[Snyk] Fix for 22 vulnerabilities

[ebarahona]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:parsejson:20170908	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20160722	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: less-middleware

The new version differs by 10 commits.

• 5902c1a Merge pull request How to add extra validation on hook allcount/allcountjs#115 from emberfeather/Zoramite-patch-1
• afab7b6 Adding a changelog and updating to version 2.0.0
• 37ed8ce Adding the `cacheFile` option back to the middleware.
• d8f3351 Bringing back the ability to monitor the imports for changes to trigger recompile.
• 3269f1b Bumping version number.
• bedc358 Fixing up the sourcemaps test and processing to work correctly.
• adc79fa Removing leftover test fixtures from removing the cachefile option.
• cc500e8 Fixing the code to work with the switch to the latest less version.
• b8a3427 Updating the dependency list.
• cafdcb9 Updating to less 2.2.x

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• ddff80d release 4.0.0
• 2ef9a42 Merge branch '3.8.x'
• 73d7dc6 Merge pull request #2791 from Automattic/docs-switch
• 06ee56c fix; docs generation for embedded docs
• c339edd chore; set up legacy / master doc generation
• 3846944 chore; update gitter badge to Automattic/, reference acquit in README
• 5eb0b7d upgraded; node driver to 2.0.24
• 5ed48e2 Merge pull request #2789 from chetverikov/patch-2
• 343811b Merge pull request #2788 from chetverikov/errors
• 5d488e1 LearnBoost -> Automattic
• 9408e1d Fix errors is not defined
• 174e1f0 fix; test broken from 3.8.x merge
• 0ffbf77 Merge branch '3.8.x'
• 1624116 Merge pull request #2783 from artiifix/patch-1
• e1196a9 Correct typo in documentation
• 8454a49 Merge branch '3.8.x'
• b7c7040 Fix #2656; upgrade to node driver 2.0.23
• ea2558b Merge pull request #2775 from LearnBoost/improve-cast-error
• 3d201b9 Persist cast errors across calls to validate()
• 5371e36 Repro issue with cast errors not persisting across validation
• ad4462c Merge pull request #2773 from chetverikov/gh2719
• 80f8332 Merge branch 'master' into gh2719
• a6a47cd Merge remote-tracking branch 'upstream/master'
• 78f3ebb Fix #2719

See the full diff

Package name: node-minify

The new version differs by 137 commits.

• 3092ac8 Bump 2.0.5
• 03129b0 Merge pull request Call Rest APIs from allcountjs allcount/allcountjs#143 from srod/bump-packages
• 53f175a Bump packages
• 0d4d92e Bump 2.0.4
• 38cf790 Merge pull request Add support for geolocation field allcount/allcountjs#137 from srod/develop
• fe39109 Push tags from master
• 06dbc21 Merge pull request js error when using relation reference allcount/allcountjs#136 from srod/feat-package-json
• cb20aae Workaround to avoid errors on npm install
• 1abf897 Refactoring package.json
• ae27984 Merge branch 'master' into develop
• 6aa555b Merge pull request Permission Issues for refrence and multiReference allcount/allcountjs#135 from srod/feat-bump-packages
• a930eaf Bump packages
• fa03970 Merge pull request Date Picker Does not Work allcount/allcountjs#134 from srod/fix-babili-133
• 4aa393e Require babel preset babili
• e4358f3 Merge pull request Performance of Angular? allcount/allcountjs#131 from srod/fix-uglifyjs-129
• 5c0c03b Merge branch 'develop' into fix-uglifyjs-129
• e7812e0 Bump 2.0.3
• e5b43f2 Merge pull request Error installing allcountjs on vagrant box running ubuntu allcount/allcountjs#130 from srod/fix-uglifyjs-129
• fff0475 Removing test of node 0.12 because of babili
• 6fd2da0 Add test to uglifyjs for source map
• b127aef Fix test allcount/allcountjs#129 UglifyJS source map file
• 83bf054 Bump packages
• 7e76d64 Merge pull request Ability to set port with allcountjs run allcount/allcountjs#128 from srod/bump-packages
• 8285ace Bump packages

See the full diff

Package name: socket.io

The new version differs by 42 commits.

• 3367eaa [chore] Release 2.0.0
• 6c0705f [docs] Add an example of custom parser (#2929)
• 1980fb4 [chore] Merge history of 1.7.x and 0.9.x branches (#2930)
• 0d07c47 [chore] Added backers and sponsors on the README (#2933)
• a086588 [chore] Bump dependencies (#2926)
• 87b06ad [feat] Move binary detection to the parser (#2923)
• 199eec6 [docs] Replace non-breaking space with proper whitespace (#2913)
• f1b39a6 [docs] Update emit cheatsheet (#2906)
• 240b154 [docs] Explicitly document that Server extends EventEmitter (#2874)
• c5b7738 [docs] Add server.engine.generateId attribute (#2880)
• 03f3bc9 [docs] Fix wrong space character in README (#2900)
• e40accf [docs] Fix documentation for 'connect' event (#2898)
• 01a4623 [feat] Allow to join several rooms at once (#2879)
• 2d5b002 [docs] Add webpack build example (#2828)
• 5ae06e6 [chore] Bump socket.io-adapter to version 1.0.0 (#2867)
• 4d8f68c [chore] Bump engine.io to version 2.0.2 (#2864)
• 5b79ab1 [docs] Update the wording to match the code example (#2853)
• 54ff591 [feature] Merge Engine.IO and Socket.IO handshake packets (#2833)
• e1facd5 [docs] Small addition to the Express Readme Part (#2846)
• 3b92cc2 [feature] Allow the use of custom parsers (#2829)
• 3d695c6 [chore] Bump engine.io to version 2.0.0 (#2832)
• 3b5f433 [fix] Use path.resolve by default and require.resolve as a fallback (#2797)
• 23c9dd3 [docs] Add a 'Features' section in the README (#2824)
• e28b475 [docs] Add httpd cluster example (#2819)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn