Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk-dev] Fix for 70 vulnerabilities #74

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Oct 3, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

    • package.json
    • package-lock.json
  • Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
    Find out more.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4
Directory Traversal
SNYK-JS-ADMZIP-1065796
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
Yes Proof of Concept
high severity 630/1000
Why? Has a fix available, CVSS 8.1
Internal Property Tampering
SNYK-JS-BSON-561052
Yes No Known Exploit
high severity 751/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
Prototype Pollution
SNYK-JS-DUSTJSLINKEDIN-1089257
Yes Proof of Concept
medium severity 526/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.1
Arbitrary Code Injection
SNYK-JS-EJS-1049328
Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Remote Code Execution (RCE)
SNYK-JS-EJS-2803307
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-EXPRESSFILEUPLOAD-473997
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-EXPRESSFILEUPLOAD-595969
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042
Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-INI-1048974
Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-JQUERY-174006
Yes Proof of Concept
medium severity 701/1000
Why? Mature exploit, Has a fix available, CVSS 6.3
Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129
Yes Mature
medium severity 711/1000
Why? Mature exploit, Has a fix available, CVSS 6.5
Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880
Yes Mature
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540
No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Directory Traversal
SNYK-JS-MOMENT-2440688
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MOMENT-2944238
No Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-MONGODB-473855
Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MONGOOSE-1086688
Yes Proof of Concept
high severity 671/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7
Prototype Pollution
SNYK-JS-MONGOOSE-2961688
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MPATH-1577289
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-MQUERY-1050858
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-MQUERY-1089718
Yes Proof of Concept
critical severity 680/1000
Why? Has a fix available, CVSS 9.1
Improper Access Control
SNYK-JS-NEXTAUTH-1072465
No No Known Exploit
medium severity 519/1000
Why? Has a fix available, CVSS 6.1
Open Redirect
SNYK-JS-NEXTAUTH-2769574
Yes No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Open Redirect
SNYK-JS-NEXTAUTH-2841457
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-NEXTAUTH-2933545
No No Known Exploit
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Improper Input Validation
SNYK-JS-NEXTAUTH-2944244
No Proof of Concept
low severity 379/1000
Why? Has a fix available, CVSS 3.3
Information Exposure
SNYK-JS-NEXTAUTH-2965597
No No Known Exploit
critical severity 669/1000
Why? Has a fix available, CVSS 9.1
Improper Authorization
SNYK-JS-NEXTAUTH-2968127
No No Known Exploit
medium severity 626/1000
Why? Recently disclosed, Has a fix available, CVSS 6.8
Improper Authentication
SNYK-JS-NEXTAUTH-3035577
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Open Redirect
SNYK-JS-NODEFORGE-2330875
No Proof of Concept
medium severity 529/1000
Why? Has a fix available, CVSS 6.3
Prototype Pollution
SNYK-JS-NODEFORGE-2331908
No No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430337
No No Known Exploit
high severity 579/1000
Why? Has a fix available, CVSS 7.3
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430339
No No Known Exploit
medium severity 494/1000
Why? Has a fix available, CVSS 5.6
Improper Verification of Cryptographic Signature
SNYK-JS-NODEFORGE-2430341
No No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-NODEFORGE-598677
No Proof of Concept
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept
low severity 354/1000
Why? Has a fix available, CVSS 2.8
Insecure use of /tmp folder
npm:cli:20160615
No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Arbitrary Code Execution
npm:ejs:20161128
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Cross-site Scripting (XSS)
npm:ejs:20161130
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Denial of Service (DoS)
npm:ejs:20161130-1
Yes No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Cross-site Scripting (XSS)
npm:jquery:20150627
Yes No Known Exploit
high severity 654/1000
Why? Has a fix available, CVSS 8.8
Cross-site Scripting (XSS)
npm:marked:20150520
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Cross-site Scripting (XSS)
npm:marked:20170112
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Cross-site Scripting (XSS)
npm:marked:20170815
No No Known Exploit
medium severity 454/1000
Why? Has a fix available, CVSS 4.8
Cross-site Scripting (XSS)
npm:marked:20170815-1
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:marked:20170907
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:marked:20180225
No Proof of Concept
medium severity 469/1000
Why? Has a fix available, CVSS 5.1
Denial of Service (DoS)
npm:mem:20180117
Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:mime:20170907
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616
Yes No Known Exploit
high severity 756/1000
Why? Mature exploit, Has a fix available, CVSS 7.4
Uninitialized Memory Exposure
npm:npmconf:20180512
Yes Mature
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
npm:semver:20150403
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Directory Traversal
npm:st:20140206
No Proof of Concept
medium severity 644/1000
Why? Mature exploit, Has a fix available, CVSS 4.3
Open Redirect
npm:st:20171013
Yes Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: adm-zip The new version differs by 84 commits.

See the full diff

Package name: body-parser The new version differs by 53 commits.
  • b2659a7 1.18.2
  • 6339bf7 perf: remove argument reassignment
  • d5f9a4a deps: debug@2.6.9
  • d041563 1.18.1
  • 9efa9ab deps: content-type@~1.0.4
  • f1ef6cc deps: qs@6.5.1
  • e438db5 deps: raw-body@2.3.2
  • 15c3585 deps: iconv-lite@0.4.19
  • adfa01c 1.18.0
  • 0632e2f Include the "type" property on all generated errors
  • b8f97cd Include the "body" property on verify errors
  • c659e8a tests: add test for err.body on json parse error
  • 4e15325 tests: reorganize json error tests
  • 5bd7ed5 tests: reorganize json strict option tests
  • 3cb380b tests: store server on mocha context instead of variable shadowing
  • 29c8cd0 docs: document too many parameters error
  • 7b9cb14 Use http-errors to set status code on errors
  • 29a27f1 docs: fix typo in jsdoc comment
  • 448dc57 Fix JSON strict violation error to match native parse error
  • 87df7e6 tests: add leading whitespace strict json test
  • 1841248 deps: raw-body@2.3.1
  • e666dbe deps: http-errors@~1.6.2
  • c2a110a deps: bytes@3.0.0
  • a1a2e31 build: Node.js@8.4

See the full diff

Package name: cfenv The new version differs by 3 commits.
  • fb0a2aa update dependencies, now at version 1.2.4
  • 63e072a version 1.2.3
  • 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: express-fileupload The new version differs by 250 commits.

See the full diff

Package name: file-type The new version differs by 218 commits.

See the full diff

Package name: lodash The new version differs by 1 commits.

See the full diff

Package name: marked The new version differs by 250 commits.
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 🗜️ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • 41990a5 🗜️ build [skip ci]
  • a9696e2 fix: retain line breaks in tokens properly (#2341)
  • 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
  • 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
  • 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
  • 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
  • 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
  • 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
  • 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
  • be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
  • 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
  • 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
  • 59375fb chore(release): 4.0.8 [skip ci]
  • 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • ca7996b chore: release 5.13.15
  • e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
  • a1144dc test: run node 7 tests with upgraded npm re: #12297
  • dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
  • b9e985c test: more strict @ types/node version
  • 4d813fa test: fix @ types/node version in tests re: #12297
  • 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
  • 5eb11dd made function non async
  • 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
  • a2ec28d Merge pull request #11366 from laissonsilveira/5.x
  • 05ce577 Fix broken link from findandmodify method deprecation
  • d2b846f chore: release 5.13.14
  • 69c1f6c docs(models): fix up nModified example for 5.x
  • 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
  • a738440 chore: release 5.13.13
  • 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
  • c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
  • ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
  • d205c4d make value optional
  • c6fd7f7 Fix ts types for query set
  • 22e9b3b [gh-10902 v5] Add node major version to utils
  • 5468642 [gh-10902 v5] Emit end event in before close
  • 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
  • b7ebeec Update mongodb driver to 3.7.3

See the full diff

Package name: ms The new version differs by 19 commits.

See the full diff

Package name: tap The new version differs by 250 commits.
  • bc49fb7 15.0.0
  • 4378608 remove publishConfig beta tag
  • 2c2e75f provide mkdirRecursive polyfill for old node versions
  • 8f4c855 correctly specify 10.0.x versions
  • 5e61672 update deps
  • c44c418 Support 10.0 and test in CI
  • dc5c841 tcompare@5.0.4
  • 385b6d2 Add .taprc.yml/yaml handling to change log
  • 4f87466 just run regular test script as snap script
  • 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
  • 564e96f Add detection for .yaml and .yml
  • 75bae93 update cli doc
  • c1289bf 15.0.0-3
  • d6fe32f Do not CI on node 10
  • d2e0428 do not use equals() alias in self-test
  • 3f787c4 tell npm to be colorful in CI
  • 1512818 run tests with color on github actions
  • 4626fa1 Docs: update documentation for tap v15
  • 02d536b libtap@1.0.1
  • f7c7c58 update cli doc
  • 2aa497c 15.0.0-2
  • 8d7f62e Add support for overriding libtap's internal settings
  • 29eed63 new snapshot folder layout
  • 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
npm:ms:20151024
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"84a97aa5-ac96-472d-bb56-43cb269f4050","prPublicId":"84a97aa5-ac96-472d-bb56-43cb269f4050","dependencies":[{"name":"adm-zip","from":"0.4.11","to":"0.5.2"},{"name":"body-parser","from":"1.17.1","to":"1.18.2"},{"name":"cfenv","from":"1.2.2","to":"1.2.4"},{"name":"dustjs-linkedin","from":"2.6.0","to":"3.0.0"},{"name":"ejs","from":"1.0.0","to":"3.1.7"},{"name":"express-fileupload","from":"0.0.5","to":"1.1.10"},{"name":"file-type","from":"8.1.0","to":"16.5.4"},{"name":"jquery","from":"2.2.4","to":"3.5.0"},{"name":"lodash","from":"4.17.20","to":"4.17.21"},{"name":"marked","from":"0.3.5","to":"4.0.10"},{"name":"moment","from":"2.19.3","to":"2.29.4"},{"name":"mongoose","from":"4.13.21","to":"5.13.15"},{"name":"ms","from":"0.7.3","to":"2.0.0"},{"name":"next-auth","from":"3.0.0","to":"4.12.0"},{"name":"npmconf","from":"0.0.24","to":"2.1.3"},{"name":"st","from":"0.2.4","to":"1.2.2"},{"name":"tap","from":"11.1.5","to":"15.0.0"}],"packageManager":"npm","projectPublicId":"a5b77ac6-c600-436d-958b-4ad1323dc6d8","projectUrl":"https://app.dev.snyk.io/org/testing-removing-critical-severity-ff/project/a5b77ac6-c600-436d-958b-4ad1323dc6d8?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746","npm:ms:20151024"],"vulns":["npm:cli:20160615","npm:debug:20170905","SNYK-JS-NODEFORGE-2430337","SNYK-JS-NODEFORGE-2430339","SNYK-JS-NODEFORGE-2430341","SNYK-JS-NODEFORGE-598677","SNYK-JS-NODEFORGE-2330875","SNYK-JS-NODEFORGE-2331908","npm:ejs:20161128","npm:ejs:20161130","npm:ejs:20161130-1","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","npm:jquery:20150627","SNYK-JS-JQUERY-174006","SNYK-JS-JQUERY-565129","SNYK-JS-JQUERY-567880","npm:marked:20150520","npm:marked:20170112","npm:marked:20170815","npm:marked:20170815-1","npm:marked:20170907","npm:marked:20180225","SNYK-JS-MARKED-174116","SNYK-JS-MARKED-2342073","SNYK-JS-MARKED-2342082","SNYK-JS-MARKED-451540","SNYK-JS-MARKED-584281","SNYK-JS-UNDERSCORE-1080984","SNYK-JS-YARGSPARSER-560381","npm:mem:20180117","npm:mime:20170907","npm:minimatch:20160620","SNYK-JS-MINIMATCH-1019388","npm:ms:20151024","npm:ms:20170412","npm:negotiator:20160616","npm:npmconf:20180512","npm:semver:20150403","npm:st:20140206","npm:st:20171013","SNYK-JS-ADMZIP-1065796","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ASYNC-2441827","SNYK-JS-BSON-561052","SNYK-JS-DUSTJSLINKEDIN-1089257","SNYK-JS-EXPRESSFILEUPLOAD-473997","SNYK-JS-EXPRESSFILEUPLOAD-595969","SNYK-JS-FILETYPE-2958042","SNYK-JS-INI-1048974","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MOMENT-2440688","SNYK-JS-MOMENT-2944238","SNYK-JS-MONGODB-473855","SNYK-JS-MONGOOSE-1086688","SNYK-JS-MONGOOSE-2961688","SNYK-JS-MPATH-1577289","SNYK-JS-MQUERY-1050858","SNYK-JS-MQUERY-1089718","SNYK-JS-NEXTAUTH-1072465","SNYK-JS-NEXTAUTH-2769574","SNYK-JS-NEXTAUTH-2841457","SNYK-JS-NEXTAUTH-2933545","SNYK-JS-NEXTAUTH-2944244","SNYK-JS-NEXTAUTH-2965597","SNYK-JS-NEXTAUTH-2968127","SNYK-JS-NEXTAUTH-3035577"],"upgrade":["SNYK-JS-ADMZIP-1065796","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ASYNC-2441827","SNYK-JS-BSON-561052","SNYK-JS-DUSTJSLINKEDIN-1089257","SNYK-JS-EJS-1049328","SNYK-JS-EJS-2803307","SNYK-JS-EXPRESSFILEUPLOAD-473997","SNYK-JS-EXPRESSFILEUPLOAD-595969","SNYK-JS-FILETYPE-2958042","SNYK-JS-INI-1048974","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-JQUERY-174006","SNYK-JS-JQUERY-565129","SNYK-JS-JQUERY-567880","SNYK-JS-LODASH-1018905"...

The following vulnerabilities are fixed with an upgrade:
- https://dev.snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://dev.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://dev.snyk.io/vuln/SNYK-JS-ASYNC-2441827
- https://dev.snyk.io/vuln/SNYK-JS-BSON-561052
- https://dev.snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257
- https://dev.snyk.io/vuln/SNYK-JS-EJS-1049328
- https://dev.snyk.io/vuln/SNYK-JS-EJS-2803307
- https://dev.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://dev.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969
- https://dev.snyk.io/vuln/SNYK-JS-FILETYPE-2958042
- https://dev.snyk.io/vuln/SNYK-JS-INI-1048974
- https://dev.snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://dev.snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://dev.snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://dev.snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-174116
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-451540
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-584281
- https://dev.snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://dev.snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://dev.snyk.io/vuln/SNYK-JS-MOMENT-2944238
- https://dev.snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://dev.snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://dev.snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://dev.snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://dev.snyk.io/vuln/SNYK-JS-MQUERY-1050858
- https://dev.snyk.io/vuln/SNYK-JS-MQUERY-1089718
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-1072465
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-2769574
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-2841457
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-2933545
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-2944244
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-2965597
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-2968127
- https://dev.snyk.io/vuln/SNYK-JS-NEXTAUTH-3035577
- https://dev.snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://dev.snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://dev.snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://dev.snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://dev.snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
- https://dev.snyk.io/vuln/SNYK-JS-NODEFORGE-598677
- https://dev.snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://dev.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://dev.snyk.io/vuln/npm:cli:20160615
- https://dev.snyk.io/vuln/npm:debug:20170905
- https://dev.snyk.io/vuln/npm:ejs:20161128
- https://dev.snyk.io/vuln/npm:ejs:20161130
- https://dev.snyk.io/vuln/npm:ejs:20161130-1
- https://dev.snyk.io/vuln/npm:jquery:20150627
- https://dev.snyk.io/vuln/npm:marked:20150520
- https://dev.snyk.io/vuln/npm:marked:20170112
- https://dev.snyk.io/vuln/npm:marked:20170815
- https://dev.snyk.io/vuln/npm:marked:20170815-1
- https://dev.snyk.io/vuln/npm:marked:20170907
- https://dev.snyk.io/vuln/npm:marked:20180225
- https://dev.snyk.io/vuln/npm:mem:20180117
- https://dev.snyk.io/vuln/npm:mime:20170907
- https://dev.snyk.io/vuln/npm:minimatch:20160620
- https://dev.snyk.io/vuln/npm:ms:20170412
- https://dev.snyk.io/vuln/npm:negotiator:20160616
- https://dev.snyk.io/vuln/npm:npmconf:20180512
- https://dev.snyk.io/vuln/npm:semver:20150403
- https://dev.snyk.io/vuln/npm:st:20140206
- https://dev.snyk.io/vuln/npm:st:20171013


The following vulnerabilities are fixed with a Snyk patch:
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-567746
- https://dev.snyk.io/vuln/npm:ms:20151024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant