[Snyk] Fix for 8 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-MONGOOSE-472486	Yes	No Known Exploit
	661/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.8	Arbitrary Code Injection SNYK-JS-MORGAN-72579	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jade

The new version differs by 71 commits.

• 53cec74 Merge pull request #1746 from rlidwka/text-block-stuff
• d451082 Fix empty text-only block case
• 1870f47 Merge pull request #1734 from jadejs/date-warn-all
• a5dbbb1 Warn about future change to ISO 8601 style dates
• 87554b3 Merge pull request #1736 from skylerzhang/master
• 28cf735 Merge pull request #1735 from jadejs/ampersand-warn
• f4cf1e3 Add warning if a data attribute value contains ampersand(s)
• 5598487 Merge pull request #1725 from TimothyGu/contrib
• ce563fd Merge pull request #1726 from TimothyGu/pretty
• 28007f1 Merge pull request #1729 from TimothyGu/less
• acada93 Pin to less <2.0.0
• 8fb4272 Better `pretty` documentation
• a85c86f layout: Add "contributed by many others"
• d8dd7ee layout: Remove commented out cruft
• 6181f5d Update Readme_zh-cn.md
• 77b2caa Merge pull request #1716 from TimothyGu/globals-doc
• abca356 Document `globals` option
• 2314090 Merge pull request #1703 from chharvey/master
• 0d87396 Merge pull request #1663 from bfred-it/master
• f2d9266 Merge pull request #1708 from TimothyGu/master
• 45f8f6f Fix link to Travis CI and GitHub repo
• e236e1a Merge pull request #1704 from jadejs/object-classes
• 138e255 Document the object form of `class` and `style` attributes
• 8e85b96 Add support for an object in the style attribute

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 07946be chore: release v5.13.9
• 264554f fix: upgrade to mpath v0.8.4 re: security issue
• fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
• 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
• 1dc9b45 style: fix lint
• 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
• b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
• 2a3399e docs: another layout fix for 5.x docs
• 5bf3c29 chore: update makefile again
• 191678c chore: update makefile re: #10607
• 776fae9 docs: fix up 5.x docs navbar
• a803885 test(typescript): add coverage for #10590
• bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
• cb1e787 chore: release 5.13.8
• 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
• 6122f4b docs(api): add `Document#$where` to API docs
• 2871c1b style: fix lint
• 8d00f62 Merge pull request #10587 from osmanakol/master
• 57e729b allow QueryOptions populate parameter use PopulateOptions
• 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
• e90aab1 docs(History): make a note about #10555
• fca0627 style: fix lint
• 6b92599 fix(populate): handle populating subdoc array virtual with sort
• 283d43f test(populate): repro #10552

See the full diff

Package name: morgan

The new version differs by 202 commits.

• 572dd93 1.9.1
• e02de38 lint: apply standard 12 style
• e329663 Fix using special characters in format
• eb1968a tests: use strict equality checks
• 310b206 build: use yaml eslint configuration
• 5810937 build: Node.js@9.11
• f60afd5 build: Node.js@8.11
• 5295b0c build: eslint-plugin-standard@3.1.0
• 178daaf build: eslint-plugin-promise@3.8.0
• 7b08641 build: eslint-plugin-import@2.12.0
• 73cb666 build: eslint@4.19.1
• edc95aa build: Node.js@6.14
• ace86c3 build: Node.js@4.9
• 4dd1180 lint: apply standard 11 style
• 60c31e8 build: Node.js@9.8
• 05e382f build: Node.js@8.10
• 1a5be20 build: Node.js@6.13
• cf9565f docs: remove gratipay badge
• b66251d build: eslint-plugin-node@5.2.0
• 0113732 build: eslint-plugin-import@2.8.0
• 47659a9 deps: depd@~1.1.2
• 695f659 build: support Node.js 9.x
• f4c51e9 build: Node.js@8.9
• 4f15f36 build: Node.js@6.12

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic