[Snyk] Fix for 9 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Configuration Override SNYK-JS-HELMETCSP-469436	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: forever

The new version differs by 25 commits.

• 008766f Add linting (#1053)
• a5b97ae add '--version' to help text (#1041)
• 3c09b6f Update async to 1.x.x (#1052)
• c551947 Update async (#1051)
• dda79a6 Update dependencies (#1050)
• 70259bc Drop support for Node < 6 (#1049)
• 8b41d16 Bump version in package-lock.json
• 2f6d4e0 Only publish necessary files
• 067c758 Bump version to 1.0.1, update changelog
• bce5991 Update forever-monitor (#1047)
• 0ef5100 Fix CI (#1048)
• e10127d Add information about the fact that no output is appended to the logs after forever stop/stopall is called (#1015)
• 8a5e12c Add list of supported columns (#1029)
• eabc5ef Replace travis with circleci (#1030)
• 0f60947 Update changelog for 1.0.0
• 936af1f [dist] Version bump. 1.0.0
• 28689b5 [dist] Version bump. 0.15.4
• ad1df0c [dist] Add package-lock.json
• e2e4970 [doc] Update contributors.
• a11d6f9 Update utile to get rid of security warning (#1022)
• 01fb537 Propagate error when failing to create directories on startup (#1017)
• 6ff9344 Remove dependency on timespan (#1014)
• 1580152 [fix] use fs.unlinkSync (#979)
• c78e3df Add example for referencing -l -o and -e parameters from within a JSON config file (#869)

See the full diff

Package name: helmet

The new version differs by 163 commits.

• 5d964d4 3.21.1
• 1e9b8ea Update changelog for 3.21.1 release
• 86f1f59 Update helmet-csp to 2.9.2
• 76ca5bd Update Standard devDependency to latest version
• 0dad3c2 3.21.0
• 33cfd10 Update changelog for 3.21.0 release
• 349117f Update helmet-csp to 2.9.1
• 03d4fa6 Update x-xss-protection from 1.2.0 to 1.3.0
• 3b9d0e8 Update devDependencies to latest versions
• 80fe85f Remove old HISTORY.md
• e3ea074 Use sinon's default sandbox feature
• 968fabd 3.20.1
• d588453 Update changelog for 3.20.1 release
• a5a9679 Update Sinon and Standard to latest versions
• 844739c Update helmet-csp to v2.9.0
• b2a3700 3.20.0
• 87d7323 Update changelog for 3.20.0 release
• a711731 Update Mocha and Standard to latest versions
• 6aab72d Update helmet-csp to 2.8.0
• ac46aaf Minor: in changelog, change "updated" header in under 3.19.0
• 17707ae 3.19.0
• ca34982 Update changelog for 3.19.0 release
• 06d5bde Update all remaining outdated dependencies
• 91e071c Update helmet-crossdomain from 0.3.0 to 0.4.0

See the full diff

Package name: mongodb

The new version differs by 250 commits.

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• ffbe90b chore(travis): run sharded tests in travis as well
• 9bef6e7 feat(core): update to mongodb-core v3.1.11
• e4bb39e chore(release): 3.1.11
• 76c0130 chore(core): bump version of mongodb-core
• a3adb3f fix(bulk): fix error propagation in empty bulk.execute
• ec0e30e doc(change-streams): correct typo, add missing example
• 10ea992 chore(package): update lock file
• fcb3ec1 test(sharded): reduce some sharded errors
• d4eae97 test(sessions): undo hack for apm events in sessions tests
• 0eaca21 test(sessions): fixing broken session test
• 6790a74 test(sharding): fixing old sharding tests
• 98f0c68 test(sharded): fixing sharded operation test
• c6a9baa test(sessions): fixing session tests in sharded env
• 985f0e9 test(drop): fixing drop assertions for sharded tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic