[Snyk] Fix for 11 vulnerabilities

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity	Reachability
	159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00132, Social Trends: No, Days since published: 706, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept	No Path Found
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00324, Social Trends: No, Days since published: 1086, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept	No Path Found
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1122, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept	No Path Found
	239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00606, Social Trends: No, Days since published: 1122, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept	No Path Found
	45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00112, Social Trends: No, Days since published: 512, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit	No Path Found
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 723, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept	No Path Found
	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00281, Social Trends: No, Days since published: 1044, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept	No Path Found
	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 267, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept	No Path Found
	158/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.06698, Social Trends: No, Days since published: 913, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5	Prototype Pollution SNYK-JS-SETVALUE-1540541	No	Proof of Concept	No Path Found
	150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00447, Social Trends: No, Days since published: 1728, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.65, Score Version: V5	Prototype Pollution SNYK-JS-SETVALUE-450213	No	Proof of Concept	No Path Found
	58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2360, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.43, Score Version: V5	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept	No Path Found

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dependency-check

• 4.1.0 - 2019-07-29
  
  • Fix node version check to match against package. Fixes #104 c8fca5d
  • Restore --no-dev/--no-peer for explicit --missing. Fixes #105 01271e9

  v4.0.1...v4.1.0

• 4.0.1 - 2019-07-28
  
  • SEMIBREAKING: Remove --no-dev/no-peer from missing checks. Every only been officially supported in unused checks. edfde9b
  • Update URL:s to point to new GitHub organization 0174a07

  All changes:

  v4.0.0...v4.0.1

• 4.0.0 - 2019-07-28
  

  News

  • Moved repository to a GitHub organization: dependency-check-team

  Breaking

  • BREAKING: Remove --entry, instead add entries directly 8657129

  • BREAKING: Drop callback parameter from main export (doesn't affect the CLI interface) 80866f8

  • BREAKING: Remove --extra alias, use --unused instead 53d2c3d

  • BREAKING: By default, run all checks, both missing and unused 5e4f11b

  • BREAKING: Require Node >=10 fb09c07

  • SEMIBREAKING: Make --quiet the standard, add --verbose for previous verbose logging behavior d886e2b

  • SEMIBREAKING: Update to latest globby release 2c91ae0

  Improvements

  • Move to require('module').builtinModules 55d282e
  • Add resolving of package.json directly from files da6c139

  Fixes

  • Internal: Make parse() + path resolving async 8eaba08

  Dependency updates

  • Update to latest micromatch release 011184c

  Full list of changes

  v3.4.1...v4.0.0

• 3.4.1 - 2019-07-08
  

  3.4.1

• 3.4.0 - 2019-07-08
  

  3.4.0

• 3.3.2 - 2019-07-08
  

  3.3.2

• 3.3.1 - 2019-07-08
  

  3.3.1

• 3.3.0 - 2018-12-25
  

  3.3.0

• 3.2.1 - 2018-09-11
  

  3.2.1

• 3.2.0 - 2018-07-15
  

  Added

  • Resolve entry paths with glob support
• 3.1.0 - 2018-03-01
• 3.0.0 - 2018-01-15
• 2.10.1 - 2018-03-09

from dependency-check GitHub release notes

Package name: mongodb-js-precommit

• 2.0.1 - 2020-01-30
  

  2.0.1

• 2.0.0 - 2019-01-16

from mongodb-js-precommit GitHub release notes

Commit messages

Package name: dependency-check

The new version differs by 71 commits.

• 864e899 4.1.0
• c8fca5d Fix node version check to match against package
• 01271e9 Restore --no-dev/no-peer for explicit --missing
• d22bc2d 4.0.1
• edfde9b SEMIBREAKING: Remove --no-dev/no-peer from missing
• c3e7b20 Use object shorthand
• d48d6c9 Improving Travis test setup
• cca6a97 Badge should now point to travis-ci.com instead
• ef590a3 Mention 4.x in requirements and security
• 9dd2f36 Update README to point to new GitHub organization
• 0174a07 Update URL:s to point to new GitHub organization
• 16e34d4 4.0.0
• f2d7711 Update standard to 13.x
• 2ea7c28 Add Husky to make it harder to push failing tests
• 8657129 BREAKING: Remove --entry, instead add directly
• 151bc29 Clarify CLI help, eg. missing is no longer default
• 08cfb69 Clarify an error message on finding a package.json
• 80866f8 BREAKING: Drop callback parameter from main export
• 8eaba08 Make parse() + path resolving async
• 0320bb7 Minor refactoring of bin resolving
• ca55986 Added another path helper
• a8a39fc Extract the code that resolves paths to look at
• 53d2c3d BREAKING: Remove --extra alias, use --unused
• 55d282e Move to require('module').builtinModules

See the full diff

Package name: mongodb-js-precommit

The new version differs by 28 commits.

• 0832143 2.0.1
• e4fe994 fix: make dependency-check work again
• cb121fa Merge pull request [Snyk] Fix for 1 vulnerabilities #27 from mongodb-js/dependabot/npm_and_yarn/mocha-7.0.1
• 7943ff9 Merge pull request [Snyk] Security upgrade snyk from 1.389.0 to 1.465.0 #26 from mongodb-js/dependabot/npm_and_yarn/async-3.1.1
• 98e2f47 Bump mocha from 7.0.0 to 7.0.1
• 5b81b6c Bump async from 3.1.0 to 3.1.1
• 1f7e9b4 Merge pull request [Snyk] Security upgrade snyk from 1.389.0 to 1.465.0 #25 from mongodb-js/dependabot/npm_and_yarn/eslint-config-mongodb-js-5.0.3
• 9e0e005 Bump eslint-config-mongodb-js from 3.0.1 to 5.0.3
• 77e9f58 Merge pull request [Snyk] Fix for 1 vulnerabilities #24 from mongodb-js/dependabot/npm_and_yarn/async-3.1.0
• d6ddd63 Merge pull request [Snyk] Security upgrade mongoose from 4.2.4 to 5.7.3 #23 from mongodb-js/dependabot/npm_and_yarn/mocha-7.0.0
• 0fe8091 Bump async from 2.6.1 to 3.1.0
• a8658c2 Bump mocha from 5.2.0 to 7.0.0
• b418a0e Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #15 from mongodb-js/dependabot/npm_and_yarn/precinct-6.2.0
• 61cfaa0 Bump precinct from 6.1.0 to 6.2.0
• 34fe88c Merge pull request [Snyk] Security upgrade lodash-es from 4.17.10 to 4.17.21 #18 from mongodb-js/dependabot/npm_and_yarn/chalk-3.0.0
• f028824 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #14 from mongodb-js/dependabot/npm_and_yarn/dependency-check-4.1.0
• c7bc03d Bump chalk from 2.4.2 to 3.0.0
• 5935974 Bump dependency-check from 3.2.1 to 4.1.0
• de8ee63 Merge pull request [Snyk] Security upgrade moment from 2.15.1 to 2.29.2 #20 from mongodb-js/dependabot/npm_and_yarn/figures-3.1.0
• 3d33a1a Merge pull request [Snyk] Security upgrade moment from 2.22.1 to 2.29.2 #21 from mongodb-js/dependabot/npm_and_yarn/glob-7.1.6
• e9c7e60 Bump figures from 2.0.0 to 3.1.0
• ed79103 Merge pull request [Snyk] Security upgrade moment from 2.15.1 to 2.29.2 #19 from mongodb-js/dependabot/npm_and_yarn/mixin-deep-1.3.2
• 56aecbc Merge pull request [Snyk] Fix for 1 vulnerabilities #17 from mongodb-js/dependabot/npm_and_yarn/eslint-utils-1.4.3
• e3fe875 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #16 from mongodb-js/dependabot/npm_and_yarn/lodash-4.17.15

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection