[Snyk] Fix for 6 vulnerabilities

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - app/package.json - app/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-MONGODB-473855](https://snyk.io/vuln/SNYK-JS-MONGODB-473855) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **454/1000**
**Why?** Has a fix available, CVSS 4.8 | Session Fixation
[SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-REMARKABLE-174639](https://snyk.io/vuln/SNYK-JS-REMARKABLE-174639) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **624/1000**
**Why?** Has a fix available, CVSS 8.2 | Cross-site Scripting (XSS)
[SNYK-JS-REMARKABLE-174641](https://snyk.io/vuln/SNYK-JS-REMARKABLE-174641) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Cross-site Scripting (XSS)
[npm:remarkable:20160820](https://snyk.io/vuln/npm:remarkable:20160820) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongodb

The new version differs by 250 commits.

c6f417e chore(release): 3.1.13
210c71d fix(db_ops): ensure we async resolve errors in createCollection
5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
6e896f4 docs: adding aggregation, createIndex, and runCommand examples
cb3cd12 chore(release): 3.1.12
508d685 Revert "chore(release): 3.2.0"
e7619aa chore(release): 3.2.0
d0dc228 chore(travis): include forgotten stage info for sharded builds
ffbe90b chore(travis): run sharded tests in travis as well
9bef6e7 feat(core): update to mongodb-core v3.1.11
e4bb39e chore(release): 3.1.11
76c0130 chore(core): bump version of mongodb-core
a3adb3f fix(bulk): fix error propagation in empty bulk.execute
ec0e30e doc(change-streams): correct typo, add missing example
10ea992 chore(package): update lock file
fcb3ec1 test(sharded): reduce some sharded errors
d4eae97 test(sessions): undo hack for apm events in sessions tests
0eaca21 test(sessions): fixing broken session test
6790a74 test(sharding): fixing old sharding tests
98f0c68 test(sharded): fixing sharded operation test
c6a9baa test(sessions): fixing session tests in sharded env
985f0e9 test(drop): fixing drop assertions for sharded tests

See the full diff

Package name: passport

The new version differs by 160 commits.

c33067b 0.6.0
3052bb4 Update changelog.
42630cb Merge pull request #900 from jaredhanson/fix-fixation
8dd79fe Use utils-merge rather than Object.assign for compatibility.
4f6bd5b Change keepSessionData to keepSessionData.
46756e5 Silence verbose logging.
987b191 Add tests.
f8a175f Add tests.
29a90d6 No need to guard callback existence.
bfba8a1 Add tests.
17111d7 Add option to keep session data on logout.
a349c2b Add option to keep session data.
e69834e Add optional options to login and logout.
8825a9a Add tests.
c1991cf Add tests.
294f22c Better session detection and exceptions.
80cc4e3 Add tests.
3001654 Add tests.
b395106 Clean up tests.
cfa8259 Add tests.
ee0bf81 Add tests.
cc7606c Add tests.
71c54f6 Add test.
88c1f1b Handle logout without session manager.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/shehackspurple/project/371423a4-2ed9-44d9-931e-197d3212b4f2?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/shehackspurple/project/371423a4-2ed9-44d9-931e-197d3212b4f2?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"374b05bd-b43e-4d8a-92d0-53b6d0e818c6","prPublicId":"374b05bd-b43e-4d8a-92d0-53b6d0e818c6","dependencies":[{"name":"async","from":"2.5.0","to":"2.6.4"},{"name":"mongodb","from":"2.2.30","to":"3.1.13"},{"name":"passport","from":"0.3.2","to":"0.6.0"},{"name":"remarkable","from":"1.6.2","to":"1.7.3"}],"packageManager":"npm","projectPublicId":"371423a4-2ed9-44d9-931e-197d3212b4f2","projectUrl":"https://app.snyk.io/org/shehackspurple/project/371423a4-2ed9-44d9-931e-197d3212b4f2?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["npm:remarkable:20160820","SNYK-JS-REMARKABLE-174641","SNYK-JS-REMARKABLE-174639","SNYK-JS-PASSPORT-2840631","SNYK-JS-MONGODB-473855","SNYK-JS-ASYNC-2441827"],"upgrade":["SNYK-JS-ASYNC-2441827","SNYK-JS-MONGODB-473855","SNYK-JS-PASSPORT-2840631","SNYK-JS-REMARKABLE-174639","SNYK-JS-REMARKABLE-174641","npm:remarkable:20160820"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[484,624,589,454,589,696]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lessons/xss/javascript/?loc=fix-pr) 🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lessons/xss/javascript/?loc=fix-pr) 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io?loc=fix-pr)

shehackspurple / Pixi

[Snyk] Fix for 6 vulnerabilities #19

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.