[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept
	544/1000 Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	651/1000 Why? Recently disclosed, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	No Known Exploit
	801/1000 Why? Mature exploit, Has a fix available, CVSS 8.3	Prototype Pollution SNYK-JS-TYPEORM-590152	No	Mature
	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths #240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix add qs, just to see what it'll do #2
• 829f395 version bump
• db49535 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue Test #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #232 from RomanBurunkov/master
• 05004b7 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path #230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths #222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• d7fc59c chore: release 5.11.7
• d318339 fix(index.d.ts): make `Document#id` optional so types that use `id` can use `Model<IMyType & Document>`
• a9b317a chore: upgrade mquery -> 3.2.3
• 43f88db fix(document): ensure calling `get()` with empty string returns undefined for mongoose-plugin-autoinc
• 369efe1 Merge pull request #9692 from sahasayan/patch-4
• f879c4d chore: update opencollective sponsors
• 1be4d87 fix(model): set `isNew` to false for documents that were successfully inserted by `insertMany` with `ordered = false` when an error occurred
• b2da840 test(model): repro #9677
• 15d6660 fix(index.d.ts): add missing Aggregate#skip() & Aggregate#limit()
• dd348b1 chore: release 5.11.6
• 3ec01fa fix(index.d.ts): allow calling `mongoose.model()` and `Connection#model()` with model as generic param
• ccfa041 Merge pull request #9686 from cjroebuck/patch-1
• 7a52e45 Merge pull request #9685 from sahasayan/patch-3
• a5c98c2 Allow array of validators in SchemaTypeOptions
• 48907ea fix(index.d.ts): allow 2 generic types in mongoose.model function
• a17a2c3 Merge pull request #9683 from isengartz/master
• 61595f0 fix(index.d.ts): allow passing ObjectId properties as strings to `create()` and `findOneAndReplace()`
• 8e20ee6 optional next() parameter for post middleware
• 8a52485 Merge pull request #9680 from orgads/aggregate
• 1ef8274 fix(middleware): ensure sync errors in pre hooks always bubble up to the calling code
• 067e3a2 fix(index.d.ts): Fix return type of Model#aggregate()
• 0e2058d chore: release 5.11.5
• 6d9fb4d fix(index.d.ts): add missing `SchemaTypeOpts` and `ConnectionOptions` aliases for backwards compat
• a85adb9 test: fix tests re: #9669

See the full diff

Package name: tap

The new version differs by 11 commits.

• 7a20037 12.0.2
• cf95e01 bump nyc and standard
• 7f54124 Bump deps for security and bugfixes
• f323cdc 12.0.1
• 6745ecf fix test regression in node <10
• 39f73f9 docs(coverage): browser launching details
• 3336514 Fix interse typo in asserts docs
• c1070a7 Add twing to the 100 club
• 51ae4f2 Do not run coverage report if ended with a signal
• d5f7b12 12.0.0
• 5de8801 Update tsame and tmatch, resolve request security vuln

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic