[Snyk] Fix for 1 vulnerabilities

[gvilarino]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **461/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-DEBUG-3227433](https://snyk.io/vuln/SNYK-JS-DEBUG-3227433) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 43 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (#486)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request #496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`
• 402c856 fix lint
• 87e7399 readme++

See the full diff

Package name: gulp-sourcemaps

The new version differs by 16 commits.

• 4b723f0 bump 2.6.1
• 92c489c Merge pull request #323 from gulp-sourcemaps/nmccready/loggingMemleak
• da4cdb2 fix npm
• a21f037 fix: issue 317 memory leak on logging
• 65d099a 2.6.0
• 44801fa Deprecate options.identityMap and export identityMap stream (#303)
• 8039c13 2.5.2
• ee64234 Update organization references (closes #289)
• 9857f3f Logging Improvements (#301)
• 0765da0 2.5.1
• 92aa56c Merge pull request #299 from gulp-sourcemaps/2.x-node-0.10
• b6265a8 Switch to strip-bom-string to support 0.10+ in 2.x
• 4a3b159 2.5.0
• 1539835 Merge branch '1.X'
• 260b5cd 1.12.0
• b9adcf5 Deprecate options.mapSources and export mapSources stream (#288)

See the full diff

Package name: migrate-mongoose

The new version differs by 9 commits.

• 76f67e3 4.0.0
• d84336d feat: upgraded mongoose version to support new mongo connection types
• dcdc96d feat: remove babel support
• 3ee337c fix: don't throw an error if there are no migrations to run
• e3707d1 Merge pull request #27 from shvetsovdm/master
• 0788f57 Fix typo in the lib run method
• a89d8df Fix `migrate down` without a migration name
• 47e5919 Merge pull request #22 from miangraham/master
• b9098ef Fix reversed args to migrator.run() in programmatic usage README

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• d4f507f chore: release 5.2.6
• 7eac18c style: fix lint
• e47b669 fix(populate): make error reported when no `localField` specified catchable
• 1e27f09 test(populate): repro #6767
• 2b5e18a fix(query): upgrade mquery for readConcern() helper
• 2bf81e7 test: try skipping in before()
• d5b43da test: more test fixes re: #6754
• e91d404 test(transactions): skip nested suite if parent suite skipped
• 22c6c33 fix(query): propagate top-level session down to `populate()`
• 0f24449 test(query): repro #6754
• bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
• f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
• 4071de4 Merge pull request #6771 from Automattic/gh6750
• 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
• 695cb6f test(document): repro #6779
• 0ca947e docs(document): add missing params for `toObject()`
• b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
• 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
• 451c50e test: add quick spot check for webpack build
• a0aaa82 Merge branch 'master' into gh6750
• 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
• 28621a5 test(document): repro #6754
• 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
• 42ddc42 test(connection): repro #6756

See the full diff

Package name: superagent

The new version differs by 250 commits.

• 1930bd4 Work around mime-types flipflopping about XML mime type
• 1e255c2 Update node versions in CI
• 96f3df8 Update dependencies
• 0e85681 docs(piping): add note about chunked transfer encoding
• 0274b7b Syntax fix
• 7326cc0 Field/attach docs
• c5be156 Upgrading instructions
• f059135 ES6 in readme examples
• cbf8569 Update dependency
• 02985f9 Change test for header own props
• 6783635 3.6.0
• 4e21f1c Documented FormData support in .send() (#1260)
• 7e19e77 Update supported node version to >= 4.0 (#1248)
• d55adf1 Keep nodelay always on
• 72babfb support TCP_NODELAY option (#1240)
• f5e39b7 Merge pull request #1238 from mxl/patch-1
• 9e8c3ed timeout options.read property is not used.
• ccecb4e grammar misstype (#1234)
• d0ab622 Merge pull request #1227 from focusaurus/fix-latest-mime-tests
• ea35c57 Fix spelling mistake in the docs (#1232)
• 340a4bf Merge pull request #1228 from focusaurus/get-head-data-in-query-string
• 15b3750 Merge pull request #1230 from PWesterdale/bugfix/pfx-passphrase
• 977be03 Remove stale duplicate test.html from root dir
• 801ec88 Use tocbot instead of tocify for documentation

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/gvilarino/project/a23fa7ec-cd0c-4abf-8f18-91a91cae9379?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/gvilarino/project/a23fa7ec-cd0c-4abf-8f18-91a91cae9379?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"058f3e35-d1c5-4d9d-b3fc-04ce8ba3c829","prPublicId":"058f3e35-d1c5-4d9d-b3fc-04ce8ba3c829","dependencies":[{"name":"debug","from":"2.6.9","to":"3.1.0"},{"name":"gulp-sourcemaps","from":"2.4.1","to":"2.6.1"},{"name":"migrate-mongoose","from":"3.2.2","to":"4.0.0"},{"name":"mongoose","from":"4.10.8","to":"5.2.6"},{"name":"superagent","from":"2.3.0","to":"3.6.1"}],"packageManager":"npm","projectPublicId":"a23fa7ec-cd0c-4abf-8f18-91a91cae9379","projectUrl":"https://app.snyk.io/org/gvilarino/project/a23fa7ec-cd0c-4abf-8f18-91a91cae9379?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DEBUG-3227433"],"upgrade":["SNYK-JS-DEBUG-3227433"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[461]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)