Upgrade deps

[j-rewerts]

Upgrade extend to version 3.0.2 or later

[j-rewerts]

We have a higher sev dependancy that must be upgraded.

Neither impacts our end users, but the tar vulnerability could impact us when we're developing.

[j-rewerts]

@CodyGramlich Would you mind making a PR for this when you're free?

[j-rewerts]

@CodyGramlich Sorry for the late review. Could you upgrade Axios as well?

[j-rewerts]

Some history regarding the exploit. We're currently at high risk of a DOS.

[CodyGramlich]

Looking into it right now.

[CodyGramlich]

Axios is a dependency of the @nestjs/common package. The latest version of @nestjs/common is 6.2.4, which has not upgraded axios to 0.19.0 yet. nestjs/nest@c687b5b#diff-e5ee084bbc7db467b9d6ba0fba1beb9fL15

[CodyGramlich]

nestjs/nest#2311 I think we have to wait until this gets merged and wait for their next release.

[j-rewerts]

@CodyGramlich Can you upgrade Nest to 6.x now? When they cut the minor version, we'll be ready that way.

[CodyGramlich]

Sure. We have to upgrade elasticsearch as well because @nestjs/elasticsearch is a peer dependency of @nestjs/common.

[j-rewerts]

That is pretty unfortunate. Try upgrading and be sure to test the backend.

[j-rewerts]

I'm worried this could alter our schema.

[j-rewerts]

Closed with #125.