[Snyk] Fix for 11 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Improper Privilege Management SNYK-JS-SHELLJS-2332187	No	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal ([Snyk] Security upgrade shelljs from 0.7.8 to 0.8.5 #163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` ([Snyk] Security upgrade mongoose from 4.4.20 to 5.12.3 #160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support ("mean" install and list command gives error message. #140)
• dbae68d Update dependent package count in the readme ([Snyk] Fix for 1 vulnerabilities #154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (Add information about GNU Patch #142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (TAG:0.5.x Package not found. #129)
• 835ca3d You've just reached 10,000 dependent modules. (Styles compliant templates #122)
• 74c087d minor doc improvements (Added .gitattributes to fix line ending issues #120)

See the full diff

Package name: inquirer

The new version differs by 67 commits.

• 68fcbcb 3.2.0
• e16575c Bump dependencies
• 3f2c74b fix(package): update chalk to version 2.0.0
• 2e9eb3e Allow non-string values as a list default option (#558)
• 5dbd186 [fix] #293 Exit script when SIGINT signal received (#564)
• 625965e Fixed typo (#563)
• babdfb2 Add Plugins Section to README.md (#559)
• 810c138 fix(package): update strip-ansi to version 4.0.0
• 13d3100 3.1.1
• 60b27f0 Setup coverage in codacy
• 62fde13 Bump dev dependencies
• 3f465b4 Move eslint configs to own file (easier to integrate in third party)
• 948f8dc Keep password prompt silenced after error - Fix #553 #546
• 11f5854 chore(package): update sinon to version 2.3.4 (#550)
• e612cc5 3.1.0
• 148cb71 Update eslint-config-xo-space to the latest version 🚀 (#516)
• 3b93dd5 call chalk.reset() after message prompt (#544)
• 3ff39a6 chore(package): update chai to version 4.0.1 (#541)
• 76f1bfe upgrade external-editor to 2.0.4 (#535)
• da4eceb pass current answers hash to filter (#533)
• f99b398 Use rx-lite-aggregates instead of full rx (#532)
• 20119a2 fix(package): update ansi-escapes to version 2.0.0 (#527)
• e294e16 Update validate fn param docs (#526)
• 5b3a4a2 Add masked password example

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• ca7996b chore: release 5.13.15
• e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
• a1144dc test: run node 7 tests with upgraded npm re: #12297
• dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
• b9e985c test: more strict @ types/node version
• 4d813fa test: fix @ types/node version in tests re: #12297
• 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
• 5eb11dd made function non async
• 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
• a2ec28d Merge pull request #11366 from laissonsilveira/5.x
• 05ce577 Fix broken link from findandmodify method deprecation
• d2b846f chore: release 5.13.14
• 69c1f6c docs(models): fix up nModified example for 5.x
• 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
• a738440 chore: release 5.13.13
• 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
• c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
• ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
• d205c4d make value optional
• c6fd7f7 Fix ts types for query set
• 22e9b3b [gh-10902 v5] Add node major version to utils
• 5468642 [gh-10902 v5] Emit end event in before close
• 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
• b7ebeec Update mongodb driver to 3.7.3

See the full diff

Package name: shelljs

The new version differs by 71 commits.

• 70668a4 0.8.5
• d919d22 fix(exec): lockdown file permissions (#1060)
• fcf1651 0.8.4
• a1111ee Silence potentially upcoming circular dependency warning (#973)
• d4d1317 0.8.3
• db317bf Add test case for sed on empty file (#904)
• 0d5ecb6 docs(changelog): updated by Nate Fischer [ci skip]
• 6b3c7b1 refactor: don't expose tempdir in common.state (#903)
• 4bd22e7 chore(ci): fix codecov on travis (#897)
• 2b3b781 fix: silent exec (#892)
• 37acb86 chore(npm): add ci-or-install script (#896)
• 4e861db chore(appveyor): run entire test matrix (#886)
• d079515 docs: remove gitter badge (#880)
• 4113a72 grep includes the i flag (#876)
• 8dae55f Fix(which): match only executable files (#874)
• 6d66a1a chore: rename some tests (#871)
• 131b88f Fix cp from readonly source (#870)
• 1dd437e fix(mocks): fix conflict between mocks and skip (#863)
• 72ff790 chore: bump dev dependencies and add package-lock (#864)
• 93bbf68 Prevent require-ing bin/shjs (#848)
• aa9d443 chore: output npm version in travis (#850)
• 4733a32 chore(appveyor): do not use latest npm (#847)
• dd5551d chore: update shelljs-release version (#846)
• 97a4df8 docs(changelog): updated by Nate Fischer [ci skip]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn