[Snyk] Fix for 6 vulnerabilities #7

snyk-bot · 2021-09-02T19:10:24Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Yes	Proof of Concept
673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
796/1000 Why? Mature exploit, Has a fix available, CVSS 8.2	Uninitialized Memory Exposure npm:https-proxy-agent:20180402	Yes	Mature
576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @slack/client

The new version differs by 209 commits.

5f8abc9 v4.3.1
3c8789a Merge pull request #578 from aoberoi/keepalive-inconsistency-issues
265aa97 upgrade ws, stop monitoring on recommend reconnect
5b4f91b add some logging
af9b713 improve jsdoc with argument descriptions (linter complained)
22dfc6f recommendReconnect is not optional
1f49016 KeepAlive: adds handling for cases when monitoring may be stopped before the
008402b Merge pull request #574 from slackapi/rel-v4.3.0
4b50d20 v4.3.0
24488bb Merge pull request #573 from ggruiz/master
f10a0f8 remove 'only'
623c003 make test for platform errors better
d8ab1ab catch errors on platform
8d8a115 Merge pull request #570 from ggruiz/master
51c0074 add log testing
7086db2 fix line length for lint
983f42f Merge branch 'coverage/webclient-rate-limit-test'
97e2456 Merge pull request #567 from christophehurpeau/patch-1
a920440 modifies rate limit handling functionality, adds tests for it
2cbf2ea Merge pull request #568 from ggruiz/master
c3b5ae8 add CursorPaginationEnabled
28b96e7 add apps.permissions.resources.list, apps.permissions.scopes.list [#565]
a91d397 RTMClient.start options is optional
deafed7 Merge pull request #562 from eletype/export-incoming-webhook-result

Package name: mongoose

The new version differs by 250 commits.

8d37fe5 chore: release 6.0.4
0e79c5c Merge pull request #10633 from AbdelrahmanHafez/prefer-async-await
09dae52 docs: remove useNewUrlParser, useUnifiedTopology, some other legacy options from docs
d278258 Merge pull request #10645 from theonlydaleking/patch-1
bb7c021 docs(defaults): clarify that `setDefaultsOnInsert` is `true` by default in 6.x
36d23ce fix(schema): handle maps of maps
d21d2b1 test(schema): repro #10644
57540aa fix(index.d.ts): allow using `type: [documentDefinition]` when defining a doc array in a schema
1a1a2f2 test: repro #10605
e94d603 fix: avoid setting defaults on insert on a path whose subpath is referenced in the update
e1d4aa4 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
3ee32b1 fix: upgrade mpath -> 0.8.4 re: Security Fix for Prototype Pollution mongoosejs/mpath#13
8fc256c fix(schema): throw error if `versionKey` is not a string
3401881 chore: update opencollective sponsors
0305c3b update TS docs to reflect connect Opts
463f2d8 chore: release 6.0.3
953131d Merge pull request #10635 from AbdelrahmanHafez/patch-11
c4b0e86 get rid of co
d1ffe7c refactor more tests to async/await
48badcd refactor more tests to async/await
3089342 refactor more tests to async/await
72cdab0 refactor more tests to async/await
ab07251 use await delay instead of yield callback
720f0cc refactor more tests to async/await