[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	No	Proof of Concept
	673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• 8d37fe5 chore: release 6.0.4
• 0e79c5c Merge pull request #10633 from AbdelrahmanHafez/prefer-async-await
• 09dae52 docs: remove useNewUrlParser, useUnifiedTopology, some other legacy options from docs
• d278258 Merge pull request #10645 from theonlydaleking/patch-1
• bb7c021 docs(defaults): clarify that `setDefaultsOnInsert` is `true` by default in 6.x
• 36d23ce fix(schema): handle maps of maps
• d21d2b1 test(schema): repro #10644
• 57540aa fix(index.d.ts): allow using `type: [documentDefinition]` when defining a doc array in a schema
• 1a1a2f2 test: repro #10605
• e94d603 fix: avoid setting defaults on insert on a path whose subpath is referenced in the update
• e1d4aa4 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
• 3ee32b1 fix: upgrade mpath -> 0.8.4 re: Security Fix for Prototype Pollution mongoosejs/mpath#13
• 8fc256c fix(schema): throw error if `versionKey` is not a string
• 3401881 chore: update opencollective sponsors
• 0305c3b update TS docs to reflect connect Opts
• 463f2d8 chore: release 6.0.3
• 953131d Merge pull request #10635 from AbdelrahmanHafez/patch-11
• c4b0e86 get rid of co
• d1ffe7c refactor more tests to async/await
• 48badcd refactor more tests to async/await
• 3089342 refactor more tests to async/await
• 72cdab0 refactor more tests to async/await
• ab07251 use await delay instead of yield callback
• 720f0cc refactor more tests to async/await

See the full diff

Package name: socket.io

The new version differs by 91 commits.

• 1af3267 chore(release): 3.0.0
• 02951c4 chore(release): 3.0.0-rc4
• 54bf4a4 feat: emit an Error object upon middleware error
• aa7574f feat: serve msgpack bundle
• 64056d6 docs(examples): update TypeScript example
• cacad70 chore(release): 3.0.0-rc3
• d16c035 refactor: rename ERROR to CONNECT_ERROR
• 5c73733 feat: add support for catch-all listeners
• 129c641 feat: make Socket#join() and Socket#leave() synchronous
• 0d74f29 refactor(typings): export Socket class
• 7603da7 feat: remove prod dependency to socket.io-client
• a81b9f3 docs(examples): add example with TypeScript
• 20ea6bd docs(examples): add example with ES modules
• 0ce5b4c chore(release): 3.0.0-rc2
• 8a5db7f refactor: remove duplicate _sockets map
• 2a05042 refactor: add additional typings
• 91cd255 fix: close clients with no namespace
• 58b66f8 refactor: hide internal methods and properties
• 669592d feat: move binary detection back to the parser
• 2d2a31e chore: publish the wrapper.mjs file
• ebb0575 chore(release): 3.0.0-rc1
• c0d171f test: use the reconnect event of the Manager
• 9c7a48d test: use the complete export name
• 4bd5b23 feat: throw upon reserved event names

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic