[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• 43b63ae chore: release 5.7.3
• 06112b0 docs(validation): remove deprecated `isAsync` from validation docs in favor of emphasizing promises
• 7fee719 docs(documents): add overwriting section
• 98b5a73 fix: make CoreMongooseArray#includes() handle `fromIndex` parameter
• 6c91dea style: fix lint
• 9bb4b03 refactor: remove async as a prod dependency
• 3647292 refactor(cursor): remove async.queue() from eachAsync() re: #8073 #5502
• e60db1b refactor(cursor): remove dependency on async.times()
• c5b2355 docs(promises): add note about queries being thenable
• da77b8d Merge pull request #8192 from birdofpreyru/fix-8093-1
• c371500 fix(update): cast right hand side of `$pull` as a query instead of an update for document arrays
• 9d455ad test(update): repro #8166
• 8c98a3a chore: now working on 5.7.3
• 0a33412 fix(populate): handle virtual populate of an embedded discriminator nested path
• b42d0f5 test(populate): repro #8173 #6488
• 1db5982 docs: link to map blog post
• c76e062 Fixes the previous commit
• 1a01713 [#8093] Fixes performance of update validator, and flatten function logic
• dea0b95 chore: release 5.7.2
• fb0bd0d fix(populate): avoid converting mixed paths into arrays if populating an object path under `Mixed`
• bdfce8f docs: add mongoosejs-cli to readme
• e2d191a fix(discriminator): support `tiedValue` parameter for embedded discriminators analagous to top-level discriminators
• d8cc819 test: fix tests
• 952120a fix(query): handle `toConstructor()` with entries-style sort syntax

See the full diff

Package name: winston

The new version differs by 250 commits.

• b47d5d5 3.3.0
• b6bc918 Prepare for v3.3.0
• 9354721 doc: fix whitespace and trailing comma. (#1778)
• 3d07a80 docs: add example of uncaughtRejections logging (#1780)
• df25fa2 fix: change property of handleRejections (#1779)
• 950cbcd Add options to request (#1777)
• 1c75292 Update package-lock.json (#1772)
• e7d13d5 Exclude unnecessary files from npm package (#1768)
• 75f7edf Fix removes a logger when pass undefined transport (#1785)
• 4b571ba This adds Node.js 14 and removes Node.js 8 as: (#1793)
• 73ae01f Update Sentry transport `require` change (#1754)
• 7b67eb0 Fix typo (#1750)
• 1679c49 Fix Issue where winston removes transport on error (#1364) (#1714)
• 0e0cf14 Fix #1690 (#1691)
• 85a250a Node 12 is LTS now
• bea9c34 Update README.md (#1743)
• 319abf1 Add defaultMeta to Logger index.d.ts (#1736)
• c719706 (typo) Missing label import in example (#1733)
• 8944598 Update index.d.ts (#1729)
• 7bb258c Fix `npm` logging levels on README.md (#1737)
• 64744d7 #1567: document common transport options (#1723)
• ae2335b Add Humio transport link to docs (#1705)
• 785bd9e UPDATE levels on readme (http added) (#1650)
• 4f44acb Add PostgresQL transport to list of community transports (#1697)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution