This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **461/1000** **Why?** Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-DEBUG-3227433](https://snyk.io/vuln/SNYK-JS-DEBUG-3227433) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: method-override
The new version differs by 19 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"9c3dd3c5-45dd-4228-8b09-dde364076bdb","prPublicId":"9c3dd3c5-45dd-4228-8b09-dde364076bdb","dependencies":[{"name":"method-override","from":"2.3.10","to":"3.0.0"},{"name":"mongoose","from":"4.12.4","to":"5.2.6"},{"name":"node-telegram-bot-api","from":"0.27.1","to":"0.30.0"},{"name":"nodemon","from":"1.12.1","to":"1.14.11"},{"name":"pm2","from":"2.7.2","to":"2.10.0"}],"packageManager":"npm","projectPublicId":"97d60973-e04a-41e6-8345-a40d4a60c989","projectUrl":"https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DEBUG-3227433"],"upgrade":["SNYK-JS-DEBUG-3227433"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[461]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **461/1000****Why?** Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-DEBUG-3227433](https://snyk.io/vuln/SNYK-JS-DEBUG-3227433) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: method-override
The new version differs by 19 commits.- 5b83d4f 3.0.0
- 0aef6c8 deps: debug@3.1.0
- ddb4bcc build: supertest@1.2.0
- baed633 build: mocha@3.5.3
- b357d8e Drop support for Node.js below 0.10
- 09582af build: support Node.js 10.x
- 7579004 lint: apply standard 11 style
- 00ca04a build: support Node.js 9.x
- c92384c build: eslint-plugin-promise@3.7.0
- 4947f58 build: eslint-plugin-import@2.11.0
- 6fb651a build: support Node.js 8.x
- 21c08c3 build: Node.js@6.14
- 254b6ef build: Node.js@4.9
- 26ba0ce build: eslint-plugin-node@5.2.1
- 4aef9e5 build: eslint-plugin-import@2.8.0
- 7aced59 docs: remove gratipay badge
- b232f67 build: eslint-plugin-promise@3.6.0
- d96eb1f build: Node.js@6.12
- 78421d2 build: fix Node.js 0.8 npm install
See the full diffPackage name: mongoose
The new version differs by 250 commits.- d4f507f chore: release 5.2.6
- 7eac18c style: fix lint
- e47b669 fix(populate): make error reported when no `localField` specified catchable
- 1e27f09 test(populate): repro #6767
- 2b5e18a fix(query): upgrade mquery for readConcern() helper
- 2bf81e7 test: try skipping in before()
- d5b43da test: more test fixes re: #6754
- e91d404 test(transactions): skip nested suite if parent suite skipped
- 22c6c33 fix(query): propagate top-level session down to `populate()`
- 0f24449 test(query): repro #6754
- bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
- f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
- 4071de4 Merge pull request #6771 from Automattic/gh6750
- 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
- 695cb6f test(document): repro #6779
- 0ca947e docs(document): add missing params for `toObject()`
- b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
- 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
- 451c50e test: add quick spot check for webpack build
- a0aaa82 Merge branch 'master' into gh6750
- 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
- 28621a5 test(document): repro #6754
- 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
- 42ddc42 test(connection): repro #6756
See the full diffPackage name: node-telegram-bot-api
The new version differs by 107 commits.- 119d892 release: v0.30.0
- 1169f8e chore: Use npm script prepublishOnly instead of deprecated prepublish
- 5cecffc chore/deps: Downgrade eslint for Node v4 compatibility
- 7e9e9b1 test: Fix previously-uncaught lint errors
- 2bdd50f chore/deps: Update dependencies
- 3096966 doc: Showcase and update contributor list
- 1f4c79e chore: Ignore package lock file
- 8edf1fb doc: Update changelog
- 55332c3 doc: Update changelog, version badge
- 96c50ba doc: Improve deprecation messages
- 4358f20 doc: Minor fixes on documentation
- 0781ae6 src/telegram: Add TelegramBot#sendMediaGroup()
- 584610b doc: Add tutorial [RUS] (#477)
- 1a08221 src/telegram: Improve sending files (#471)
- d719799 doc: Add note on specifying additional Telegram query options
- 4051117 src: Minor reorganisation, fixes
- f28416f src/telegram: Implement downloadFile() in terms of getFileStream()
- 04e8b89 src/telegram: Emit 'info' on stream from TelegramBot#getFileStream()
- b968e89 src/telegram: Populate Stream#path from TelegramBot#getFileStream()
- b91409a test: Fix path to ssl key, cert
- 455a93c examples: Add notice of openshift 2 shutdown
- 17f8394 chore: Re-organise examples
- d9692f4 src/telegram: Add TelegramBot#getFileStream()
- 0870684 src/polling: Fix the Offset Infinite Loop bug (#265)
See the full diffPackage name: nodemon
The new version differs by 92 commits.- 4be493c fix: don't ignore dot-directories
- 60d1add docs: add context to fences
- 9d49852 fix: update deps - chokidar@2.0.0 in particular
- e90f15a fix: node < 6.4.0 causing crash on 'rs' trigger
- e95ea6f fix: ignorePermissionErrors in chokidar
- c121187 refactor: indexOf > includes (in node4)
- 8cec0fc chore: fix linting issue
- 718a9ad fix: correctly pass ignored rules to chokidar
- 64a82ff fix: fail gracefully if postinstall fails
- 2582d96 fix: clarify which config files are actually used
- 8cb26bf refactor: small tweaks to ES6-ish
- 6e7ce4b fix: swallow child.stdin err
- d78bf3d fix: watch both js and mjs files if main file is JavaScript
- 0d9a892 fix: don't use fork with `node inspect`
- de66c6b refactor: fix scoping issue in node@4
- 5a914cb fix: handle exit(2) better
- 6333fa5 chore: fix linting
- 6e839d4 fix: support implicit filename extension
- 48048aa fix: properly handle --no-update-notifier
- c637717 fix: expose no update flag
- f711537 chore: fix linting
- 7a04e2c fix: incorrect count of watch files being reported
- 7052648 docs: add SparkPost for their sponsorship ❤️
- 369eb11 chore: update issue template
See the full diffPackage name: pm2
The new version differs by 229 commits.- 0d00936 chore: upgrade changelog + package.json
- c6d7ace Merge pull request #3466 from natcl/development
- f305d6d Correct typo
- 767c36f Check if windowsHide is bool
- 41815e0 chore: pmx to 1.6.3-rc2
- eb39c5f feature: allow to set deep monitoring via environment (PM2_DEEP_MONITORING=true on start/restart)
- 748019d chore: switch pmx to development
- 82375af Revert to cleaner check
- 031a668 Fix 'start pm2 inside pm2' test
- ab54f6a Revert windowsHide to true for cluster mode, only needed in fork mode.
- 97fb295 Merge remote-tracking branch 'upstream/development' into development
- dd9ebb6 Merge pull request #3464 from andyfleming/patch-1
- 46948a9 Merge pull request #3459 from rmonnier/master
- f3b3572 Merge pull request #3458 from Unitech/pm2_install_command
- 387270d Add windowsHide option so it can be set via process file, fixes #3425
- 72f6ef6 Adding string[] to "watch" value in StartOptions
- 5d56fac feat(pm2): add pm2 init option to generate an ecosystem file
- a38fd19 feat(pm2): add pm2 init option to generate an ecosystem file
- a315eeb fix: add livescript in default modules
- c90c453 docs: add documentation on new pm2 install command
- 828a30d feat: add dependencies section into ecosystem.json file.
- 974f9bf Merge pull request #3453 from deltasource/hotfix/scoped-package-support
- ace8d0c Fix for node 0.12 test (no String.startsWith())
- 1c58bf4 Added one test case, fixed a small bug
See the full diff