[Snyk] Fix for 18 vulnerabilities

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **619/1000**
**Why?** Has a fix available, CVSS 8.1 | Prototype Pollution
[SNYK-JS-AJV-584908](https://snyk.io/vuln/SNYK-JS-AJV-584908) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **584/1000**
**Why?** Has a fix available, CVSS 7.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-HAWK-2808852](https://snyk.io/vuln/SNYK-JS-HAWK-2808852) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **644/1000**
**Why?** Has a fix available, CVSS 8.6 | Prototype Pollution
[SNYK-JS-JSONSCHEMA-1920922](https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-1018905](https://snyk.io/vuln/SNYK-JS-LODASH-1018905) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **681/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.2 | Command Injection
[SNYK-JS-LODASH-1040724](https://snyk.io/vuln/SNYK-JS-LODASH-1040724) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-450202](https://snyk.io/vuln/SNYK-JS-LODASH-450202) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-608086](https://snyk.io/vuln/SNYK-JS-LODASH-608086) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-73638](https://snyk.io/vuln/SNYK-JS-LODASH-73638) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **541/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-73639](https://snyk.io/vuln/SNYK-JS-LODASH-73639) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **479/1000**
**Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | Yes | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS)
[npm:bson:20180225](https://snyk.io/vuln/npm:bson:20180225) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **579/1000**
**Why?** Has a fix available, CVSS 7.3 | Prototype Pollution
[npm:extend:20180424](https://snyk.io/vuln/npm:extend:20180424) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **636/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[npm:hoek:20180212](https://snyk.io/vuln/npm:hoek:20180212) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **636/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[npm:lodash:20180130](https://snyk.io/vuln/npm:lodash:20180130) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[npm:sshpk:20180409](https://snyk.io/vuln/npm:sshpk:20180409) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Mature exploit, Has a fix available, CVSS 5.2 | Uninitialized Memory Exposure
[npm:stringstream:20180511](https://snyk.io/vuln/npm:stringstream:20180511) | Yes | Mature (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: connect-mongo

The new version differs by 90 commits.

63ca966 docs: update readme and bump version to 3.0.0
aceb1ee chore: bump version to 3.0.0-rc.2
0e4a234 test: add test cases on event listener
e77a7f1 test: replace mocha with jest (#324)
ad39e88 test: replace deprecated collection.insert to collection.insertOne
545c06e docs: update README on testing
2d5442e chore: upgrade depns mocha
5d3a321 chore: upgrade nyc depns
54cd91d chore: upgrade depns
afb7a12 docs: remove some badges
6c2484b docs: update README for supporting version
c925c92 test: fix test case
6827330 chore: bump version to 3.0.0-rc.1
f62692b ci: update .npmignore
aa2637d ci: remove node 6 support and add linting in travis
801291b fix linting error
f928547 travis add test on Node 12
12275f0 better linting
eb23b1e linting fix
66194c7 bump major version to 3.0.0-rc
f29084f Wait for client open, before calling db. (#321)
d252bfc Install Stale bot
15d91c1 Transparent crypto support (#314)
08ccada Update readme refer to latest release to avoid confusion

See the full diff

Package name: less

The new version differs by 250 commits.

e4f7551 v3.12.0
371185c v3.12.0-RC.2 (#3540)
d5aa9d1 Fixes #3371 Allow conditional evaluation of function args (#3532)
a722237 Remove lib folder from git (#3531)
e0f5c1a Move changelog to root (#3530)
f7bdce7 Duplicate dist files in root for older links (#3529)
0925cf1 Test-data module (#3525)
51fb02b Fixes #3504 / organizes tests (#3523)
efb76ec Restore nuked scripts (?), replace dependencies (#3501) (#3522)
2c5e4dd Lerna refactor / TS compiling w/o bundling (#3521)
a3641e4 Resolve #3398 Add flag to disable sourcemap url annotation (#3517)
e018ba8 fix(#3294): use loadFileSync when loading plugins with syncImport: true (#3506)
95b9007 Update changelog
6238bbc Fixes #3508 (#3509)
8338366 Update README.md
6313bc5 Update changelog
53bf877 Remove tree caching in import manager (#3498)
0f271f3 issue#3481 ignore missing debugInfo (#3482)
3bd995b Additional check to avoid evaluating an expression if it is a comment (#3494)
0715d90 fix: Use make-dir instead of mkdirp (#3490)
2634494 Properly exit calc mode after use (#3493)
096dd22 Convert to auto-changelog (#3477)
842386b Fixes #3469 - Include tslib dependency (#3475)
1adaadb 3.11.0 (#3468)

See the full diff

Package name: mongoose

The new version differs by 250 commits.

76fae6d chore: release 5.3.9
40d4177 Merge pull request #7213 from NewEraCracker/master
751397c fix(document): run setter only once when doing `.set()` underneath a single nested subdoc
10837d4 test(document): repro #7196
10a63a9 Bump version of bson dependency to match mongodb-core
d10274e docs(transactions): add example of aborting a transaction
d245847 Merge branch 'master' of github.com:Automattic/mongoose
551a75b chore: add cpc to some pages that were missing it
1ca3514 Merge pull request #7210 from gfranco93/patch-1
c1606b6 Merge pull request #7207 from lineus/fix-7098
e9d538e Merge pull request #7203 from lineus/fix-7202
8f16b67 fix(document): surface errors in subdoc pre validate
87005a1 test(document): repro #7187
5b1d81c Documentation fix: fixed anchor link
eebfb36 docs(query): add note re: cursor()
c1e2617 docs(query): improve find() docs re: #7188
526f82d fix(query): run default functions after hydrating the loaded document
320d5f8 test(query): repro #7182
64c6d15 if our update schema path is a nested array do not skip query casting.
5d122e8 test for #7098
5ba13a7 refactor(test): move strictQuery tests to query.test.js since they do not use findOneAndUpdate()
4121629 chore: refer to correct issue #7178
22ed5d2 fix(query): handle strictQuery: 'throw' with nested path correctly
8c16354 test(query): repro #7152

See the full diff

Package name: node-telegram-bot-api

The new version differs by 212 commits.

5385d41 feat: update to v0.64.0 version
12d4d25 deps: Change request to @ cypress/request (#1145)
f17e801 docs: revokeChatInviteLink
595cdbd feat: Telegram Bot API 6.8 support (#1113)
dfe24a4 docs: update api.md for setWebHook (fix #1083) (#1084)
542002e feat: Telegram Bot API Support 6.6 + 6.7 [WIP] (#1069)
2885db0 Merge pull request #1094 from kaiserdj/patch-1
ad2b8c2 docs: Update group link
4ec6a68 docs: Update group link
ab0eb18 fix: Handle rejected when open a webhook in a port that was already in use
c4164a2 docs: Update README
6077f9b docs: update api.md for createNewStickerSet (#1043)
41f493b docs: update README.md (#1044)
53b5565 fix: remove try catch in _fixAddFileThumb
58261d1 feat: Telegram Bot API 6.4 Support (#1040)
4ef4fe9 Update incorrect link in tutorials.md (#1027)
ab59286 feat: Telegram Bot API v6.3 (#1020)
0eb8b80 fix: Parse entities when sending request (#1013)
ccdd146 docs: Fix readme with correct link to api docs
d853704 fix: Changelog
22d99fd docs: update @ types install note (#999)
fe4afd6 feat: Support Bot API v6.2 (#996)
c9b05e7 feat: Support test enviroment (#994)
f50cf98 Hotfix: tests + modify order src/telegram + docs (#988)

See the full diff

Package name: nodemon

The new version differs by 190 commits.

9a67f36 feat: update chokidar to v3
6781b40 docs: add license file
0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
b58cf7d chore: Merge branch 'master'
95a4c09 docs: add to faq
3a2eaf7 choe: merge master
3d90879 chore: add logo to site
7d6c1a8 fix: Replace `jade` references by `pug`
74c8749 chore: test funding.yml change
c1a8b75 chore: update funding
d5b9891 test: ensure ignore relative paths
eead311 fix: to avoid confusion like in #1528, always report used extension
12b66cd fix: langauge around "watching" (#1591)
2e6e2c4 docs: README Grammar (#1601)
5124ae9 Merge branch 'master' of github.com:remy/nodemon
95fa05a chore: git card
d84f421 chore: adding funding file
13afac2 fix: ensure signal is sent to exit event
d088cb6 chore: update stalebot
20ccb62 feat: add message event
886527f fix: disable fork only if string starts with dash
64b474e feat: add TypeScript to default execPath (#1552)
2973afb fix: Quote zero-length strings in arguments (#1551)
aa41ab2 fix: hard bump of chokidar@2.1.5

See the full diff

Package name: pm2

The new version differs by 250 commits.

e24fc12 pm2@4.0.0
4c55d83 fix: test dependency
8f954d0 pm2@4.0.0
ecfcf5d Merge pull request #4436 from niftylettuce/master
ff5d3be feat: added Lad to framework list
4e933d2 pm2@4.0.0-beta-9
869b1d3 chore: drop ADVANCED_README.md
2c7765d Merge pull request #4391 from ykolbin/migrate-pm2-cli
5b2f15f fix: adapt new pm2 register flow
7d6ffef chore: upgrade pm2/io and chokidar
01b2949 pm2@4.0.0-beta-8
daca87c Merge pull request #4377 from RiaanWest/fix/lodash-version
474ac37 Merge pull request #4392 from mib008/patch/issue_4378
76dfc07 fix: add property 'type' for compatible with old version.
886c5c5 fix: remove garbage whitespace.
5676974 refactor: Simplify bin/pm2 and move content to lib/binaries/CLI.js
f59911e fix: update lodash version
21af03f chore: update README
6bbee22 chore: change link
e44ac95 chore: upgrade logo
9389dfe chore: upgrade systeminformation
0c79406 Update package.json
cf20f15 chore: upgrade async to 3.1
359c8c2 docs: update info links

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"6d23debe-b54f-4a66-81a8-b85670b523b4","prPublicId":"6d23debe-b54f-4a66-81a8-b85670b523b4","dependencies":[{"name":"connect-mongo","from":"1.3.2","to":"3.0.0"},{"name":"less","from":"2.7.3","to":"3.12.0"},{"name":"mongoose","from":"4.12.4","to":"5.3.9"},{"name":"node-telegram-bot-api","from":"0.27.1","to":"0.64.0"},{"name":"nodemon","from":"1.12.1","to":"2.0.0"},{"name":"pm2","from":"2.7.2","to":"4.0.0"}],"packageManager":"npm","projectPublicId":"97d60973-e04a-41e6-8345-a40d4a60c989","projectUrl":"https://app.snyk.io/org/kayvanmazaheri/project/97d60973-e04a-41e6-8345-a40d4a60c989?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-AJV-584908","npm:bson:20180225","SNYK-JS-HAWK-2808852","SNYK-JS-JSONSCHEMA-1920922","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","npm:lodash:20180130","SNYK-JS-MINIMATCH-3050818","SNYK-JS-QS-3153490","npm:extend:20180424","npm:hoek:20180212","npm:sshpk:20180409","npm:stringstream:20180511"],"upgrade":["SNYK-JS-AJV-584908","SNYK-JS-HAWK-2808852","SNYK-JS-JSONSCHEMA-1920922","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","SNYK-JS-MINIMATCH-3050818","SNYK-JS-QS-3153490","npm:bson:20180225","npm:extend:20180424","npm:hoek:20180212","npm:lodash:20180130","npm:sshpk:20180409","npm:stringstream:20180511"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[619,506,584,644,586,681,686,731,686,686,541,636,479,696,579,636,696,646],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Command Injection](https://learn.snyk.io/lesson/malicious-code-injection/?loc=fix-pr)

KayvanMazaheri / pillo

[Snyk] Fix for 18 vulnerabilities #93

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.