[Snyk] Fix for 1 vulnerabilities

[Bhanditz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	461/1000 Why? Recently disclosed, Has a fix available, CVSS 3.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-DEBUG-3227433	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: debug

The new version differs by 76 commits.

• f073e05 Release 3.1.0
• 2c0df9b rename `DEBUG_HIDE_TTY_DATE` to `DEBUG_HIDE_DATE`
• dcb37b2 Merge branch '2.x'
• 56a3853 Add `DEBUG_HIDE_TTY_DATE` env var (bump strider-slack version Strider-CD/strider#486)
• 13abeae Release 2.6.9
• f53962e remove ReDoS regexp in %o formatter (Upgrade to Bootstrap 3.x Strider-CD/strider#504)
• bdb7e01 remove "component" from package.json
• c38a016 remove ReDoS regexp in %o formatter (Upgrade to Bootstrap 3.x Strider-CD/strider#504)
• 47747f3 remove `component.json`
• a0601e5 fix
• e7e568a ignore package-lock.json
• fdfa0f5 Fix browser detection
• 7cd9e53 examples: fix colors printout
• 8d76196 Merge pull request Is there a way to have the build number/id as an env variable? Strider-CD/strider#496 from EdwardBetts/spelling
• daf1a7c correct spelling mistake
• 3e1849d Release 3.0.1
• b3ea123 Disable colors in Edge and Internet Explorer (479 468 sortable Strider-CD/strider#489)
• 13e1d06 remove v3 discussion note for now
• 52b894c Release 3.0.0
• d2dd80a component: update "ms" to v2.0.0
• 6752953 fix browser test 😵
• f6f6213 remove `make coveralls` from travis
• f178d86 attempt to separate the Node and Browser tests in Travis
• d73c4ae fix `make test`

See the full diff

Package name: method-override

The new version differs by 43 commits.

• 5b83d4f 3.0.0
• 0aef6c8 deps: debug@3.1.0
• ddb4bcc build: supertest@1.2.0
• baed633 build: mocha@3.5.3
• b357d8e Drop support for Node.js below 0.10
• 09582af build: support Node.js 10.x
• 7579004 lint: apply standard 11 style
• 00ca04a build: support Node.js 9.x
• c92384c build: eslint-plugin-promise@3.7.0
• 4947f58 build: eslint-plugin-import@2.11.0
• 6fb651a build: support Node.js 8.x
• 21c08c3 build: Node.js@6.14
• 254b6ef build: Node.js@4.9
• 26ba0ce build: eslint-plugin-node@5.2.1
• 4aef9e5 build: eslint-plugin-import@2.8.0
• 7aced59 docs: remove gratipay badge
• b232f67 build: eslint-plugin-promise@3.6.0
• d96eb1f build: Node.js@6.12
• 78421d2 build: fix Node.js 0.8 npm install
• ddfc7cc 2.3.10
• 4c58835 perf: skip unnecessary parsing of entire header
• 5a7d6a1 deps: vary@~1.1.2
• 6f75dbe deps: parseurl@~1.3.2
• 7e6bc60 deps: debug@2.6.9

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• d4f507f chore: release 5.2.6
• 7eac18c style: fix lint
• e47b669 fix(populate): make error reported when no `localField` specified catchable
• 1e27f09 test(populate): repro #6767
• 2b5e18a fix(query): upgrade mquery for readConcern() helper
• 2bf81e7 test: try skipping in before()
• d5b43da test: more test fixes re: #6754
• e91d404 test(transactions): skip nested suite if parent suite skipped
• 22c6c33 fix(query): propagate top-level session down to `populate()`
• 0f24449 test(query): repro #6754
• bc21555 fix(document): handle overwriting `$session` in `execPopulate()`
• f3af885 docs(schematypes): add some examples of getters and warning about using `map()` getters with array paths
• 4071de4 Merge pull request #6771 from Automattic/gh6750
• 12e0d09 fix(document): don't double-call deeply nested custom getters when using `get()`
• 695cb6f test(document): repro #6779
• 0ca947e docs(document): add missing params for `toObject()`
• b0e1c5b fix(documentarray): use toObject() instead of cloning for inspect
• 836eb53 refactor: use `driver.js` singleton rather than global.$MongooseDriver
• 451c50e test: add quick spot check for webpack build
• a0aaa82 Merge branch 'master' into gh6750
• 88457b0 fix(document): use associated session `$session()` when using `doc.populate()`
• 28621a5 test(document): repro #6754
• 7965494 fix(connection): throw helpful error when using legacy `mongoose.connect()` syntax
• 42ddc42 test(connection): repro #6756

See the full diff

Package name: morgan-debug

The new version differs by 4 commits.

• e792824 2.0.0
• 3b0678a Update readme and changelog
• b291e10 Fix pass thru streams trumping the debug output
• a8cba13 Change morgan and debug to peer deps

See the full diff

Package name: socket.io

The new version differs by 77 commits.

• db831a3 [chore] Release 2.1.0
• ac945d1 [feat] Add support for dynamic namespaces (#3195)
• ad0c052 [docs] Add note in docs for `origins(fn)` about `error` needing to be a string. (#2895)
• 1f1d64b [fix] Include the protocol in the origins check (#3198)
• f4fc517 [fix] Properly emit 'connect' when using a custom namespace (#3197)
• be61ba0 [docs] Add link to a Dart client implementation (#2940)
• c0c79f0 [feat] Add support for dynamic namespaces (#3187)
• dea5214 [chore] Bump superagent and supertest versions (#3186)
• b1941d5 [chore] Bump engine.io to version 3.2.0
• a23007a [docs] Update license year (#3153)
• f48a06c [feat] Add a 'binary' flag (#3185)
• 0539a2c [test] Update travis configuration
• c06ac07 [docs] Fix typo (#3157)
• 52b0960 [chore] Bump debug to version 3.1.0
• 1c108a3 [chore] Release 2.0.4
• f333479 [test] Use npm scripts instead of gulp (#3078)
• 3f61165 [docs] Fix a grammar mistake in the API docs (#3076)
• e26b71c [docs] Fix typo in API docs (#3066)
• 3386e15 [docs] Actually prevent input from having injected markup in chat example (#2987)
• 3684d59 [docs] Use path.join instead of concatenating paths (#3014)
• dd69abb [fix] Reset rooms object before broadcasting from namespace (#3039)
• 1f0e64a [fix] Do not throw when receiving an unhandled error packet (#3038)
• 9d170a7 [docs] Add io.emit in the cheat sheet (#2992)
• 7199d1b [docs] Fix misnamed 'Object.keys' in API docs (#2979)

See the full diff

Package name: socket.io-client

The new version differs by 44 commits.

• 3eb047f [chore] Release 2.1.0
• afb952d [docs] Add a note about reconnecting after a server-side disconnection
• 74893d5 [feat] Add a 'binary' flag (#1194)
• 9701611 [chore] Bump engine.io-client to version 3.2.0 (#1192)
• 3d8f24e [test] Update travis configuration
• e27f38b [chore] Restore unminified distribution files (#1191)
• bb743c4 [docs] Document connected and disconnected socket properties (#1155)
• f31837f [chore] Bump debug to version 3.1.0
• ebb0596 [chore] Release 2.0.4
• 57cee21 [test] Remove IE6 and IE7 tests (#1164)
• c58ecfc [docs] Add code examples for registered events (#1139)
• e9ebe36 [docs] Add an example with ES6 import in the README (#1138)
• 19f2b19 [chore] Release 2.0.3
• 83fedf5 [docs] Add explicit documentation for websocket transport (#1128)
• c0da119 [docs] Update documentation (several vulnerabilities CVE-2020-15168,CVE-2020-7598 are introduced in strider  Strider-CD/strider#1124)
• c3c0270 [chore] Release 2.0.2
• d864486 [chore] Bump debug to version 2.6.8 (Update api doc generator Strider-CD/strider#1123)
• 214a57f [test] Launch browser tests on localhost by default (screenshots are broken in wiki screenshots page Strider-CD/strider#1122)
• 8091591 [fix] Do not update the opts.query reference (Security Fix for Cross-site Request Forgery (CSRF) - huntr.dev Strider-CD/strider#1121)
• 4f71bd2 [chore] Release 2.0.1
• d30914d [chore] Release 2.0.0
• 9e7b543 [chore] Bump engine.io to version 3.1.0 (Fix/remove postinstall build Strider-CD/strider#1109)
• 442587e [chore] Bump dev dependencies (Applying package updates. Strider-CD/strider#1108)
• ff4cb3e [feat] Move binary detection to the parser (500 TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received undefined Strider-CD/strider#1103)

See the full diff

Package name: strider-git

The new version differs by 12 commits.

• de419b9 chore(release): 2.0.0
• 4d25d94 chore: prettier
• a4bd690 chore: add release and changelog gen
• 15105ab fix: update deps
• dee8063 chore: prettier on index
• f191d29 chore: add yarn.lock
• 2153492 chore: add prettier config
• 13da05f fix: Security Fix for Remote Code Execution - huntr.dev ([Snyk] Security upgrade semver from 5.3.0 to 7.5.2 #39)
• 99f4d88 v1.0.3
• f007c90 fix: handle error in git-version code
• 6dc48b3 v1.0.2
• 2bf0c64 Revert to older shell-escape

See the full diff

Package name: strider-github

The new version differs by 38 commits.

• eaeb99c chore(release): 3.0.4
• 32b325d fix: update strider-git to v2
• d36b8d9 chore(release): 3.0.3
• a0a9007 fix: getting repos
• e6dcd5f chore(release): 3.0.2
• 6dd9395 fix: return after callback
• 2b932e0 chore(release): 3.0.1
• 02ee9d6 fix: update accesstoken on reauth
• 1499839 chore: add prettier dep
• 3df3a6d chore: prettier
• 80def15 fix: update deps and use yarn
• bff00b5 chore(release): 3.0.0
• 6f970af fix: update node version to 10
• 47515d1 chore(release): 2.4.1
• ba6febd fix: accesstoken typo and tests, update deps
• 37825f3 chore: add release script
• e2e0189 fix: update to use authorization header
• 8c675db docs: Update README.md (Github APP auth redirect URL route does not respond Strider-CD/strider#81)
• 95d64ea tests: temporarily change the test to expect one repo back
• 556dd9c chore: add lock file
• 05072af fix: typo in github.js
• b6e98b3 fix: update usage of superagent in webhooks
• fdc8939 fix: lodash fix in index.js
• 19a1e86 fix: fix lodash in github.js

See the full diff

Package name: strider-gitlab

The new version differs by 74 commits.

• 916d3f5 chore(release): 1.3.0
• 5c98840 chore: add release script
• 433b279 fix: default to 1 page if unknown
• 8899ff8 fix(package): update superagent to version 3.6.0 (many ui updates to the dashboard Strider-CD/strider#99)
• 990a5cc chore(package): update nock to version 10.0.0 (Dockerfile Strider-CD/strider#108)
• 7c3da7a fix(package): update async to version 2.6.0 (new plugin: strider-phantomjs Strider-CD/strider#111)
• f7f8d61 feat: Tag push support (revamping the build status page Strider-CD/strider#110)
• 6266046 v1.2.7
• 4268b2c fix: webhook endpoint
• 0b482bb chore(package): update mocha to version 3.5.3 (can't view first test run Strider-CD/strider#104)
• 321f7aa chore: pin eslint to 4.13.0 (template inception Strider-CD/strider#102)
• 24f5e53 docs: add note about v3 only see badges == awesome! Strider-CD/strider#100
• ce16fbd chore(package): update eslint to version 4.1.0 (adding status icons Strider-CD/strider#97)
• 5211d74 chore(package): update mocha to version 3.3.0 (more robust server Strider-CD/strider#94)
• 6b83be4 Fix lint
• 7987480 Safeguard against invalid payload content
• dbfb3d4 Clean up logging
• 083e3c0 Update dependencies
• 79610e8 'use strict';
• 6789662 Fix tests
• f401183 docs(readme): add Greenkeeper badge
• bd512c8 chore(package): update dependencies
• ad92d3c Cleanup
• 39ea86a Cleanup

See the full diff

Package name: strider-heroku

The new version differs by 41 commits.

• 2b3ef5f chore(release): 0.2.0
• 18a00ee fix: update to use latest heroku apis
• 1a4fb2c fix: handle superagent errors correctly
• fd26365 docs: update readme
• 202c805 docs: update readme
• 970dc37 chore: add release script
• cab6f37 fix: update deps and linting, Drop Node < 10
• 1cab3de v0.1.3
• fe7fb79 fix: add accept header
• dcc3128 Enable Travis
• 9c53def Rename Readme.md to README.md
• 6c023f1 Angular controller cleanup
• 6107e04 v0.1.2
• f08ccd1 Merge pull request [Snyk] Fix for 1 vulnerabilities #6 from tylermauthe/herokudeploy-config-projectsettingsfix
• 2084aae Merge pull request [Snyk] Security upgrade strider-gitlab from 1.2.5 to 1.3.0 #7 from tylermauthe/herokudeploy-config-reword
• 7539a4d Improve Heroku Deployment documentation.
• 0e8a8e6 Stop user HerokuController from clobbering config
• 657d933 make the required config more obvious
• 506c737 adding screenshot for readme
• 796357c 0.1.1
• 1b03b7c Update Readme.md
• 5a01425 fix [Snyk] Fix for 1 vulnerabilities #2
• 2642dc6 0.1.0
• 249e64e zap dead code & tests

See the full diff

Package name: strider-simple-runner

The new version differs by 22 commits.

• 8096f49 chore(release): 2.0.0
• 65b07d7 fix: emit a job.errored event when processing job and encountering an error
• 6679280 chore: fix lint to work with prettier
• d69cff0 fix: eslint config typo
• 448a38b chore: add prettier and fix linting a bit
• 0e77886 fix: Drop Old Node, update deps, use yarn
• f5f6b0c fix: upgrade lodash; pending strider dependencies upgrade ([Snyk] Security upgrade strider-gitlab from 1.2.5 to 1.3.0 #41)
• 9779f29 fix: remove node 4 from travis
• 3ae993c chore: Update dependencies
• 6784fcf fix: update deps
• eb2621e chore: remove stale changelog
• 594dd9b chore(release): 1.1.0
• 8b15661 chore: actually add the release script
• 5c1e310 chore: add release script
• 9586d5c feat: Set default CI environment variables ([Snyk] Security upgrade mongoose from 4.7.6 to 5.13.20 #40)
• 051d6b3 v1.0.2
• c459df2 fix: debug keeper error
• bc507cd Add debug to processing job
• 95ff44a v1.0.1
• 6c24008 Simplify
• 2df2063 Fix job state communication on error
• c1003e7 Code cleanup

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)