From 7ba4d9b02cbad1f41383e8e978af14db23781223 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 20 Jul 2023 18:34:48 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721
---
 package-lock.json | 33 ++++++++++++++++++++++++---------
 package.json      |  2 +-
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8f8f74a25b..ca8014ab23 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -4982,15 +4982,15 @@
       }
     },
     "mongoose": {
-      "version": "5.13.9",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-5.13.9.tgz",
-      "integrity": "sha512-JbLw5ie0LJxm7V9LoNxRY//6cyFJf0cOpON2TWUWvF9pabil6ArfECL3xHV2N+mwwO4gXiIa+c0pwTzDUVTgqw==",
+      "version": "5.13.20",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-5.13.20.tgz",
+      "integrity": "sha512-TjGFa/XnJYt+wLmn8y9ssjyO2OhBMeEBtOHb9iJM16EWu2Du6L1Q6zSiEK2ziyYQM8agb4tumNIQFzqbxId7MA==",
       "requires": {
         "@types/bson": "1.x || 4.0.x",
         "@types/mongodb": "^3.5.27",
         "bson": "^1.1.4",
         "kareem": "2.3.2",
-        "mongodb": "3.6.11",
+        "mongodb": "3.7.4",
         "mongoose-legacy-pluralize": "1.0.2",
         "mpath": "0.8.4",
         "mquery": "3.2.5",
@@ -5012,16 +5012,26 @@
           }
         },
         "mongodb": {
-          "version": "3.6.11",
-          "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.11.tgz",
-          "integrity": "sha512-4Y4lTFHDHZZdgMaHmojtNAlqkvddX2QQBEN0K//GzxhGwlI9tZ9R0vhbjr1Decw+TF7qK0ZLjQT292XgHRRQgw==",
+          "version": "3.7.4",
+          "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.7.4.tgz",
+          "integrity": "sha512-K5q8aBqEXMwWdVNh94UQTwZ6BejVbFhh1uB6c5FKtPE9eUMZPUO3sRZdgIEcHSrAWmxzpG/FeODDKL388sqRmw==",
           "requires": {
             "bl": "^2.2.1",
             "bson": "^1.1.4",
             "denque": "^1.4.1",
-            "optional-require": "^1.0.3",
+            "optional-require": "^1.1.8",
             "safe-buffer": "^5.1.2",
             "saslprep": "^1.0.0"
+          },
+          "dependencies": {
+            "optional-require": {
+              "version": "1.1.8",
+              "resolved": "https://registry.npmjs.org/optional-require/-/optional-require-1.1.8.tgz",
+              "integrity": "sha512-jq83qaUb0wNg9Krv1c5OQ+58EK+vHde6aBPzLvPPqJm89UQWsvSuFy9X/OSNJnFeSOKo7btE0n8Nl2+nE+z5nA==",
+              "requires": {
+                "require-at": "^1.0.6"
+              }
+            }
           }
         },
         "ms": {
@@ -6696,6 +6706,11 @@
         }
       }
     },
+    "require-at": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/require-at/-/require-at-1.0.6.tgz",
+      "integrity": "sha512-7i1auJbMUrXEAZCOQ0VNJgmcT2VOKPRl2YGJwgpHpC9CE91Mv4/4UYIUm4chGJaI381ZDq1JUicFii64Hapd8g=="
+    },
     "require-directory": {
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
@@ -7033,7 +7048,7 @@
     "sliced": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/sliced/-/sliced-1.0.1.tgz",
-      "integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E="
+      "integrity": "sha512-VZBmZP8WU3sMOZm1bdgTadsQbcscK0UM8oKxKVBs4XAhUo2Xxzm/OFMGBkPusxw9xL3Uy8LrzEqGqJhclsr0yA=="
     },
     "smart-buffer": {
       "version": "4.1.0",
diff --git a/package.json b/package.json
index d635e0bedf..7a9f036a67 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,7 @@
     "method-override": "latest",
     "moment": "2.19.3",
     "mongodb": "^3.5.9",
-    "mongoose": "5.13.9",
+    "mongoose": "5.13.20",
     "morgan": "latest",
     "ms": "^2.0.0",
     "mysql": "^2.18.1",