[Snyk] Fix for 2 vulnerabilities

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

43b63ae chore: release 5.7.3
06112b0 docs(validation): remove deprecated `isAsync` from validation docs in favor of emphasizing promises
7fee719 docs(documents): add overwriting section
98b5a73 fix: make CoreMongooseArray#includes() handle `fromIndex` parameter
6c91dea style: fix lint
9bb4b03 refactor: remove async as a prod dependency
3647292 refactor(cursor): remove async.queue() from eachAsync() re: #8073 #5502
e60db1b refactor(cursor): remove dependency on async.times()
c5b2355 docs(promises): add note about queries being thenable
da77b8d Merge pull request #8192 from birdofpreyru/fix-8093-1
c371500 fix(update): cast right hand side of `$pull` as a query instead of an update for document arrays
9d455ad test(update): repro #8166
8c98a3a chore: now working on 5.7.3
0a33412 fix(populate): handle virtual populate of an embedded discriminator nested path
b42d0f5 test(populate): repro #8173 #6488
1db5982 docs: link to map blog post
c76e062 Fixes the previous commit
1a01713 [#8093] Fixes performance of update validator, and flatten function logic
dea0b95 chore: release 5.7.2
fb0bd0d fix(populate): avoid converting mixed paths into arrays if populating an object path under `Mixed`
bdfce8f docs: add mongoosejs-cli to readme
e2d191a fix(discriminator): support `tiedValue` parameter for embedded discriminators analagous to top-level discriminators
d8cc819 test: fix tests
952120a fix(query): handle `toConstructor()` with entries-style sort syntax

Package name: snyk

The new version differs by 250 commits.

3f52bdc Merge pull request #1669 from snyk/fix/dont-fail-on-request-big-payload
47e106e fix: don't fail on request's big payload
1228b55 Merge pull request #1624 from snyk/chore/cli-alert-improvement
fccd907 Merge pull request #1666 from snyk/chore/bump-cpp-test-timeout
6772a3e Merge pull request #1649 from snyk/chore/deps-update
89a7767 chore: update dependencies
eaf4915 test: wrap pagerduty await in try-catch, remove condition
0576431 test: add pagerduty, check if test is running before attemmpting rerun
a08a938 chore: bump flaky cpp test timeout
ebb8dd7 Merge pull request #1656 from snyk/feat/protect-prime-time
69cd590 test: fix flakey json output test
3021bb2 Merge pull request #1663 from snyk/fix/upgrade-snyk-gradle-plugin
a988600 Merge pull request #1654 from snyk/feat/iac-experimental-terraform-support
b455497 feat: iac experimental tf support
4848b7e chore: run tests in packages in CI
3e7e99e feat: implement snyk protect
bb233f1 chore: enable prettier formatting in packages
fe0183d test: enable jest testing in snyk-protect workspace
40ec817 test: test fixture for snyk protect
7dfd3ea Merge pull request #1661 from snyk/test/fix-flake-with-dev-count-analysis
02c99b8 test: remove tests previously migrated to jest
e203fd1 test: set timeout in beforeAll
d42f6d9 fix: update snyk-gradle-plugin to 3.13.2
8cd9fbf Merge pull request #1662 from snyk/test/add-longer-timeouts

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Alek-S / pseudozen