This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **584/1000** **Why?** Has a fix available, CVSS 7.4 | Authorization Bypass [SNYK-JS-EXPRESSJWT-575022](https://snyk.io/vuln/SNYK-JS-EXPRESSJWT-575022) | Yes | No Known Exploit
 | **484/1000** **Why?** Has a fix available, CVSS 5.4 | Open Redirect [SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | No | No Known Exploit
 | **671/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7 | Prototype Pollution [SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | No | Proof of Concept
 | **454/1000** **Why?** Has a fix available, CVSS 4.8 | Session Fixation [SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | No | No Known Exploit
 | **484/1000** **Why?** Has a fix available, CVSS 5.4 | User Interface (UI) Misrepresentation of Critical Information [SNYK-JS-SWAGGERUIDIST-2314884](https://snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884) | No | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: express-jwt
The new version differs by 3 commits.
feb0664 Merge pull request #235 from tingstad/patch-1
1699685 Update README - two swagger documents (typo)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/oritpersik/project/628ee9c3-ff6d-4eee-be5c-31888675feaf?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/oritpersik/project/628ee9c3-ff6d-4eee-be5c-31888675feaf?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"6376acec-c4ac-4144-91d3-9f4b14c06f12","prPublicId":"6376acec-c4ac-4144-91d3-9f4b14c06f12","dependencies":[{"name":"express-jwt","from":"5.3.3","to":"6.0.0"},{"name":"mongoose","from":"6.0.13","to":"6.4.6"},{"name":"nodemon","from":"2.0.15","to":"2.0.17"},{"name":"passport","from":"0.4.1","to":"0.6.0"},{"name":"swagger-ui-express","from":"4.1.6","to":"4.2.0"}],"packageManager":"npm","projectPublicId":"628ee9c3-ff6d-4eee-be5c-31888675feaf","projectUrl":"https://app.snyk.io/org/oritpersik/project/628ee9c3-ff6d-4eee-be5c-31888675feaf?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SWAGGERUIDIST-2314884","SNYK-JS-PASSPORT-2840631","SNYK-JS-MONGOOSE-2961688","SNYK-JS-GOT-2932019","SNYK-JS-EXPRESSJWT-575022"],"upgrade":["SNYK-JS-EXPRESSJWT-575022","SNYK-JS-GOT-2932019","SNYK-JS-MONGOOSE-2961688","SNYK-JS-PASSPORT-2840631","SNYK-JS-SWAGGERUIDIST-2314884"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[484,454,671,484,584]})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Prototype Pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/?loc=fix-pr)
🦉 [Open Redirect](https://learn.snyk.io/lessons/open-redirect/javascript/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **584/1000****Why?** Has a fix available, CVSS 7.4 | Authorization Bypass
[SNYK-JS-EXPRESSJWT-575022](https://snyk.io/vuln/SNYK-JS-EXPRESSJWT-575022) | Yes | No Known Exploit  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | No | No Known Exploit  | **671/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7 | Prototype Pollution
[SNYK-JS-MONGOOSE-2961688](https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688) | No | Proof of Concept  | **454/1000**
**Why?** Has a fix available, CVSS 4.8 | Session Fixation
[SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | No | No Known Exploit  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | User Interface (UI) Misrepresentation of Critical Information
[SNYK-JS-SWAGGERUIDIST-2314884](https://snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: express-jwt
The new version differs by 3 commits.- 678f3b0 6.0.0
- 7ecab5f Merge pull request from GHSA-6g6m-m6h5-w9gf
- 304a1c5 Made algorithms mandatory
See the full diffPackage name: mongoose
The new version differs by 250 commits.- 5449ab9 chore: release 6.4.6
- b8c99cf Merge pull request #11892 from Automattic/netlify-functions-example
- 2751883 fix tests
- eced2c7 Merge branch 'master' into netlify-functions-example
- 92cb6fb Merge branch 'master' into vkarpov15/gh-12085
- 422f9da test(schema): add coverage for calling `plugin()` with options
- 2262a77 fix(document): avoid mutating original object passed to $set() when applying defaults to nested properties
- 2e6b064 made requested changes
- b70a0dc Merge pull request #12123 from LokeshKanumoori/patch-1
- 086bd9f fix(query): apply lean transform option to top-level document
- 1344214 Update migrating_to_6.md
- a45cfb6 fix(schema): disallow setting __proto__ when creating schema with dotted properties
- bc302f4 chore: release 6.4.5
- 44530a6 Merge pull request #12116 from Automattic/revert-12103-upgrade-mongo-driver
- 80b7d53 Revert "chore: upgrade mongodb driver to 4.8.0"
- 0156d5e style: fix lint
- 9524f89 fix(types): make `$addToSet` fields mutable to allow programatically constructing $addToSet
- 201071b fix(types): allow any value for AddFields
- 5301deb fix: cleanup and various updates
- 118c97a Merge branch 'master' into netlify-functions-example
- 1306d00 Merge pull request #12086 from hasezoey/modelJSDOCTouchup
- f95373d Merge pull request #12110 from skrtheboss/fix/is-atlas-check
- 1445c20 Merge pull request #12112 from pathei-kosmos/master
- 250b01b fix(types): avoid treating `| undefined` types as `any` in `Require_id` to better support `_id: String` with auto-typed schemas
See the full diffPackage name: nodemon
The new version differs by 18 commits.- 27e91c3 fix: update packge-lock
- 0144e4f fix: bump update-notifier to v6.0.0 (#2029)
- c870342 chore: update supporters
- 5c0b472 chore: add supporter
- e26aaa9 fix: support windows by using path.delimiter
- 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
- de5d32a docs: Unified Node.js capitalization (#1986)
- e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
- bc4547b chore: update sponsors
- 07159c5 chore: add supporters
- cd100da chore: update supporters
- 6a34922 chore: supporters
- e5d6067 chore: updating supporters
- 242f9f7 Merge branch 'main' of github.com:remy/nodemon
- 141e58c chore: update supporters
- 53422af ci(release): workflow uses 'npm' cache (#1933)
- 581c641 ci(node.js): workflow uses 'npm' cache (#1934)
- cb1c8b9 docs: Fix typo in faq.md (#1950)
See the full diffPackage name: passport
The new version differs by 100 commits.- c33067b 0.6.0
- 3052bb4 Update changelog.
- 42630cb Merge pull request #900 from jaredhanson/fix-fixation
- 8dd79fe Use utils-merge rather than Object.assign for compatibility.
- 4f6bd5b Change keepSessionData to keepSessionData.
- 46756e5 Silence verbose logging.
- 987b191 Add tests.
- f8a175f Add tests.
- 29a90d6 No need to guard callback existence.
- bfba8a1 Add tests.
- 17111d7 Add option to keep session data on logout.
- a349c2b Add option to keep session data.
- e69834e Add optional options to login and logout.
- 8825a9a Add tests.
- c1991cf Add tests.
- 294f22c Better session detection and exceptions.
- 80cc4e3 Add tests.
- 3001654 Add tests.
- b395106 Clean up tests.
- cfa8259 Add tests.
- ee0bf81 Add tests.
- cc7606c Add tests.
- 71c54f6 Add test.
- 88c1f1b Handle logout without session manager.
See the full diffPackage name: swagger-ui-express
The new version differs by 12 commits.- aa3d56a Bumped version of swagger-ui-dist and moved js template usage
- ff10df4 Update README.md
- fe789d8 Update README.md
- d07439b Merge pull request #270 from jdgarcia/security-update
- 9011cdf Merge pull request #269 from artyhedgehog/patch-1
- e09c35f update swagger-ui-dist dependency to fix security vulnerabilities
- de8e7eb readme: fix broken link to swagger-jsdoc
- 5824af0 Merge pull request #236 from H3nSte1n/feature/Add_converage_section_to_readme
- da7b5ff feat: Remove Coverage headline from README
- b46e892 feat: Add coverage section to README
- feb0664 Merge pull request #235 from tingstad/patch-1
- 1699685 Update README - two swagger documents (typo)
See the full diff