
• 2bf81e7 test: try skipping in before()
• d5b43da test: more test fixes re: #6754
• e91d404 test(transactions): skip nested suite if parent suite skipped
• 22c6c33 fix(query): propagate top-level session down to `populate()`
• 0f24449 test(query): repro #6754
• bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
• f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
• 4071de4 Merge pull request #6771 from Automattic/gh6750
• 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
• 695cb6f test(document): repro #6779
• 0ca947e docs(document): add missing params for `toObject()`
• b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
• 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
• 451c50e test: add quick spot check for webpack build
• a0aaa82 Merge branch 'master' into gh6750
• 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
• 28621a5 test(document): repro #6754
• 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
• 42ddc42 test(connection): repro #6756

See the full diff

Package name: snyk

The new version differs by 74 commits.

• e14ab9e Merge pull request #185 from snyk/fix/bump-deps
• c6735e4 Merge pull request #184 from snyk/chore/github-release
• ace19f7 Merge pull request #183 from snyk/chore/eslint
• f316024 fix: bump sbt plugin to update 'debug' dep version
• 2c79a4e fix: bump python plugin to fix pipenv monitoring issue
• 975ca1c fix: bump nuget plugin to get rid of an unneeded dep
• 828d579 fix: bump go plugin to update doc/typos
• be8fa57 fix: bump snyk-config to fix env merge issue
• b638a37 chore: eslint instead of jscs
• 0bfeb0b chore: fix github-release for assets uploading
• 9312a04 Merge pull request #181 from snyk/chore/semantic-release
• 6abdfd9 chore: upgrade semantic-release, proper travis & appveyor setup
• 2a6938f feat: add support for Python projects using pipenv
• 179fa24 feat: style wizard prompts to look similar to test
• 9315721 fix: Show more of the error when available
• bd4843f fix: allow node pre-releases
• 2e20440 fix: handle license issues better
• d325836 tests: Update tests
• f0a43a5 fix: enhance user errors to point to snyk docs
• a54c615 fix: Add cliMessage passing to all pkg managers
• a51ad76 feat: add python dockerfiles
• b2ae665 docs: fix docker tag typo
• a517143 fix: use https where possible
• c7f5e29 fix: failing docker image builds

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)