[Snyk] Fix for 4 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	673/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	711/1000 Why? Recently disclosed, Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 250 commits.

• 8d37fe5 chore: release 6.0.4
• 0e79c5c Merge pull request #10633 from AbdelrahmanHafez/prefer-async-await
• 09dae52 docs: remove useNewUrlParser, useUnifiedTopology, some other legacy options from docs
• d278258 Merge pull request #10645 from theonlydaleking/patch-1
• bb7c021 docs(defaults): clarify that `setDefaultsOnInsert` is `true` by default in 6.x
• 36d23ce fix(schema): handle maps of maps
• d21d2b1 test(schema): repro #10644
• 57540aa fix(index.d.ts): allow using `type: [documentDefinition]` when defining a doc array in a schema
• 1a1a2f2 test: repro #10605
• e94d603 fix: avoid setting defaults on insert on a path whose subpath is referenced in the update
• e1d4aa4 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
• 3ee32b1 fix: upgrade mpath -> 0.8.4 re: Security Fix for Prototype Pollution mongoosejs/mpath#13
• 8fc256c fix(schema): throw error if `versionKey` is not a string
• 3401881 chore: update opencollective sponsors
• 0305c3b update TS docs to reflect connect Opts
• 463f2d8 chore: release 6.0.3
• 953131d Merge pull request #10635 from AbdelrahmanHafez/patch-11
• c4b0e86 get rid of co
• d1ffe7c refactor more tests to async/await
• 48badcd refactor more tests to async/await
• 3089342 refactor more tests to async/await
• 72cdab0 refactor more tests to async/await
• ab07251 use await delay instead of yield callback
• 720f0cc refactor more tests to async/await

See the full diff

Package name: node-sass

The new version differs by 180 commits.

• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API
• 1f6df86 Replace lodash/assign in favor of the native Object.assign
• 522828a Remove workarounds for old Node.js versions
• 40e0f00 chore: Remove second NPM badge
• ab91bf6 chore: Remove Slack badge
• 6853a80 chore: Cleanup status badges
• fb1109c chore: Bump minimum engine version to v10
• d185440 chore: Add basic Node version support policy
• db25736 chore: Bump node-gyp to 7.1.0
• 2c5b110 chore: Bump cross-spawn to v7.0.3
• 38b9633 chore: Update Istanbul to NYC
• d63b5bf chore: Bump mocha to v8.1.3
• d0d8865 chore: Skip constructor tests on v14.6+
• ee3984d chore: Hoist test ESLint config
• feee448 chore: Remove disabled and recommended rules

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic