[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mosca

The new version differs by 159 commits.

• 229e407 Bumped v2.5.1
• 45303eb Merge pull request #643 from jyotman/remove-moment
• 4240bed remove moment as a dependency
• 26233af Bumped v2.5.0.
• 19b6d25 Merge pull request #642 from btsimonh/btsimonh-qos-2-mk2
• 32f0714 fix onQos2publish code & update comments
• f06c665 fix QoS2 'disconnect' test
• 79fb720 fix testing typo
• 9a7e3ec change qos2puback option to a string called onQoS2publish, which is initially 'noack', and can optionally be 'disconnect' or 'dropToQoS1'
• fe294f1 Add option 'qos2Puback' - if set to true, will modify published messages to QOS-1, resulting in a puback message.
• c4303c5 Merge pull request #638 from btsimonh/btsimonh-unauthpub
• 880c82e commit just to kick travis again. why did it fail?
• 063d811 update an example for authorizePublish and authorizeSubscribe
• 99d7e06 Add tests for authorizePublish passing 'ignore' and false
• 56f5996 change 'suppress' to 'ignore'.
• a4119f3 Allow published messages on an unauthorised publish topic to be pubacked rather than disconnected,
• a0d5622 Merge pull request #636 from jyotman/fix-markdown
• d050f42 fix markdown heading format in README.md
• 66da629 Bumped v2.4.0.
• 471ed1b Merge pull request #615 from hicaro/master
• 28300b8 Merge pull request #633 from gillchristian/patch-1
• a2544b4 Update README.md
• 697dffd Bumped v2.3.0
• f1c814a Merge pull request #606 from namgk/master

See the full diff

Package name: tingodb

The new version differs by 20 commits.

• 6a1db6a Missinge changes
• 88a6a62 Add node 4.0 to test mattrix
• fcae652 Add db.openCalled for mongodb compat [Snyk] Fix for 2 vulnerabilities #32
• 1a64a46 Do not treat linux hidden files as collection #68
• 83fc17d Fixing compactination issue on windows [Snyk] Security upgrade shelljs from 0.7.1 to 0.8.5 #38
• 828252e Fixing #regexp with dot escaping and doule quotes inside #84
• 71bb882 Merge pull request #83 from frederik/master
• deb4a32 Fixing $regex search in arrary #73
• b2c1399 Version up
• 93ffd80 Fix integrity test on node 0.8
• 745cfc1 Check issue with 0.8
• 591c6ed Prepeare for lodash 3
• 31c1b3e Integrity test is only for tingodb
• 3ce70b4 Merge branch 'master' of github.com:sergeyksv/tingodb
• 9552914 Get rid of async in favor of safe
• 98a3452 Mention compactCollection, compactDatabase function
• 0293de3 Make compact function publicly accessible
• a992130 Add functionality for automatic data restore on truncated collection file
• a1e6806 added reference to gh issue
• 929b33d test to reproduce issue with escaped dots in tingodb (mongodb works)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Directory Traversal