[Snyk] Fix for 1 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	170/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: app-migrations

• 3.1.6 - 2023-06-05
• 3.1.5 - 2023-04-21
• 3.1.4 - 2023-03-03
• 3.1.3 - 2023-02-24
• 3.1.2 - 2023-02-02
• 3.1.1 - 2022-11-02
• 3.1.0 - 2022-09-22
• 3.0.0 - 2022-08-09
• 2.14.0 - 2022-07-12
• 2.13.0 - 2022-06-27
• 2.12.0 - 2022-05-12
• 2.11.0 - 2022-04-27
• 2.10.0 - 2022-03-30
• 2.9.0 - 2022-03-03
• 2.8.0 - 2022-02-25
• 2.7.1 - 2022-02-25
• 2.7.0 - 2022-02-03
• 2.6.1 - 2022-01-11
• 2.6.0 - 2022-01-07
• 2.5.0 - 2021-12-21
• 2.4.0 - 2021-11-19
• 2.3.0 - 2021-08-11
• 2.2.1 - 2021-08-05
• 2.2.0 - 2021-06-21
  

  [email protected]

• 2.1.1 - 2021-06-18
• 2.1.0 - 2021-06-16
• 2.0.0 - 2021-06-03
• 1.1.1 - 2021-05-27
• 1.1.0 - 2021-05-26
  

  @ mongodb-js/[email protected]

• 1.0.0 - 2020-01-29
• 0.3.0 - 2020-01-15
• 0.2.0 - 2020-01-15

from app-migrations GitHub release notes

Package name: mongodb-schema

• 9.0.0 - 2021-03-15
  

  9.0.0

• 8.2.5 - 2019-08-15
  

  8.2.5

• 8.2.4 - 2019-05-01
  

  8.2.4

• 8.2.3 - 2018-12-10
  

  8.2.3

• 8.2.2 - 2018-11-28
  

  8.2.2

from mongodb-schema GitHub release notes

Package name: react-hot-loader

• 4.0.0 - 2018-02-27
  

  Features

  🎉 ESNext + TypeScript + React 16 support
  📦 Webpack + Parcel support
  ✂️ Component splitting support
  😛 Zero config

  Bug Fixes

  • proper children reconcile for nested tags, fixes #869 (#871) (2de4e58)

  • 30 bugs fixed

• 4.0.0-rc.0 - 2018-02-19
  No content.
• 4.0.0-beta.23 - 2018-02-18
  

  Bug Fixes

  • disable RHL when HMR is not activated (#863) (ffe0035)
  • fix various bugs (#857) (8fa1d42), closes #845 #843
  • transfer original prototype methods (#859) (0b7997f), closes #845 #843 #858
• 4.0.0-beta.22 - 2018-02-10
  

  Bug Fixes

  • fix reconciler warnings (#852) (963677f), closes #843

  Features

  • ship flat bundles (#844) (7580552)
• 4.0.0-beta.21 - 2018-02-05
  

  Bug Fixes

  • fix proxy adapter (#842) (9bb8251)
• 4.0.0-beta.20 - 2018-02-04
  No content.
• 4.0.0-beta.19 - 2018-02-03
  

  Bug Fixes

  • areComponentsEqual: fix behaviour (#829) (d4dcd07)
  • prop-types: add prop-types as dependency (#823) (c2b7c3c)
  • regenerate overriden members (#837) (39d4f5b), closes #836
• 4.0.0-beta.18 - 2018-01-25
  

  Bug Fixes

  • break cyclic dependency (#822) (328d793), closes #820
• 4.0.0-beta.17 - 2018-01-22
  

  Features

  • remove useless dependencies (e1b83e5), closes #808

  Bug Fixes

  • warn about errors #814
  • handle wrong module #813
• 4.0.0-beta.16 - 2018-01-21
  

  Fixes

  • react-stand-in: Fix IE11 regression (again)
  • react-hot-loader: Better Electron support #794)
  • react-hot-loader: Hard code consts from stand-in #807)

  Changes

  • react-hot-loader: Support React 16 Fragments #799)
  • react-hot-loader: Suppress some warnings #804)
• 4.0.0-beta.15 - 2018-01-16
• 4.0.0-beta.14 - 2018-01-14
• 4.0.0-beta.13 - 2018-01-09
• 4.0.0-beta.12 - 2018-01-02
• 4.0.0-beta.11 - 2017-12-30
• 4.0.0-beta.10 - 2017-12-30
• 4.0.0-beta.9 - 2017-12-30
• 4.0.0-beta.8 - 2017-12-29
• 4.0.0-beta.7 - 2017-12-29
• 4.0.0-beta.6 - 2017-12-27
• 4.0.0-beta.5 - 2017-12-27
• 4.0.0-beta.4 - 2017-12-26
• 4.0.0-beta.3 - 2017-12-25
• 4.0.0-beta.2 - 2017-12-25
• 4.0.0-beta.1 - 2017-12-24
• 3.1.3 - 2017-11-15

from react-hot-loader GitHub release notes

Commit messages

Package name: mongodb-schema

The new version differs by 38 commits.

• 01d70e2 9.0.0
• f4147ea Update package-lock.json
• c4e8dba Bump lodash from 4.17.20 to 4.17.21 ([Snyk] Fix for 1 vulnerabilities #149)
• 983b2d1 Bump cli-table from 0.3.4 to 0.3.5 ([Snyk] Security upgrade express from 4.16.3 to 4.19.2 #151)
• a1f3342 Bump mocha from 8.3.0 to 8.3.2 ([Snyk] Security upgrade express from 4.12.4 to 4.19.2 #152)
• 88b20c2 Reduce the usage of lodash (round 2) ([Snyk] Security upgrade cypress from 4.12.0 to 5.0.0 #145)
• 33e0f51 Update Github workflow location
• 68a401b Added github workflow to exec. unit tests ([Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #144)
• beb4387 Bump mocha from 3.5.3 to 8.2.1 ([Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #124)
• d73f838 Added promise support for library ([Snyk] Security upgrade npmconf from 0.0.24 to 2.1.3 #140)
• 39af582 End support for legacy Node.js versions 🩺 ([Snyk] Fix for 1 vulnerabilities #136)
• 17bbff4 Bump mongodb from 3.5.2 to 3.5.3 ([Snyk] Fix for 1 vulnerabilities #84)
• 21a2fc7 Bump mongodb-js-precommit from 2.2.0 to 2.2.1 ([Snyk] Security upgrade snyk from 1.389.0 to 1.1064.0 #82)
• 8997b3e Bump debug from 2.6.9 to 4.1.1 ([Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #68)
• 915ba85 build(deps): Bump mongodb-ns from 2.0.0 to 2.2.0 ([Snyk] Fix for 1 vulnerabilities #79)
• b6e367a build(deps-dev): [Security] Bump bson from 0.5.7 to 1.0.5 ([Snyk] Fix for 1 vulnerabilities #77)
• 069b051 build(deps): Bump stats-lite from 2.1.1 to 2.2.0 ([Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #70)
• ecdbdf0 build(deps): Bump ms from 0.7.3 to 2.1.2 ([Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #66)
• 2f41b46 Bump mongodb-js-precommit from 2.0.0 to 2.2.0 ([Snyk] Security upgrade mout from 1.1.0 to 1.2.4 #71)
• e06e39a chore(deps): Bump mongodb-extended-json from 1.10.0 to 1.11.0 ([Snyk] Fix for 2 vulnerabilities #75)
• 79fd908 build(deps): Bump mongodb from 3.1.4 to 3.5.2 ([Snyk] Fix for 1 vulnerabilities #76)
• 8cbcd32 Bump mongodb-collection-sample from 4.4.2 to 4.5.1 ([Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #67)
• 6194cd3 chore(deps): Bump js-yaml from 3.12.0 to 3.13.1 ([Snyk] Security upgrade mocha from 6.2.3 to 10.1.0 #74)
• 00666cf chore(deps-dev): Bump eslint-config-mongodb-js from 3.0.1 to 5.0.3 ([Snyk] Security upgrade css-what from 2.1.0 to 2.1.3 #72)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution