Skip to content

[Snyk] Fix for 45 vulnerabilities #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 45 vulnerabilities #1

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Dec 15, 2019

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

    • package.json
    • package-lock.json

  • Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
    Find out more.

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change
high severity Denial of Service (DoS)
SNYK-JS-EXPRESSFILEUPLOAD-473997		 Yes
medium severity Prototype Pollution
SNYK-JS-JQUERY-174006		 Yes
medium severity Denial of Service (DoS)
SNYK-JS-JSYAML-173999		 Yes
high severity Arbitrary Code Execution
SNYK-JS-JSYAML-174129		 Yes
high severity Prototype Pollution
SNYK-JS-LODASH-450202		 No
high severity Prototype Pollution
SNYK-JS-LODASH-73638		 No
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 No
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116		 No
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540		 No
high severity Denial of Service (DoS)
SNYK-JS-MONGODB-473855		 Yes
medium severity Information Exposure
SNYK-JS-MONGOOSE-472486		 Yes
high severity Arbitrary File Write via Archive Extraction (Zip Slip)
npm:adm-zip:20180415		 No
low severity Regular Expression Denial of Service (ReDoS)
npm:braces:20180219		 Yes
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 No
high severity Code Injection
npm:dustjs-linkedin:20160819		 No
high severity Arbitrary Code Execution
npm:ejs:20161128		 Yes
medium severity Cross-site Scripting (XSS)
npm:ejs:20161130		 Yes
medium severity Denial of Service (DoS)
npm:ejs:20161130-1		 Yes
high severity Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908		 No
medium severity Prototype Pollution
npm:hoek:20180212		 Yes
medium severity Cross-site Scripting (XSS)
npm:jquery:20150627		 Yes
medium severity Prototype Pollution
npm:lodash:20180130		 No
high severity Content & Code Injection (XSS)
npm:marked:20150520		 No
high severity Cross-site Scripting (XSS) via Data URIs
npm:marked:20170112		 No
high severity Cross-site Scripting (XSS)
npm:marked:20170815		 No
medium severity Cross-site Scripting (XSS)
npm:marked:20170815-1		 No
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20170907		 No
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20180225		 No
low severity Regular Expression Denial of Service (ReDoS)
npm:mime:20170907		 Yes
medium severity Regular Expression Denial of Service (ReDoS)
npm:moment:20161019		 No
low severity Regular Expression Denial of Service (ReDoS)
npm:moment:20170905		 No
medium severity Remote Memory Exposure
npm:mongoose:20160116		 No
low severity Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		 Yes
high severity Regular Expression Denial of Service (DoS)
npm:negotiator:20160616		 Yes
high severity Uninitialized Memory Exposure
npm:npmconf:20180512		 Yes
high severity Prototype Override Protection Bypass
npm:qs:20170213		 No
medium severity Regular Expression Denial of Service (ReDoS)
npm:semver:20150403		 Yes
medium severity Directory Traversal
npm:st:20140206		 No
medium severity Open Redirect
npm:st:20171013		 Yes
medium severity Uninitialized Memory Exposure
npm:tunnel-agent:20170305		 Yes
With a Snyk patch:
Severity Issue
low severity Regular Expression Denial of Service (DoS)
npm:hawk:20160119
medium severity Timing Attack
npm:http-signature:20150122
low severity Regular Expression Denial of Service (ReDoS)
npm:mime:20170907
high severity Regular Expression Denial of Service (DoS)
npm:minimatch:20160620
medium severity Regular Expression Denial of Service (ReDoS)
npm:ms:20151024
medium severity Remote Memory Exposure
npm:request:20160119
medium severity Uninitialized Memory Exposure
npm:tunnel-agent:20170305

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json, package-lock.json & .snyk to reduce vulnerabilities
43d853a 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://snyk.io/vuln/npm:adm-zip:20180415
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:dustjs-linkedin:20160819
- https://snyk.io/vuln/npm:ejs:20161128
- https://snyk.io/vuln/npm:ejs:20161130
- https://snyk.io/vuln/npm:ejs:20161130-1
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:marked:20150520
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170815
- https://snyk.io/vuln/npm:marked:20170815-1
- https://snyk.io/vuln/npm:marked:20170907
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:mongoose:20160116
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:npmconf:20180512
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:semver:20150403
- https://snyk.io/vuln/npm:st:20140206
- https://snyk.io/vuln/npm:st:20171013
- https://snyk.io/vuln/npm:tunnel-agent:20170305


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:http-signature:20150122
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305
@snyk-bot snyk-bot mentioned this pull request Jul 31, 2020
Open
@snyk-bot snyk-bot mentioned this pull request Mar 25, 2021
Open
@snyk-bot snyk-bot mentioned this pull request Apr 13, 2021
Open
@snyk-bot snyk-bot mentioned this pull request Jun 11, 2021
Open
This was referenced Sep 17, 2021
Open
Open
Open
@snyk-bot snyk-bot mentioned this pull request Jul 24, 2022
Open
@akanchhaS akanchhaS mentioned this pull request Dec 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot