[Snyk-dev] Fix for 3 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit

Commit messages

Package name: body-parser

The new version differs by 221 commits.

• 0f1bed0 1.17.1
• 0532096 lint: remove unreachable code branches
• b34aab5 build: eslint-config-standard@7.0.0
• 77b1ca1 build: eslint-plugin-markdown@1.0.0-beta.4
• e51dbc5 deps: qs@6.4.0
• 79bc939 1.17.0
• e6140e1 build: Node.js@7.7
• 42f467d deps: qs@6.3.1
• 4954aec build: test against Node.js 8.x nightly
• e2050df build: Node.js@7.6
• 2f941c4 build: Node.js@6.10
• 6549617 build: Node.js@4.8
• d1c2c7f deps: http-errors@~1.6.1
• e7b86ba build: eslint@3.16.1
• 7b630f7 1.16.1
• de574bf build: eslint@3.15.0
• 889bcc9 build: Node.js@7.5
• dba8ac4 deps: debug@2.6.1
• 95a3ebb docs: fix history file with incorrect qs version
• c5a73d5 1.16.0
• 9744dda deps: qs@6.3.0
• 7807757 deps: debug@2.6.0
• 0e44768 lint: use standard style in the README
• 14952be build: eslint-config-standard@6.2.1

See the full diff

Package name: express

The new version differs by 250 commits.

• ea3d605 4.15.5
• 40435ec deps: serve-static@1.12.6
• 7137bf5 deps: send@0.15.6
• bd1672f deps: finalhandler@~1.0.6
• 9395db4 deps: debug@2.6.9
• 19a2eeb tests: check render error without engine-specific message
• d7da225 build: should@13.1.0
• 961dbff deps: serve-static@1.12.5
• 9e0fa7f deps: send@0.15.5
• 9e067ad deps: fresh@0.5.2
• de5fb62 deps: update example dependencies
• b208b24 build: should@13.0.1
• 78e5510 build: mocha@3.5.3
• 48817a7 build: remove minor pin for nightly
• a4bd437 4.15.4
• a50f109 deps: serve-static@1.12.4
• e2d725e deps: send@0.15.4
• e006622 lint: remove all unused varaibles
• 44881fa docs: update collaborator guide for lint script
• 1dbaae5 deps: update example dependencies
• 56e90e3 lint: add eslint rules that cover editorconfig
• 713d2ae tests: fix incorrect should usage
• e0aa8bf build: mocha@3.5.0
• 85770a7 deps: finalhandler@~1.0.4

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• c86ef79 chore: release 4.11.14
• 0165e5f chore: bump lockfile and add back nsp re: #5658
• 07e62be fix(populate): automatically select() populated()-ed fields
• cc6e489 test(populate): repro #5669
• 4be7d79 chore: remove nsp for now
• 5ab6726 chore: run nsp after test
• 2b4435d Merge pull request #5679 from hairyhenderson/add-nsp-check-in-ci
• bf6ef00 Merge pull request #5675 from jonathanprl/patch-1
• 5332ab6 chore: use ~
• 48ca046 Adding nsp check to the CI build
• f9e0525 fix(connection): make force close work as expected
• 0e5fc39 test(connection): repro #5664
• e8f0055 Update mquery dependency
• 4875dbe fix(model): make `init()` public and return a promise that resolves when indexes are done building
• 3f17393 fix(document): treat $elemMatch as inclusive projection
• a7a5621 test(document): repro #5661
• c79d48e docs(model/query): clarify which functions fire which middleware
• 635f07f chore: now working on 4.11.14
• cc32e59 Merge branch 'master' of github.com:Automattic/mongoose
• 96e06b7 chore: release 4.11.13
• cc52ec0 Merge pull request #5665 from sime1/master
• ab9ba7c test: add coverage for #5656
• 52ed14f Merge pull request #5656 from zipp3r/master
• a872591 fix(query): avoid throwing cast error for strict: throw with nested id in query

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s ([Snyk] Fix for 33 vulnerable dependency paths #89)
• b83b36d chore(package): update eslint to version 3.19.0 ([Snyk] Fix for 33 vulnerable dependency paths #88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 ([Snyk] Fix for 33 vulnerable dependency paths #86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 ([Snyk] Fix for 33 vulnerable dependency paths #85)
• bd49cec chore(package): update xo to version 0.18.0 ([Snyk] Fix for 33 vulnerable dependency paths #84)
• d4a94b1 chore(package): update serve to version 5.0.3 (feat: added support for CloudFoundry #83)
• 923eee1 chore(package): update serve to version 5.0.2 ([Snyk Update] New fixes for 2 vulnerable dependency paths #82)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic