[Snyk] Fix for 2 vulnerabilities

[Karla-Isabel-Sandoval]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express

The new version differs by 250 commits.

• ea3d605 4.15.5
• 40435ec deps: serve-static@1.12.6
• 7137bf5 deps: send@0.15.6
• bd1672f deps: finalhandler@~1.0.6
• 9395db4 deps: debug@2.6.9
• 19a2eeb tests: check render error without engine-specific message
• d7da225 build: should@13.1.0
• 961dbff deps: serve-static@1.12.5
• 9e0fa7f deps: send@0.15.5
• 9e067ad deps: fresh@0.5.2
• de5fb62 deps: update example dependencies
• b208b24 build: should@13.0.1
• 78e5510 build: mocha@3.5.3
• 48817a7 build: remove minor pin for nightly
• a4bd437 4.15.4
• a50f109 deps: serve-static@1.12.4
• e2d725e deps: send@0.15.4
• e006622 lint: remove all unused varaibles
• 44881fa docs: update collaborator guide for lint script
• 1dbaae5 deps: update example dependencies
• 56e90e3 lint: add eslint rules that cover editorconfig
• 713d2ae tests: fix incorrect should usage
• e0aa8bf build: mocha@3.5.0
• 85770a7 deps: finalhandler@~1.0.4

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• c86ef79 chore: release 4.11.14
• 0165e5f chore: bump lockfile and add back nsp re: #5658
• 07e62be fix(populate): automatically select() populated()-ed fields
• cc6e489 test(populate): repro #5669
• 4be7d79 chore: remove nsp for now
• 5ab6726 chore: run nsp after test
• 2b4435d Merge pull request #5679 from hairyhenderson/add-nsp-check-in-ci
• bf6ef00 Merge pull request #5675 from jonathanprl/patch-1
• 5332ab6 chore: use ~
• 48ca046 Adding nsp check to the CI build
• f9e0525 fix(connection): make force close work as expected
• 0e5fc39 test(connection): repro #5664
• e8f0055 Update mquery dependency
• 4875dbe fix(model): make `init()` public and return a promise that resolves when indexes are done building
• 3f17393 fix(document): treat $elemMatch as inclusive projection
• a7a5621 test(document): repro #5661
• c79d48e docs(model/query): clarify which functions fire which middleware
• 635f07f chore: now working on 4.11.14
• cc32e59 Merge branch 'master' of github.com:Automattic/mongoose
• 96e06b7 chore: release 4.11.13
• cc52ec0 Merge pull request #5665 from sime1/master
• ab9ba7c test: add coverage for #5656
• 52ed14f Merge pull request #5656 from zipp3r/master
• a872591 fix(query): avoid throwing cast error for strict: throw with nested id in query

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#89)
• b83b36d chore(package): update eslint to version 3.19.0 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#85)
• bd49cec chore(package): update xo to version 0.18.0 ([Snyk] Fix for 33 vulnerable dependency paths snyk-labs/nodejs-goof#84)
• d4a94b1 chore(package): update serve to version 5.0.3 (feat: added support for CloudFoundry snyk-labs/nodejs-goof#83)
• 923eee1 chore(package): update serve to version 5.0.2 ([Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#82)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)