[Snyk] Fix for 5 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	No	Proof of Concept
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: bcrypt

The new version differs by 26 commits.

• ab026b2 v2.0.0
• f00d4b8 Merge pull request #589 from agathver/libc-aware
• dab435e install and use any-promise (#504)
• 9a9ab45 Make binaries libc aware
• aac593c Merge pull request #587 from agathver/hash-version-support
• 2d45be1 Allow to choose bcrypt minor version
• 0ea1b36 Merge pull request #549 from agathver/2b-hashes
• 4c44f20 Add support for $2b$ hashes
• e8cde51 Merge pull request #583 from ofrobots/async-resource
• 6a79eaf fix: propagate async context
• 88590ea Merge pull request #584 from kelektiv/snyk-fix-bc668290
• 1da0f44 fix: package.json to reduce vulnerabilities
• 43734e3 Merge pull request #564 from david-a-wheeler/readme-timing
• f2bec20 README: comparisons resist timing attacks
• 096a34f Merge pull request #554 from agathver/node-9
• d1cb91d Bump deps
• 7b928fb Add NodeJS 9 to CI matrix
• 90d438b Merge pull request #550 from agathver/drop-old-node
• 9540ed0 Remove support for NodeJS < 4
• 99e2a09 Merge pull request #539 from tonylukasavage/issue-538
• 7914916 Merge pull request #545 from agathver/test-improvements
• f3a34bd Add additional testcases for testing bcrypt implementation
• ebb7417 preserve stack traces on async error callbacks
• 6746a04 Use strict equality comparison in tests

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 07946be chore: release v5.13.9
• 264554f fix: upgrade to mpath v0.8.4 re: security issue
• fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
• 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
• 1dc9b45 style: fix lint
• 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
• b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
• 2a3399e docs: another layout fix for 5.x docs
• 5bf3c29 chore: update makefile again
• 191678c chore: update makefile re: #10607
• 776fae9 docs: fix up 5.x docs navbar
• a803885 test(typescript): add coverage for #10590
• bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
• cb1e787 chore: release 5.13.8
• 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
• 6122f4b docs(api): add `Document#$where` to API docs
• 2871c1b style: fix lint
• 8d00f62 Merge pull request #10587 from osmanakol/master
• 57e729b allow QueryOptions populate parameter use PopulateOptions
• 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
• e90aab1 docs(History): make a note about #10555
• fca0627 style: fix lint
• 6b92599 fix(populate): handle populating subdoc array virtual with sort
• 283d43f test(populate): repro #10552

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic