[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Deserialization of Untrusted Data SNYK-JS-BSON-561052	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit

Commit messages

Package name: mocha

The new version differs by 245 commits.

• 42303e2 Release v6.0.0
• a553ca7 punctuation updates for changelog v6.0.0
• c710792 grammar updates for changelog v6.0.0
• 9f9293a update changelog for v6.0.0
• a540eb0 remove "projects" section from MAINTAINERS.md [ci skip]
• 52b5c42 Uppercased JSON reporter name in `describe` title (#3739)
• 82307fb Fix `.globals` to remove falsy values (#3737)
• 56dc28e Remove unnecessary post-processing code having no effect; closes #3708 (#3733)
• 16b4281 Documentation updates (#3728)
• 5d9d3eb Update nyc
• 118c9ae Refactor out usages of Suite#_onlyTests and Suite#_onlyTests (#3689) (#3707)
• 0dacd1f Add ability to unload files from `require` cache (redux) (#3726)
• 66a52f2 update release steps [ci skip]
• 45ae014 Refactor `lookupFiles` and `files` (#3722)
• 94c9320 fix --reporter-option to allow comma-separated options; closes #3706
• 0f546fc Refactor checkGlobals() error message creation (#3711)
• 2d21fd6 add missing user reference in CHANGELOG.md [ci skip]
• 6cb4e27 add all changes since v6.0.0-1 to CHANGELOG.md [ci skip]
• 186ca36 add createInvalidArgumentError(); see #3676 (#3677)
• 3a7fa37 Revert 00ca06b0e957ec4f067268c98053782ac5dcb69f; closes #3414 (#3715)
• 21ba5ce fix --inspect and its ilk; closes #3681 (#3699)
• 52b9a5f refactor: use constants for event names instead of string literals
• 29aa611 Eliminated variable shadowing from test event listeners (runner.spec.js) (#3712)
• e01a54e update usage info in docs [ci skip]

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• 76fae6d chore: release 5.3.9
• 40d4177 Merge pull request #7213 from NewEraCracker/master
• 751397c fix(document): run setter only once when doing `.set()` underneath a single nested subdoc
• 10837d4 test(document): repro #7196
• 10a63a9 Bump version of bson dependency to match mongodb-core
• d10274e docs(transactions): add example of aborting a transaction
• d245847 Merge branch 'master' of github.com:Automattic/mongoose
• 551a75b chore: add cpc to some pages that were missing it
• 1ca3514 Merge pull request #7210 from gfranco93/patch-1
• c1606b6 Merge pull request #7207 from lineus/fix-7098
• e9d538e Merge pull request #7203 from lineus/fix-7202
• 8f16b67 fix(document): surface errors in subdoc pre validate
• 87005a1 test(document): repro #7187
• 5b1d81c Documentation fix: fixed anchor link
• eebfb36 docs(query): add note re: cursor()
• c1e2617 docs(query): improve find() docs re: #7188
• 526f82d fix(query): run default functions after hydrating the loaded document
• 320d5f8 test(query): repro #7182
• 64c6d15 if our update schema path is a nested array do not skip query casting.
• 5d122e8 test for #7098
• 5ba13a7 refactor(test): move strictQuery tests to query.test.js since they do not use findOneAndUpdate()
• 4121629 chore: refer to correct issue #7178
• 22ed5d2 fix(query): handle strictQuery: 'throw' with nested path correctly
• 8c16354 test(query): repro #7152

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[TravisBuddy]

Hey @snyk-bot,
Your changes look good to me!

View build log

TravisBuddy Request Identifier: 551d16f0-7327-11ea-8d6e-5f9eb1f9039f