[Snyk] Upgrade mqtt from 2.18.8 to 2.18.9

[snyk-bot]

Snyk has created this PR to upgrade mqtt from 2.18.8 to 2.18.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released a year ago, on 2021-08-04.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Buffer Over-read SNYK-JS-MQTTPACKET-174531	375/1000 Why? CVSS 7.5	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: mqtt

• 2.18.9 - 2021-08-04
  

  fix: security vulnerability in ws stream

• 2.18.8 - 2018-08-30

from mqtt GitHub release notes

Commit messages

Package name: mqtt

• 689d89b Merge pull request #1307 from mqttjs/security-update
• dda2724 update version
• 250921b fix: security vulnerabilities

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs