Bump pouchdb version

[vdamle]

older version uses a vulnerable version of node-fetch

Output of npm list node-fetch when using truffle:5.5.17 (also checked that the vulnerable version is included in 5.5.18 as well:

| `-- truffle@5.5.17
|   `-- @truffle/db@1.0.10
|     +-- apollo-server@3.8.2
|     | `-- apollo-server-core@3.8.2
|     |   `-- apollo-server-env@4.2.1
|     |     `-- node-fetch@2.6.7  deduped
|     +-- pouchdb@7.2.2
|     | `-- node-fetch@2.6.0               >>>> This is the vulnerable version, updating to `pouchdb:7.3.0` pulls the updated package
|     `-- pouchdb-find@7.3.0
|       `-- pouchdb-fetch@7.3.0
|         `-- node-fetch@2.6.7  deduped

ref: pouchdb/pouchdb#8448

[eggplantzzz]

Thanks for the bump @vdamle!

[haltman-at]

Hey @vdamle, your PR is failing the yarncheck job. (It checks that yarn.lock is appropriately up to date.) Could you run yarn on your fork, commit the changes, and push them? Thank you! (Note you can use yarn --ignore-scripts if you want to skip the slow part, which is building Truffle.)

[vdamle]

Thank you for catching that @haltman-at . I didn't follow up on the build status. I've pushed the yarn lock as well now.

[haltman-at]

Great, thanks for this! (Now can we get a second reviewer on this? :) )

[sukanyaparashar]

Looks good to me ! Thanks for this @vdamle .

[wbt]

Thanks for taking care of this update!
Any chance of getting a release out which includes this?

[gnidan]

Thanks for taking care of this update!
Any chance of getting a release out which includes this?

We should have this week's release out either tomorrow or Friday!

[cds-amal]

Hey @wbt, how are you using pouchdb? Is it related to truffle db?

[wbt]

I don't think I'm actually using it at all, except for the time-wasting dive into the npm audit failures reported from this vulnerability. I'm hoping that simply updating to use a release with this patch will fix that.