[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Memory Exposure npm:ws:20160104	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20160624	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Insecure Randomness npm:ws:20160920	No	No Known Exploit
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 120 commits.

• 5e6dc77 update changelog
• e9c6ddd 7.4.1
• adcfd6a bump ms to v2 due a ReDoS vuln (#352)
• 6755049 Update changelog
• b0e443c 7.4.0
• 07a47a3 Merge pull request #328 from ziluvatar/npb-exp-iat-docs-numeric-date
• 659f731 Add docs about numeric date fields
• 2ec4960 Merge pull request #320 from ziluvatar/make-options-optional-on-async-call
• e202c4f Make Options object optional for callback-ish sign
• 636fbd0 Update changelog
• 94007b3 7.3.0
• 1b0592e Add more information to `maxAge` option in README
• 8fdc150 Allow user to specify now. (#274)
• 7f68fe0 Raise jws.decode error to avoid confusion with "invalid token" error (#294)
• a542403 Fixed a simple typo (#287)
• 1b6ec8d Fix handling non string tokens (#305)
• 35d8415 rauchg/ms.js changed to zeit/ms (#303)
• 05d9978 update changelog
• 8da893a 7.2.1
• 4219c34 add nsp check to find vulnerabilities on npm test
• 51d4796 revert to joi@^6 to keep ES5 compatibility
• 445cab7 update changelog
• e35bcdc Merge pull request #243 from rmharrison/patch-1
• 3a8b2b6 7.2.0

See the full diff

Package name: mongodb

The new version differs by 250 commits.

• c6f417e chore(release): 3.1.13
• 210c71d fix(db_ops): ensure we async resolve errors in createCollection
• 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
• e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
• 050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
• 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
• cb3cd12 chore(release): 3.1.12
• 508d685 Revert "chore(release): 3.2.0"
• e7619aa chore(release): 3.2.0
• d0dc228 chore(travis): include forgotten stage info for sharded builds
• ffbe90b chore(travis): run sharded tests in travis as well
• 9bef6e7 feat(core): update to mongodb-core v3.1.11
• e4bb39e chore(release): 3.1.11
• 76c0130 chore(core): bump version of mongodb-core
• a3adb3f fix(bulk): fix error propagation in empty bulk.execute
• ec0e30e doc(change-streams): correct typo, add missing example
• 10ea992 chore(package): update lock file
• fcb3ec1 test(sharded): reduce some sharded errors
• d4eae97 test(sessions): undo hack for apm events in sessions tests
• 0eaca21 test(sessions): fixing broken session test
• 6790a74 test(sharding): fixing old sharding tests
• 98f0c68 test(sharded): fixing sharded operation test
• c6a9baa test(sessions): fixing session tests in sharded env
• 985f0e9 test(drop): fixing drop assertions for sharded tests

See the full diff

Package name: monument

The new version differs by 14 commits.

• 14b68ac 2.2.1
• 2ed51e0 Merge pull request #185 from ansble/la-fleche-wallone-2.2.x
• 768b76d Merge branch 'master' into la-fleche-wallone-2.2.x
• 3f31a72 Upgrades the version of ws in use
• e60c0ae Merge pull request #177 from ansble/release/la-fleche-wallone
• c57c245 2.2.0
• 20573d1 Merge pull request #159 from ansble/la-fleche-wallone-2.2.x
• ee30089 prepping for the release
• 87490a7 Merge pull request #176 from ansble/feature/docs
• 5b32fe6 Closes #172 and gets documentation ready for the release of 2.2.0
• be3a560 Merge pull request #175 from ansble/bug/typos-readme
• 28c6c45 Updates typos and heading inconsistency
• 3dc1d5b added gitter badge
• 768ca5f some changed to code climate and another badge

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 Denial of Service (DoS)