Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 94 vulnerabilities #98

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 94 vulnerabilities #98

wants to merge 1 commit into from

Conversation

EricFernandezSnyk
Copy link
Owner

snyk-top-banner

Snyk has created this PR to fix 94 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-3023021		   ****  
medium severity Improper Input Validation
SNYK-JS-PARSEURL-3024398		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		   ****  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-8482416		   ****  
high severity Prototype Poisoning
SNYK-JS-QS-3153490		   ****  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   ****  
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		   ****  
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		   ****  
medium severity Command Injection
SNYK-JS-SNYK-3037342		   ****  
medium severity Command Injection
SNYK-JS-SNYK-3038622		   ****  
medium severity Code Injection
SNYK-JS-SNYK-3111871		   ****  
medium severity Command Injection
SNYK-JS-SNYKDOCKERPLUGIN-3039679		   ****  
medium severity Command Injection
SNYK-JS-SNYKGOPLUGIN-3037316		   ****  
medium severity Command Injection
SNYK-JS-SNYKGRADLEPLUGIN-3038624		   ****  
high severity Code Injection
SNYK-JS-SNYKGRADLEPLUGIN-8248487		   ****  
medium severity Command Injection
SNYK-JS-SNYKMVNPLUGIN-3038623		   ****  
high severity Code Injection
SNYK-JS-SNYKPHPPLUGIN-8248485		   ****  
medium severity Command Injection
SNYK-JS-SNYKPYTHONPLUGIN-3039677		   ****  
medium severity Command Injection
SNYK-JS-SNYKSBTPLUGIN-3038626		   ****  
medium severity Command Injection
SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625		   ****  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973		   ****  
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874		   ****  
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		   ****  
high severity Prototype Pollution
SNYK-JS-MONGOOSE-5777721		   317  
high severity Prototype Pollution
SNYK-JS-MONGOOSE-2961688		   255  
critical severity Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-2936249		   241  
high severity Code Injection
SNYK-JS-LODASH-1040724		   239  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-NETMASK-1089716		   238  
high severity Remote Code Execution (RCE)
SNYK-JS-PACRESOLVER-1564857		   238  
medium severity Remote Memory Exposure
npm:mongoose:20160116		   237  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		   221  
high severity Server-side Request Forgery (SSRF)
SNYK-JS-NETMASK-6056519		   220  
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20180225		   214  
high severity DLL Injection
SNYK-JS-KERBEROS-568900		   213  
high severity Remote Memory Exposure
SNYK-JS-BL-608877		   199  
high severity Cross-site Scripting (XSS)
npm:marked:20150520		   190  
high severity Prototype Pollution
SNYK-JS-LODASH-567746		   189  
medium severity Prototype Pollution
SNYK-JS-MONGOOSE-1086688		   184  
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		   170  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		   169  
high severity Improper Neutralization of Special Elements in Data Query Logic
SNYK-JS-MONGOOSE-8446504		   167  
high severity Prototype Pollution
SNYK-JS-MQUERY-1089718		   160  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		   159  
high severity Cross-site Scripting (XSS)
npm:marked:20170815		   154  
high severity Prototype Pollution
SNYK-JS-LODASH-450202		   152  
high severity Directory Traversal
SNYK-JS-MOMENT-2440688		   152  
high severity Cross-site Scripting (XSS)
npm:marked:20170112		   152  
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20170907		   152  
high severity Prototype Pollution
SNYK-JS-INI-1048974		   151  
high severity Prototype Pollution
SNYK-JS-LODASH-608086		   150  
high severity Prototype Pollution
SNYK-JS-LODASHSET-1320032		   150  
high severity Prototype Pollution
SNYK-JS-LODASH-73638		   149  
high severity Prototype Pollution
SNYK-JS-MQUERY-1050858		   149  
high severity Prototype Pollution
SNYK-JS-NCONF-2395478		   149  
high severity Authorization Bypass Through User-Controlled Key
SNYK-JS-PARSEPATH-2936439		   149  
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		   147  
medium severity Prototype Pollution
npm:lodash:20180130		   140  
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		   137  
medium severity Prototype Pollution
SNYK-JS-MPATH-1577289		   137  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281		   136  
medium severity Regular Expression Denial of Service (ReDoS)
npm:moment:20161019		   136  
medium severity Information Exposure
SNYK-JS-MONGOOSE-472486		   134  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		   133  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   131  
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531		   119  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469		   115  
high severity Denial of Service (DoS)
SNYK-JS-MONGODB-473855		   115  
high severity Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908		   114  
high severity Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616		   114  
high severity Prototype Override Protection Bypass
npm:qs:20170213		   114  
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		   105  
medium severity Information Exposure
SNYK-JS-PARSEURL-2935947		   102  
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		   98  
medium severity Cross-site Scripting (XSS)
npm:marked:20170815-1		   95  
medium severity Cross-site Scripting (XSS)
SNYK-JS-PARSEURL-2935944		   93  
medium severity Cross-site Scripting (XSS)
SNYK-JS-PARSEURL-2942134		   93  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		   84  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		   84  
medium severity Arbitrary File Write via Archive Extraction (Zip Slip)
SNYK-JS-JSZIP-3188562		   83  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		   63  
medium severity Denial of Service (DoS)
SNYK-JS-JSZIP-1251497		   63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		   63  
medium severity Open Redirect
SNYK-JS-GOT-2932019		   61  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116		   61  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540		   61  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		   60  
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		   58  
low severity Regular Expression Denial of Service (ReDoS)
npm:moment:20170905		   53  
low severity Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		   53  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		   45  
medium severity Regular Expression Denial of Service (ReDoS)
npm:ms:20151024		   45  
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		   44  
low severity Regular Expression Denial of Service (ReDoS)
npm:mime:20170907		   40  
low severity Insecure use of /tmp folder
npm:cli:20160615		   19  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Scripting (XSS)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
202546c 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106
- https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-8482416
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SEND-7926862
- https://snyk.io/vuln/SNYK-JS-SERVESTATIC-7926865
- https://snyk.io/vuln/SNYK-JS-SNYK-3037342
- https://snyk.io/vuln/SNYK-JS-SNYK-3038622
- https://snyk.io/vuln/SNYK-JS-SNYK-3111871
- https://snyk.io/vuln/SNYK-JS-SNYKDOCKERPLUGIN-3039679
- https://snyk.io/vuln/SNYK-JS-SNYKGOPLUGIN-3037316
- https://snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-3038624
- https://snyk.io/vuln/SNYK-JS-SNYKGRADLEPLUGIN-8248487
- https://snyk.io/vuln/SNYK-JS-SNYKMVNPLUGIN-3038623
- https://snyk.io/vuln/SNYK-JS-SNYKPHPPLUGIN-8248485
- https://snyk.io/vuln/SNYK-JS-SNYKPYTHONPLUGIN-3039677
- https://snyk.io/vuln/SNYK-JS-SNYKSBTPLUGIN-3038626
- https://snyk.io/vuln/SNYK-JS-SNYKSNYKCOCOAPODSPLUGIN-3038625
- https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973
- https://snyk.io/vuln/SNYK-JS-XML2JS-5414874
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-5777721
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2936249
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-NETMASK-1089716
- https://snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857
- https://snyk.io/vuln/npm:mongoose:20160116
- https://snyk.io/vuln/SNYK-JS-IP-6240864
- https://snyk.io/vuln/SNYK-JS-NETMASK-6056519
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/SNYK-JS-KERBEROS-568900
- https://snyk.io/vuln/SNYK-JS-BL-608877
- https://snyk.io/vuln/npm:marked:20150520
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-8446504
- https://snyk.io/vuln/SNYK-JS-MQUERY-1089718
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/npm:marked:20170815
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170907
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASHSET-1320032
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-MQUERY-1050858
- https://snyk.io/vuln/SNYK-JS-NCONF-2395478
- https://snyk.io/vuln/SNYK-JS-PARSEPATH-2936439
- https://snyk.io/vuln/SNYK-JS-BODYPARSER-7926860
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-IP-7148531
- https://snyk.io/vuln/SNYK-JS-ACORN-559469
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/SNYK-JS-EXPRESS-7926867
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2935947
- https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509
- https://snyk.io/vuln/npm:marked:20170815-1
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2935944
- https://snyk.io/vuln/SNYK-JS-PARSEURL-2942134
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-JSZIP-3188562
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://snyk.io/vuln/SNYK-JS-JSZIP-1251497
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/SNYK-JS-COOKIE-8163060
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:cli:20160615
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@EricFernandezSnyk @snyk-bot