[Snyk] Fix for 55 vulnerabilities

[crew-security]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-AUTH0-596476	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: auth0-extension-tools

The new version differs by 20 commits.

• 3ee9a4f Merge pull request Import export #19 from auth0-extensions/version-bump
• 5ba28bc add defaults to circle-ci yaml config
• bb0e04e add deploy step and test_and_deploy workflow to circle config
• d705af6 change circle-ci config to use npm instead of yarn.
• 0ac6628 Merge pull request Config fix #18 from auth0-extensions/version-bump
• c5f23ad bump package.json version
• 0e81ea0 Merge pull request Update redux form #17 from gkwang/update-dependencies
• f9e0206 Update dependencies
• 140cc2a 1.4.1
• 1eadbc8 Merge pull request Import/export endpoints #16 from chrisscott/update_node_auth0
• 2e47408 Update node-auth version to latest, 2.18.0
• 8a7c701 Merge pull request Bring fixes to dev branch #15 from auth0-extensions/node-auth0-bump
• b2015ad yarn.lock update
• 8f966bf bump node-auth0 version to latest
• 90c347d [Automated Script] Add stale config.
• 16b5d45 [Automated Script] Added PR Template
• 591750e 1.3.3
• e0b6aa4 Merge pull request Handlers cleanup #14 from zxan1285/no-access-token
• fb91228 no access token option
• 5be377c optional response_type

See the full diff

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: blipp

The new version differs by 15 commits.

• 2327ecc 3.0.0
• da0f587 Merge pull request users multiselect #29 from Y-LyN-10/master
• 0a37298 Update node.js versions for Travis CI
• 9a32e0d Merge branch 'master' of github.com:Y-LyN-10/blipp
• 8c4b863 Updated dev dependencies for Hapi v17
• 842ae6d Updated example for Hapi v17
• c67c665 Fixed lib and tests for default strategy
• eb77487 Linted tests
• 241dae5 Updated dependencies, tests are re-written with lab v15 and hapi v17
• 0143f72 Breaking changes: modified to work with Hapi v17
• 91db5cc updates travis and dependencies versions
• 014d160 Update dependencies version
• 53ec665 Merge pull request Deep linking #21 from johnbrett/patch-1
• 502451d Fixing brackets in the readme
• 3cff28c style

See the full diff

Package name: good

The new version differs by 25 commits.

• f0b562e version 7.1.0
• 45606c7 Restored wreck logging. Closes #469. (#514)
• 6584880 Upgrade async. Fixes #515. (#538)
• 265a5ca Update deps. Closes #515
• f957062 Don't create a reporter if no streams were provided. Addresses #534 (#535)
• 9d198f8 update stream example in docs and other minors (#536)
• dfe7912 non breaking change adds responseSentTime. Closes #530 (#533)
• 3bd61be current version shield links to good @ npmjs (#521)
• ae1778b Support functions as modules (#517)
• b8f923e Add request route tags to response event (#516)
• 7a78ec8 Fix previous hapi versions
• 77bae30 Fix hapi v15.0.2 timing errors in tests
• 4a22673 hapi 15. Closes #509
• 2d510b1 handle missing coverage on hapi < 15
• 3f9a36a hapi 15 tests
• 51e8ec5 hapi 15
• 502b961 hapi 15
• 673af3e Changed keys used to identify reporters in example (#508)
• cf9f3fb Update CONTRIBUTING.md
• 65730b1 correct and improve documentation (#505)
• a55e808 Not enough feedback when error. Closes #498 (#499)
• 8561ecc Added .npmignore file. Closes #485 (#496)
• 0c93720 Update LICENSE
• 0434d88 Closes #491. Update tests to code3.

See the full diff

Package name: hapi-swagger

The new version differs by 96 commits.

• 34ed162 v7.9.0
• ccf47a7 Merge pull request #455 from rokoroku/patch-1
• ce1014f Merge pull request #456 from ramimoshe/master
• e4f569d Link issue in docs
• 5844e3e Merge pull request #468 from rapilabs/patch-3
• bfe9195 Merge pull request #459 from sovietspaceship/patch-1
• d710828 Linting issue
• a047c66 Fix for basic example
• cb0dbbe Corrected error in example for JWT and Joi.extend()
• d575939 Merge pull request #453 from pdanpdan/patch-1
• 04bf8cd Added new disableDropdown to usgae guide
• 4b1a7c9 Merge pull request #402 from robertpallas/master
• e9e889e Merge pull request #397 from richardlay/master
• 3822495 Corrected anchor for "Grouping endpoints by path or tags"
• 4dbe097 fix 'vaildation' typoes
• 690b10b remove undefined item from Joi.try() alternatives structures
• 22f646d Fix auth for swaggerUI files
• b634ede Set auth also for swaggerUI paths
• c379231 Dependencies update
• 5d8770e Merge pull request #451 from robmcguinness/master
• 11113ea Merge pull request #446 from tepez/master
• f06c5e1 Fixes #450: hasFileType fails with circular dependency error
• 47169bd Move "lab" from dependencies to devDependencies
• eb3f832 Coverage issue

See the full diff

Package name: jsonwebtoken

The new version differs by 10 commits.

• f313850 8.0.0
• f38bd8e updated changelog
• 2ec3263 Merge pull request [Snyk] Security upgrade hapi-auth-jwt2 from 10.5.1 to 10.7.0 #393 from ziluvatar/migration-notes-to-readme
• 12cd8f7 docs: readme, migration notes
• cfc04a9 Merge pull request [Snyk] Fix for 1 vulnerabilities #349 from ziluvatar/fix-max-age-number-and-seconds
• 3305cf0 verify: remove process.nextTick (Bump y18n from 3.2.1 to 3.2.2 #302)
• 0be5409 Reduce size of NPM package ([Snyk] Fix for 4 vulnerabilities #347)
• 2e7e68d Remove joi to shrink module size ([Snyk] Security upgrade hapi-auth-jwt2 from 7.0.1 to 10.4.0 #348)
• 66a4f8b maxAge: Add validation to timespan result
• b61cc34 maxAge: Fix logic with number + use seconds instead of ms

See the full diff

Package name: lru-memoizer

The new version differs by 11 commits.

• 188771d 1.11.2
• 54c5074 Merge pull request Is there API support for this extension? #4 from coreylight/master
• e559da5 use most recent non-breaking 4.X lodash
• b068d9a 1.11.1
• 93916f8 avoid deoptimization converting args to array
• 0e46f30 1.11.0
• cb77088 add an option for cloning the object
• f447a3c 1.10.1
• 369d4f8 Merge branch 'elbuo8-own-freeze'
• 7f4545c improve test
• 277694d Bring freeze to lib

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s (Create an API Explorer for the API Endpoints #89)
• b83b36d chore(package): update eslint to version 3.19.0 (Support federated users #88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 (The on-delete hook should remove the rule, the client and the resource server #86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 (Updated tests #85)
• bd49cec chore(package): update xo to version 0.18.0 (API config page route fixed #84)
• d4a94b1 chore(package): update serve to version 5.0.3 (groupPicker reducer fixed #83)
• 923eee1 chore(package): update serve to version 5.0.2 (fix groups, roles, permissions fetch #82)

See the full diff

Package name: nconf

The new version differs by 37 commits.

• f25feb2 0.11.4
• 2e9e453 chore: disable package-lock, since this is a lib
• 7aa9402 chore: update node version test matrix
• feaba56 fix(security): prevent prototype pollution in memory store (#397)
• 218059e 0.11.3
• dc8c3d6 Handle case where parsed config object hasn't prototype ([Snyk] Fix for 1 vulnerabilities #365)
• b1914ae 0.11.2
• 54bd403 chore: upgrade deps to fix security vulns
• e6dfa5d 0.11.1
• 709cc60 Bump node-notifier from 8.0.0 to 8.0.1 ([Snyk] Security upgrade aws-sdk from 2.5.3 to 2.1354.0 #355)
• eca2bf3 Bump ini from 1.3.5 to 1.3.6 (Bump hawk and npm #353)
• 85229df chore: enable circleci
• 91e9106 chore: update changelog
• 4122731 0.11.0
• 56794d1 chore: upgrade deps to fix security vulns
• 1392ac4 0.10.0
• 01f25fa Regex as env separator (Fix linter #288)
• 16667be Argv store separator (User search #291)
• bac910a 0.9.1
• 2bdf7e1 Clean Argv Store options (Cli upgrade #290)
• b9321b2 transformer can now return an undefined key (Cli upgrade #289)
• 81ce0be Update changelog
• b1ee63c fix error in transform function when dealing with dropped entries (Minor version bump #287)
• 9f70ba1 [doc] Update changelog

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: superagent

The new version differs by 250 commits.

• 3571754 v3.8.1
• 34b69c8 Bump
• 087edaf Clear auth on redirect
• 4108c34 npm@5
• 064b8b0 3.8.0
• b2708db Retry callback
• 383b308 Refactor shouldRetry
• 6bd9b31 indentation to match
• bba9773 log and test style
• bac9933 fn as optional param
• ff607e2 Add optional callback to retry
• 9b0d98d Changelog
• c808dd0 3.8.0-alpha.1
• 87516fc Also support events in global-ish agent
• 66aed34 Default settings for all agent requests
• 05d6c88 Authenticate request using username and password
• 06d7865 Extract common node/browser auth into request-base
• 104ccba Unify auth args handling in node/browser
• be5ab92 Handle errors in zlib pipe
• ef0a35b Merge pull request #1301 from visionmedia/es6
• 0dff890 Prettier
• d669860 ES6ify
• e8463f0 ES6ify Node tests
• cf98d3b Rephrase new documentation about error responses

See the full diff

Package name: webtask-tools

The new version differs by 2 commits.

• 4806a34 Version bump package-lock.json
• e79adb1 Bump pug (You cannot edit permissions when adding/updating a Role #34)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2...