This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **461/1000** **Why?** Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-DEBUG-3227433](https://snyk.io/vuln/SNYK-JS-DEBUG-3227433) | Yes | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: log4js
The new version differs by 250 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/noomados/project/50c336ef-8a10-41dd-98ac-c157e9534430?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/noomados/project/50c336ef-8a10-41dd-98ac-c157e9534430?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"cde095d8-041d-4281-ad84-52bba27afcdf","prPublicId":"cde095d8-041d-4281-ad84-52bba27afcdf","dependencies":[{"name":"log4js","from":"1.1.1","to":"2.4.1"},{"name":"mongoose","from":"5.0.0","to":"5.2.6"},{"name":"socket.io","from":"2.0.4","to":"2.1.0"}],"packageManager":"npm","projectPublicId":"50c336ef-8a10-41dd-98ac-c157e9534430","projectUrl":"https://app.snyk.io/org/noomados/project/50c336ef-8a10-41dd-98ac-c157e9534430?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-DEBUG-3227433"],"upgrade":["SNYK-JS-DEBUG-3227433"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[461]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **461/1000****Why?** Recently disclosed, Has a fix available, CVSS 3.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-DEBUG-3227433](https://snyk.io/vuln/SNYK-JS-DEBUG-3227433) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: log4js
The new version differs by 250 commits.- 10dac6d 2.4.1
- 2d30d3d 2.4.0
- f2f9790 fix(cluster): potential bug when cluster not available
- 222d8a5 Merge pull request #626 from log4js-node/circular-json
- 8351896 fix(cluster): added circular json dep
- ae97ae6 Updated codecov badge and link
- c0d4d3a fix(example): removed app.configure call for express 4
- 71f84fe Update README.md
- 1350753 Merge pull request #618 from log4js-node/linting
- f093279 test(pm2): one more go at making this test work all the time
- 551472c test(dateFile): fixed a potential test timing issue
- 6d3984d chore(ignore): added dockerfiles used for testing to git and npm ignore
- f1a7d57 chore(merge): merging from master
- 7e008b9 Merge pull request #616 from log4js-node/dep-updates
- a5827df test(pm2): I may or may not have made this test work now
- 0d221a0 test(pm2): once more, really making it more reliable this time
- a690ba0 test(pm2): really making it more reliable this time
- 8627f74 fix(#614): bumped deps of debug, date-format, streamroller
- 906a774 chore(lint): added linting to test files
- b65871a 2.3.12
- 974d8ea Merge pull request #611 from log4js-node/update-dev-dependencies
- 0e13be9 chore: upgraded dev deps
- 6c78f23 Merge pull request #609 from log4js-node/filesync-ignores-flags
- dc2079e fix(fileSync): options not used
See the full diffPackage name: mongoose
The new version differs by 250 commits.- d4f507f chore: release 5.2.6
- 7eac18c style: fix lint
- e47b669 fix(populate): make error reported when no `localField` specified catchable
- 1e27f09 test(populate): repro #6767
- 2b5e18a fix(query): upgrade mquery for readConcern() helper
- 2bf81e7 test: try skipping in before()
- d5b43da test: more test fixes re: #6754
- e91d404 test(transactions): skip nested suite if parent suite skipped
- 22c6c33 fix(query): propagate top-level session down to `populate()`
- 0f24449 test(query): repro #6754
- bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
- f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
- 4071de4 Merge pull request #6771 from Automattic/gh6750
- 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
- 695cb6f test(document): repro #6779
- 0ca947e docs(document): add missing params for `toObject()`
- b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
- 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
- 451c50e test: add quick spot check for webpack build
- a0aaa82 Merge branch 'master' into gh6750
- 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
- 28621a5 test(document): repro #6754
- 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
- 42ddc42 test(connection): repro #6756
See the full diffPackage name: socket.io
The new version differs by 14 commits.- db831a3 [chore] Release 2.1.0
- ac945d1 [feat] Add support for dynamic namespaces (#3195)
- ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
- 1f1d64b [fix] Include the protocol in the origins check (#3198)
- f4fc517 [fix] Properly emit 'connect' when using a custom namespace (#3197)
- be61ba0 [docs] Add link to a Dart client implementation (#2940)
- c0c79f0 [feat] Add support for dynamic namespaces (#3187)
- dea5214 [chore] Bump superagent and supertest versions (#3186)
- b1941d5 [chore] Bump engine.io to version 3.2.0
- a23007a [docs] Update license year (#3153)
- f48a06c [feat] Add a 'binary' flag (#3185)
- 0539a2c [test] Update travis configuration
- c06ac07 [docs] Fix typo (#3157)
- 52b0960 [chore] Bump debug to version 3.1.0
See the full diff