Upgrade vulnerable dependencies #26
Description
Upgrade vulnerable libraries
Some libraries need to be upgraded
| Library | Severity | Where | Details |
|---|---|---|---|
| minimist | moderate severity | package-lock.json | CVE-2020-7598 |
| kind-of | moderate severity | package-lock.json | CVE-2019-20149 |
| mongoose | moderate severity | package-lock.json | CVE-2019-17426 |
| mixin-deep | high severity | package-lock.json | CVE-2019-10746 |
| set-value | high severity | package-lock.json | CVE-2019-10747 |
| lodash | critical severity | package-lock.json | CVE-2019-10744 |
| mpath | low severity | package-lock.json | CVE-2018-16490 |
Related pull requests:
- lodash : Bump lodash from 4.17.10 to 4.17.19 #25
- mongoose : Bump mongoose from 5.2.7 to 5.7.5 #24
- mixin-deep : Bump mixin-deep from 1.3.1 to 1.3.2 #22
- node-fetch: Bump node-fetch from 2.6.0 to 2.6.1 #27
- ini: Bump ini from 1.3.5 to 1.3.7 #28