[Snyk] Fix for 3 vulnerabilities

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
883/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-UNDERSCORE-1080984	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: json-2-csv

The new version differs by 56 commits.

a2cfa3f Mr remove underscore (#141)
9358937 Update LICENSE.md
6e94203 Update README.md
aee12b2 Fix #124 (#140)
261a49e Pulled CLI functionality to separate NPM module (#137)
5cec270 Update version #
c50ee23 Latest patches (#131)
b23181e release: 3.5.6
9346736 Update undefined to any; npm audit fix (#130)
92213af Bugfix: Unknown type is not defined (#129)
9447760 fix: stringify dates using toString() (#125)
2c2079b docs: add new CLI option
22a7a7e Add Json-2-Csv Expand Array Objects CLI Option (#122)
96527e5 Merge pull request #120 from mrodrig/fix-119
e6a615a chore(release): 3.5.3
70f0d68 fix: handle quoted empty values at EOL or EOF
cf9821b Merge pull request #118 from mrodrig/fix-117
effa5e9 chore(release): 3.5.2
d29f767 fix: add support for wrap delimited header field values
56c19d0 Merge pull request #116 from mrodrig/fix-115
76d2380 chore(release): 3.5.1
c837dd7 fix: add case for quoted empty field value in csv record
6897465 Merge pull request #112 from mrodrig/fix-95
11dbc2e fix: add support for EOL in record value; chore(release): 3.5.0

See the full diff

Package name: migrate-mongoose

The new version differs by 9 commits.

76f67e3 4.0.0
d84336d feat: upgraded mongoose version to support new mongo connection types
dcdc96d feat: remove babel support
3ee337c fix: don't throw an error if there are no migrations to run
e3707d1 Merge pull request #27 from shvetsovdm/master
0788f57 Fix typo in the lib run method
a89d8df Fix `migrate down` without a migration name
47e5919 Merge pull request #22 from miangraham/master
b9098ef Fix reversed args to migrator.run() in programmatic usage README

See the full diff

Package name: mongoose

The new version differs by 250 commits.

5549f26 chore: release 5.12.2
4b1aaac Merge pull request #10050 from SoftwareSing/fix-bulkwrite-with-timestamps-false
3759f34 chore: address CR comments
5ffbb8e fix(query): apply schema-level `select` option from array schematypes
7d19c9f test(query): repro #10029
4b0052e fix(schema): support setting `ref` as an option on an array SchemaType
171c31f test(schema): repro #10029
96f7905 fix(index.d.ts): make query methods return `QueryWithHelpers` so query helpers pass through chaining
04f880f fix(index.d.ts): add back `Aggregate#project()` types that were mistakenly removed in 5.12.0
9a3a7b4 style: fix lint
91f003a Merge pull request #10053 from 418sec/1-npm-mongoose
3ed44ff Merge pull request #1 from zpbrent/patch-2
00e059d fix(index.d.ts): add `upserted` array to `updateOne()`, `updateMany()`, `update()` result
003e477 add missing issue number
0101ab8 fix(bulkwrite): make bulkWrite can work with `timestamps: false`
9559c46 test(bulkwrite): repro #10048
1bb97ba chore: update opencollective sponsors
5888269 docs(mongoose+browser): fix broken links to info about `mongoose.Types`
43b0cfa Merge branch 'master' of github.com:Automattic/mongoose
03905c5 fix(index.d.ts): always allow setting `type` in Schema to a SchemaType class or a Schema instance
422620b Merge pull request #10015 from Automattic/gh-9982
7b14258 test(QueryCursor): fix tests from #10015
f2651d7 docs(transactions): introduce `session.withTransaction()` before `session.startTransaction()` because `withTransaction()` is the recommended approach
61d313b chore: update opencollective sponsor logo

See the full diff

Package name: yargs

The new version differs by 69 commits.

8515e4f docs: nit in CHANGELOG
4b8cfa9 docs: slight tweaks to CHANGELOG
c809cbe chore(release): 10.0.0
fc13dcd chore: new translations for command API overhaul (#976)
7269531 feat: .usage() can now be used to configure a default command (#975)
3757194 chore: add id translation to #976 (#986)
47b3078 chore: update Dutch Translation (#981)
20bb99b feat: replace /bin/bash with file basename (#983)
5a9c986 feat(translation): Update pl-PL translations (#985)
02cc11d docs: whoops, forgot to call out a breaking change introduced into parse()
7e58453 fix: the positional argument parse was clobbering global flag arguments (#984)
a06b67d chore: update tr.json (#982)
b2d11b3 chore: add ja translations (#979)
1598a7f docs: switch to using .positional() in example (#973)
280d0d6 feat: hidden options are now explicitly indicated using "hidden" flag (#962)
8c1d7bf fix: less eager help command execution (#972)
db77c53 chore: switch to find-up from read-pkg-up (#970)
cb16460 feat: introduce .positional() for configuring positional arguments (#967)
3bb8771 fix: config and normalise can be disabled with false (#952)
c649415 chore(release): 9.1.0
7b22203 fix(command): Run default cmd even if the only cmd (#950)
74a38b2 feat: multiple usage calls are now collected, not replaced (#958)
d1b23f3 chore(release): 9.0.1
ac8088b fix: implications fails only displayed once (#954)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

DemocracyOS / democracyos