[Snyk] Fix for 1 vulnerabilities

[KayvanMazaheri]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: method-override

The new version differs by 19 commits.

• 5b83d4f 3.0.0
• 0aef6c8 deps: [email protected]
• ddb4bcc build: [email protected]
• baed633 build: [email protected]
• b357d8e Drop support for Node.js below 0.10
• 09582af build: support Node.js 10.x
• 7579004 lint: apply standard 11 style
• 00ca04a build: support Node.js 9.x
• c92384c build: [email protected]
• 4947f58 build: [email protected]
• 6fb651a build: support Node.js 8.x
• 21c08c3 build: [email protected]
• 254b6ef build: [email protected]
• 26ba0ce build: [email protected]
• 4aef9e5 build: [email protected]
• 7aced59 docs: remove gratipay badge
• b232f67 build: [email protected]
• d96eb1f build: [email protected]
• 78421d2 build: fix Node.js 0.8 npm install

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• d4f507f chore: release 5.2.6
• 7eac18c style: fix lint
• e47b669 fix(populate): make error reported when no `localField` specified catchable
• 1e27f09 test(populate): repro #6767
• 2b5e18a fix(query): upgrade mquery for readConcern() helper
• 2bf81e7 test: try skipping in before()
• d5b43da test: more test fixes re: #6754
• e91d404 test(transactions): skip nested suite if parent suite skipped
• 22c6c33 fix(query): propagate top-level session down to `populate()`
• 0f24449 test(query): repro #6754
• bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
• f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
• 4071de4 Merge pull request #6771 from Automattic/gh6750
• 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
• 695cb6f test(document): repro #6779
• 0ca947e docs(document): add missing params for `toObject()`
• b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
• 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
• 451c50e test: add quick spot check for webpack build
• a0aaa82 Merge branch 'master' into gh6750
• 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
• 28621a5 test(document): repro #6754
• 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
• 42ddc42 test(connection): repro #6756

See the full diff

Package name: node-telegram-bot-api

The new version differs by 107 commits.

• 119d892 release: v0.30.0
• 1169f8e chore: Use npm script prepublishOnly instead of deprecated prepublish
• 5cecffc chore/deps: Downgrade eslint for Node v4 compatibility
• 7e9e9b1 test: Fix previously-uncaught lint errors
• 2bdd50f chore/deps: Update dependencies
• 3096966 doc: Showcase and update contributor list
• 1f4c79e chore: Ignore package lock file
• 8edf1fb doc: Update changelog
• 55332c3 doc: Update changelog, version badge
• 96c50ba doc: Improve deprecation messages
• 4358f20 doc: Minor fixes on documentation
• 0781ae6 src/telegram: Add TelegramBot#sendMediaGroup()
• 584610b doc: Add tutorial [RUS] (#477)
• 1a08221 src/telegram: Improve sending files (#471)
• d719799 doc: Add note on specifying additional Telegram query options
• 4051117 src: Minor reorganisation, fixes
• f28416f src/telegram: Implement downloadFile() in terms of getFileStream()
• 04e8b89 src/telegram: Emit 'info' on stream from TelegramBot#getFileStream()
• b968e89 src/telegram: Populate Stream#path from TelegramBot#getFileStream()
• b91409a test: Fix path to ssl key, cert
• 455a93c examples: Add notice of openshift 2 shutdown
• 17f8394 chore: Re-organise examples
• d9692f4 src/telegram: Add TelegramBot#getFileStream()
• 0870684 src/polling: Fix the Offset Infinite Loop bug (#265)

See the full diff

Package name: nodemon

The new version differs by 92 commits.

• 4be493c fix: don't ignore dot-directories
• 60d1add docs: add context to fences
• 9d49852 fix: update deps - [email protected] in particular
• e90f15a fix: node < 6.4.0 causing crash on 'rs' trigger
• e95ea6f fix: ignorePermissionErrors in chokidar
• c121187 refactor: indexOf > includes (in node4)
• 8cec0fc chore: fix linting issue
• 718a9ad fix: correctly pass ignored rules to chokidar
• 64a82ff fix: fail gracefully if postinstall fails
• 2582d96 fix: clarify which config files are actually used
• 8cb26bf refactor: small tweaks to ES6-ish
• 6e7ce4b fix: swallow child.stdin err
• d78bf3d fix: watch both js and mjs files if main file is JavaScript
• 0d9a892 fix: don't use fork with `node inspect`
• de66c6b refactor: fix scoping issue in node@4
• 5a914cb fix: handle exit(2) better
• 6333fa5 chore: fix linting
• 6e839d4 fix: support implicit filename extension
• 48048aa fix: properly handle --no-update-notifier
• c637717 fix: expose no update flag
• f711537 chore: fix linting
• 7a04e2c fix: incorrect count of watch files being reported
• 7052648 docs: add SparkPost for their sponsorship ❤️
• 369eb11 chore: update issue template

See the full diff

Package name: pm2

The new version differs by 229 commits.

• 0d00936 chore: upgrade changelog + package.json
• c6d7ace Merge pull request #3466 from natcl/development
• f305d6d Correct typo
• 767c36f Check if windowsHide is bool
• 41815e0 chore: pmx to 1.6.3-rc2
• eb39c5f feature: allow to set deep monitoring via environment (PM2_DEEP_MONITORING=true on start/restart)
• 748019d chore: switch pmx to development
• 82375af Revert to cleaner check
• 031a668 Fix 'start pm2 inside pm2' test
• ab54f6a Revert windowsHide to true for cluster mode, only needed in fork mode.
• 97fb295 Merge remote-tracking branch 'upstream/development' into development
• dd9ebb6 Merge pull request #3464 from andyfleming/patch-1
• 46948a9 Merge pull request #3459 from rmonnier/master
• f3b3572 Merge pull request #3458 from Unitech/pm2_install_command
• 387270d Add windowsHide option so it can be set via process file, fixes #3425
• 72f6ef6 Adding string[] to "watch" value in StartOptions
• 5d56fac feat(pm2): add pm2 init option to generate an ecosystem file
• a38fd19 feat(pm2): add pm2 init option to generate an ecosystem file
• a315eeb fix: add livescript in default modules
• c90c453 docs: add documentation on new pm2 install command
• 828a30d feat: add dependencies section into ecosystem.json file.
• 974f9bf Merge pull request #3453 from deltasource/hotfix/scoped-package-support
• ace8d0c Fix for node 0.12 test (no String.startsWith())
• 1c58bf4 Added one test case, fixed a small bug

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)