[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: forever-monitor

The new version differs by 17 commits.

• 5600ba6 Bump version
• 829e10a remove dependency from broadway (#196)
• b8d4520 Remove direct dependency on optimist (#194)
• 2f6f080 Bump version
• 02639cc fix: Repository link in package.json (#192)
• af8d7b7 fix: Update ps-tree to 1.2.0 (#191)
• da6763f Bump version
• 342b26e Do not spawn with the shell on Windows by default (#188)
• 63d7cc0 Test with Node 14 (#187)
• 93cfbef Fix running forever on Windows (#145)
• 8e7b0b7 Remove some of the unused vars (#183)
• 6a1df79 Enable more linting rules (#182)
• 5ca63ff Replace var with let/const (#181)
• 07b25b9 Reformat with prettier (#180)
• d708fa1 Drop support for Node < 6 (#178)
• 8639364 Use correct npm command for older node (#176)
• cafaa95 Fix stop() after start() (#139)

See the full diff

Package name: nconf

The new version differs by 41 commits.

• 583e713 0.12.0
• 60c99cd chore: upgrade to nyc for test coverage (#400)
• 080624a [dist] Update dependency async to v3 (#332) (#399)
• f1ddb1b fix(ci): use npm install w/o package-lock
• f25feb2 0.11.4
• 2e9e453 chore: disable package-lock, since this is a lib
• 7aa9402 chore: update node version test matrix
• feaba56 fix(security): prevent prototype pollution in memory store (#397)
• 218059e 0.11.3
• dc8c3d6 Handle case where parsed config object hasn't prototype (#365)
• b1914ae 0.11.2
• 54bd403 chore: upgrade deps to fix security vulns
• e6dfa5d 0.11.1
• 709cc60 Bump node-notifier from 8.0.0 to 8.0.1 (#355)
• eca2bf3 Bump ini from 1.3.5 to 1.3.6 (#353)
• 85229df chore: enable circleci
• 91e9106 chore: update changelog
• 4122731 0.11.0
• 56794d1 chore: upgrade deps to fix security vulns
• 1392ac4 0.10.0
• 01f25fa Regex as env separator (#288)
• 16667be Argv store separator (#291)
• bac910a 0.9.1
• 2bdf7e1 Clean Argv Store options (#290)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution