[Snyk] Fix for 12 vulnerabilities

[smarkussen19]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	786/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-eslint

The new version differs by 13 commits.

• 4bd049e 10.1.0
• 2c754a8 Update Babel to ^7.7.0 and enable Flow enums parsing ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#812)
• 183d13e 10.0.3
• 354953d fix: require eslint dependencies from eslint base ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#794)
• 48f6d78 10.0.2
• 0241b48 removed unused file reference ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#773)
• 4cf0a21 10.0.1
• 98c1f13 Revert [Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#584 ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#697)
• 8f78e28 10.0.0
• 717fba7 test value should be switched
• 020d012 Treat type alias declarationlike function declaration ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#584)
• b400cb1 Test eslint5, update peerDep ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.7 snyk-fixtures/npm-lockfiles#690)
• c333bd6 Drop old monkeypatching behavior ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#689)

See the full diff

Package name: css

The new version differs by 4 commits.

• 838d071 Bump major version since we updated major version deps and bumped the node version by a mile
• c0aa45c Update/remove dependencies ([Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #140)
• 64910e8 2.2.4
• 042922e Upgrade dependencies ([Snyk] Security upgrade tap from 5.8.0 to 16.0.0 #115)

See the full diff

Package name: expand-brackets

The new version differs by 18 commits.

• 1a70cc2 4.0.0
• af96dc5 Update changelog [skip ci]
• c7ea1c3 Update Readme [skip ci]
• 354cfbf Use let, const
• 13e0d90 Update dev dependencies
• f5a833e Remove extend-shallow
• fb74412 Drop support for node <4
• 914cfb2 Update snapdragon to 0.12 ([Snyk] Security upgrade adm-zip from 0.4.7 to 0.5.2 #10)
• 39b83e3 Update Readme
• 58f2f1f 3.0.0
• 3060a56 Revert "Fix appveyor link"
• 232670e Fix appveyor link
• 7e996fb Update Readme
• 7c0bdfc Remove debug
• c204656 Merge pull request [Snyk] Fix for 9 vulnerabilities #9 from danez/update-snapdragon
• 8219034 Update snapdragon to 0.11
• cc56339 Merge pull request [Snyk] Fix for 1 vulnerabilities #7 from mjbvz/patch-1
• ae88242 Update Repository Urls

See the full diff

Package name: extglob

The new version differs by 7 commits.

• 0daa3ed 3.0.0
• dedd109 Merge pull request [Snyk] Fix for 25 vulnerabilities #12 from micromatch/snap-11
• e90b000 Use let/const
• ff338f9 Fix linting
• 8fdd4e2 Drop support for node <4
• 841c540 Update dependencies
• ed10fb2 Update snapdragon to 0.11

See the full diff

Package name: mongodb-extended-json

The new version differs by 15 commits.

• 51d6644 1.11.1
• 7872203 fix: prefer _bsontype over constructor.name in DBRef serializer ([Snyk] Security upgrade babel-eslint from 9.0.0 to 10.1.0 #152)
• 7b1cd35 build(deps-dev): bump mongodb-js-precommit from 2.2.0 to 2.2.1 ([Snyk] Security upgrade mongoose from 4.2.4 to 5.13.20 #104)
• 1a02262 build(deps-dev): bump mongodb-js-precommit from 0.2.9 to 2.2.0 ([Snyk] Fix for 2 vulnerabilities #103)
• 6ae4046 1.11.0
• f3d1c18 build(deps-dev): bump mocha from 7.0.0 to 7.0.1 ([Snyk] Fix for 1 vulnerabilities #102)
• 3366df4 build(deps): bump async from 3.1.0 to 3.1.1 ([Snyk] Fix for 1 vulnerabilities #101)
• cbadf43 chore(security): npm audit fix
• 9d446bd build(deps): bump moment from 2.22.2 to 2.24.0 ([Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #96)
• 59c569f Bump mocha from 3.2.0 to 7.0.0 ([Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #100)
• 4c5b008 build(deps): bump async from 2.6.1 to 3.1.0 ([Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #98)
• 28981c0 build(deps): bump debug from 2.6.9 to 4.1.1 ([Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #99)
• 5e7020a build(deps-dev): bump eslint-config-mongodb-js from 2.3.0 to 5.0.3 ([Snyk] Fix for 1 vulnerabilities #97)
• 4b240d1 1.10.2
• 6186f8a COMPASS-3836: Handle Binary properly across BSON versions

See the full diff

Package name: request-promise-native

The new version differs by 23 commits.

• 578970f Version 1.0.9
• 8388f42 chore: bumped request-promise-core due to security vulnerability of lodash
• f53ac09 docs: reference to request deprecation and alternative libs
• 1165c4e Merge pull request [Snyk] Fix for 62 vulnerabilities #58 from shisama/readme-shows-deprecation
• 086632b docs: deprecated as well as request
• 6498be1 Version 1.0.8
• 3e8df67 Merge branch 'master' of https://github.com/request/request-promise-native
• 1592a31 chore: updated request-promise-core that updates lodash
• 171f3b5 Merge pull request [Snyk] Security upgrade react-tooltip from 3.8.1 to 3.8.3 #46 from tbjgolden/docs/clarify-es6-finally
• 239ce46 docs: es6+, finally
• 2ae195a Version 1.0.7
• ecf8621 fix: tough-cookie version
• 7c5f721 chore: updated publish-please config
• 7ad655a Version 1.0.6 (now really)
• 1240b80 fix: updated indirect lodash dependency to fix security vulnerability
• 80947a1 Version 1.0.6
• ad529a3 chore: fix ci build for node v8+
• c2c54c4 Merge pull request [Snyk] Security upgrade hawk from 5.0.0 to 9.0.1 #33 from jasonmit/u/jasonmit/fix-node-6
• 67f7ed2 Merge branch 'master' into u/jasonmit/fix-node-6
• 4633d4c fix: breaking change in tough-cookie v3
• 14aa6ee chore: added node 8 and 10 to ci build
• 9cfcaaa Update package.json
• 049152b fix: target tough-cookie 2.x to preserve node 6 support

See the full diff

Package name: source-map-resolve

The new version differs by 16 commits.

• eeed61b source-map-resolve v0.6.0
• a7444bb Fix files in package.json
• 19ce716 Update copyright years
• 2cf4e93 Actually run test/read.js
• 71e9b9d Move to index.js
• df81125 Get rid of the browser version and inline some dependencies
• 34c23e3 Update npm packages
• b8244f1 source-map-resolve v0.5.3
• 8cb7ab5 Reduce size of npm package
• adbaef1 Remove trailing spaces
• a44979e Update license
• 1a58d53 Update npm packages
• ff057d4 Fix utf8 support for dataUri base64 ([Snyk] Security upgrade ejs from 1.0.0 to 3.1.7 #15)
• 858cd9e source-map-resolve v0.5.2
• dc72273 Remove testling
• 70bc4f5 Update dependencies and add package-lock.json

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Denial of Service (DoS)
🦉 Command Injection
🦉 More lessons are available in Snyk Learn