[Snyk] Fix for 7 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-AXIOS-174505	Yes	No Known Exploit
	Prototype Pollution SNYK-JS-MPATH-72672	No	No Known Exploit
	Man-in-the-Middle (MitM) SNYK-JS-YARN-451571	No	Proof of Concept
	Arbitrary File Write SNYK-JS-YARN-537806	No	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-YARN-548869	No	Proof of Concept
	Improper Integrity Checks SNYK-JS-YARN-557182	No	No Known Exploit
	Prototype Pollution npm:hoek:20180212	No	No Known Exploit

Commit messages

Package name: @hmcts/nodejs-logging

The new version differs by 11 commits.

• 771bb21 ROC-3285 Integrate logging with Azure Application Insights (Update ejs to the latest version 🚀 #28)
• 3f757ad ROC-1105: Log tracing IDs on all logger calls (Bump yarn from 1.3.2 to 1.17.3 #24)
• 86beda4 ROC-1105: Add possibility to return origin request id ([Snyk] Fix for 1 vulnerable dependencies #23)
• 417c2bc ROC-1105: Request tracing (Bump js-yaml from 3.10.0 to 3.13.1 #22)
• f8219f8 Setup release from tags ([Snyk] Fix for 1 vulnerable dependencies #21)
• 04ac2c7 Merge pull request An in-range update of express is breaking the build 🚨 #20 from Louisblack/update-moment
• 6970d82 Update yarn.lock with new moment version
• f85c955 Bump version to 1.4.3
• c7e41e1 Update moment to 2.19.3
• 8eb48d8 Merge pull request [Snyk] Fix for 1 vulnerable dependencies #17 from hmcts/greenkeeper/initial
• f1e9dde chore(package): update dependencies

See the full diff

Package name: mongoose

The new version differs by 156 commits.

• 4545d44 chore: release 4.13.17
• fb8b644 fix(document): disallow setting constructor and prototype if strict mode false
• b33d8c2 style: fix lint
• df93f5b chore: release 4.13.16
• a3b98f6 fix(document): disallow setting __proto__ if strict mode false
• a738273 Merge pull request #6928 from hellodigit/4.x-modifiedpaths-pr
• 5046cef fix str spacing
• 7ba0068 feat(error): add modified paths to VersionError
• 631f476 chore: release 4.13.15
• 953a846 fix(mongoose): add global `usePushEach` option for easier Mongoose 4.x + MongoDB 3.6
• 754a4e9 chore: add test/files to npmignore+gitignore for 4.x
• 0e8f016 Merge pull request #6853 from Fonger/4.x-ci-improve
• 0e0dba0 Merge pull request #6852 from hellodigit/4.x-version-number-errors
• 453f472 test(populate): fix flaky test for #5737
• 6af5f0b test(populate): fix flaky test for #5602
• df958a9 resolve cherry-pick conflict
• 127c750 test(connection): adjust delay time to improve ci pass rate
• c8d0258 chore: fix file permission modified by WSL
• f2a4a5b test(connection): increase delay to make sure driver give up reconnection
• 5484542 test(document): fix near sphere test for #4014
• 84dffc3 test(model): correct test pending value to prevent ci failure
• ce7fb11 feat(error): add version number to VersionError
• 471cadc chore: release 4.13.14
• 833cc14 fix(model): handle retainKeyOrder option in findOneAndUpdate()

See the full diff

Package name: node-sass

The new version differs by 66 commits.

• 240e8da 4.9.1
• cc6ff42 Restore old node to CI
• ef713a7 Bump request@2.87.0
• 62fd84a chore: Add info for "Pinned" label
• d3aebe7 Create CODE_OF_CONDUCT.md
• 18d198e typo: node-sas -> node-sass
• 64fdacf chore: Add link to 2355 on PR template
• 8040cb7 docs: add more 404 binding install info
• a3ac021 Clean out duplicate ISSUE template
• e0a92f6 docs: Cleanup issue templates
• 94ce852 Be even more explicit that Node 10 needs 4.9
• 91973ed chore: Add compile issue details to bug template
• e23531d Update issue templates using builder
• 8878118 docs: Add Feature request issue template
• 043e2bc docs: Move and update Installation template
• fece9af docs: Add issue template for compilation results
• 8268296 doc: New ISSUE Template for Request Security issues
• 6fef242 Updates README.md with AppVeyor svg badge (#2376)
• e3ab6e1 Clarify docs for --source-map. Closes #1026.
• 8c4808a Updated links to absolute path instead of relative (#2371)
• 26a2032 Add PR Template for Request bumps
• 9d6faf6 Bump LibSass@3.5.4
• 739d768 Bump gcc@4.9 for Node 10
• a124e9d Add Node 10 to CI

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic