Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 79 vulnerabilities #62

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

    • package.json
    • package-lock.json
  • Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
    Find out more.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ACORN-559469
No No Known Exploit
high severity 584/1000
Why? Has a fix available, CVSS 7.4
Directory Traversal
SNYK-JS-ADMZIP-1065796
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 751/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
Prototype Pollution
SNYK-JS-DUSTJSLINKEDIN-1089257
Yes Proof of Concept
medium severity 526/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.1
Arbitrary Code Injection
SNYK-JS-EJS-1049328
Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Remote Code Execution (RCE)
SNYK-JS-EJS-2803307
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-EXPRESSFILEUPLOAD-473997
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-EXPRESSFILEUPLOAD-595969
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042
Yes No Known Exploit
high severity 584/1000
Why? Has a fix available, CVSS 7.4
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852
Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-INI-1048974
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-JQUERY-174006
Yes Proof of Concept
medium severity 701/1000
Why? Mature exploit, Has a fix available, CVSS 6.3
Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129
Yes Mature
medium severity 711/1000
Why? Mature exploit, Has a fix available, CVSS 6.5
Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880
Yes Mature
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Denial of Service (DoS)
SNYK-JS-JSYAML-173999
Yes No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Arbitrary Code Execution
SNYK-JS-JSYAML-174129
Yes No Known Exploit
high severity 741/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.4
DLL Injection
SNYK-JS-KERBEROS-568900
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-450202
No Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Prototype Pollution
SNYK-JS-LODASH-567746
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-608086
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-73638
No Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540
No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388
No No Known Exploit
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Prototype Pollution
SNYK-JS-MINIMIST-2429795
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MINIMIST-559764
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Directory Traversal
SNYK-JS-MOMENT-2440688
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-MONGODB-473855
Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MONGOOSE-1086688
Yes Proof of Concept
high severity 671/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7
Prototype Pollution
SNYK-JS-MONGOOSE-2961688
Yes Proof of Concept
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Information Exposure
SNYK-JS-MONGOOSE-472486
No No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MPATH-1577289
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-MQUERY-1050858
Yes Proof of Concept
high severity /1000
Why?
Prototype Pollution
SNYK-JS-MQUERY-1089718
Yes Proof of Concept
high severity /1000
Why?
Prototype Pollution
SNYK-JS-NCONF-2395478
No Proof of Concept
high severity /1000
Why?
Server-side Request Forgery (SSRF)
SNYK-JS-NETMASK-1089716
No Proof of Concept
high severity /1000
Why?
Remote Code Execution (RCE)
SNYK-JS-PACRESOLVER-1564857
No Proof of Concept
medium severity /1000
Why?
Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-3023021
No Proof of Concept
medium severity /1000
Why?
Improper Input Validation
SNYK-JS-PARSEURL-3024398
No Proof of Concept
medium severity /1000
Why?
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
No Proof of Concept
medium severity /1000
Why?
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:braces:20180219
Yes Proof of Concept
low severity 354/1000
Why? Has a fix available, CVSS 2.8
Insecure use of /tmp folder
npm:cli:20160615
No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Arbitrary Code Execution
npm:ejs:20161128
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Cross-site Scripting (XSS)
npm:ejs:20161130
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Denial of Service (DoS)
npm:ejs:20161130-1
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908
No No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
npm:hoek:20180212
Yes Proof of Concept
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Cross-site Scripting (XSS)
npm:jquery:20150627
Yes No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
npm:lodash:20180130
No Proof of Concept
high severity 654/1000
Why? Has a fix available, CVSS 8.8
Cross-site Scripting (XSS)
npm:marked:20150520
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Cross-site Scripting (XSS)
npm:marked:20170112
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Cross-site Scripting (XSS)
npm:marked:20170815
No No Known Exploit
medium severity 454/1000
Why? Has a fix available, CVSS 4.8
Cross-site Scripting (XSS)
npm:marked:20170815-1
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:marked:20170907
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:marked:20180225
No Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:mime:20170907
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:minimatch:20160620
No No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Regular Expression Denial of Service (ReDoS)
npm:moment:20161019
No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:moment:20170905
No No Known Exploit
medium severity 641/1000
Why? Mature exploit, Has a fix available, CVSS 5.1
Remote Memory Exposure
npm:mongoose:20160116
No Mature
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616
Yes No Known Exploit
high severity 756/1000
Why? Mature exploit, Has a fix available, CVSS 7.4
Uninitialized Memory Exposure
npm:npmconf:20180512
Yes Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Override Protection Bypass
npm:qs:20170213
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
npm:semver:20150403
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Directory Traversal
npm:st:20140206
No Proof of Concept
medium severity 644/1000
Why? Mature exploit, Has a fix available, CVSS 4.3
Open Redirect
npm:st:20171013
Yes Mature
medium severity 576/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1
Uninitialized Memory Exposure
npm:tunnel-agent:20170305
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @snyk/nodejs-runtime-agent The new version differs by 28 commits.

See the full diff

Package name: adm-zip The new version differs by 84 commits.
  • c5aeed4 Incremented version number
  • 119dcad Fixed path traversal issue GHSL-2020-198
  • 1d22ff6 Merge pull request #341 from 5saviahv/history
  • 492d148 added changelog
  • dd415ae Incremented version
  • 0f011a3 Fixed outFileName
  • bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
  • 92e9836 Updated dev dependency
  • 2b8d9ab Merge pull request #315 from enecciari/work_in_browser
  • 4fe58d1 Merge pull request #322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
  • 49218a4 Merge pull request #327 from kosuke-suzuki/multibyte-comment
  • a7e8932 Merge pull request #331 from 5saviahv/master
  • 7db0eda modified addLocalFolder method
  • e114929 typo
  • dc81063 modified addLocalFile method
  • bc0f594 Deflate needs min V2.0
  • dde4f51 Node v6
  • 003d4cf Added ZipCrypto decrypting ability
  • 63ed6e2 Detect and throw error with encrypted files
  • c64ac14 LICENSE filename in package.json
  • 1a334b2 add multibyte-encoded comment with byte length instead of character length
  • 96d492a Bump lodash from 4.17.15 to 4.17.19
  • b77f380 now it works in browser
  • 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Package name: body-parser The new version differs by 221 commits.

See the full diff

Package name: cfenv The new version differs by 3 commits.
  • fb0a2aa update dependencies, now at version 1.2.4
  • 63e072a version 1.2.3
  • 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: errorhandler The new version differs by 85 commits.

See the full diff

Package name: express The new version differs by 250 commits.
  • f974d22 4.16.0
  • 8d4ceb6 docs: add more information to installation
  • c0136d8 Add express.json and express.urlencoded to parse bodies
  • 86f5df0 deps: serve-static@1.13.0
  • 4196458 deps: send@0.16.0
  • ddeb713 tests: add maxAge option tests for res.sendFile
  • 7154014 Add "escape json" setting for res.json and res.jsonp
  • 628438d deps: update example dependencies
  • a24fd0c Add options to res.download
  • 95fb5cc perf: remove dead .charset set in res.jsonp
  • 44591fe deps: vary@~1.1.2
  • 2df1ad2 Improve error messages when non-function provided as middleware
  • 12c3712 Use safe-buffer for improved Buffer API
  • fa272ed docs: fix typo in jsdoc comment
  • d9d09b8 perf: re-use options object when generating ETags
  • 02a9d5f deps: proxy-addr@~2.0.2
  • c2f4fb5 deps: finalhandler@1.1.0
  • 673d51f deps: utils-merge@1.0.1
  • 5cc761c deps: parseurl@~1.3.2
  • ad7d96d deps: qs@6.5.1
  • e62bb8b deps: etag@~1.8.1
  • 70589c3 deps: content-type@~1.0.4
  • 9a99c15 deps: accepts@~1.3.4
  • 550043c deps: setprototypeof@1.1.0

See the full diff

Package name: express-fileupload The new version differs by 250 commits.

See the full diff

Package name: file-type The new version differs by 218 commits.
  • b5fe3b9 16.5.4
  • d868356 Fix: Malformed MKV could cause an infinite loop
  • 3b08ab1 Upgrade and unlock dependencies
  • c011315 Lock strtok3 dependency
  • 9102f1c Update dependency to token-types v3, supporting BigInt (#465)
  • ac866f9 16.5.1
  • 0012c56 Fix `mimeTypes` TypeScript type (#464)
  • 92f3f50 Meta tweaks
  • 4ea7bff 16.5.0
  • 57ecf2d Add support for JPEG XL image format (#455)
  • 07101ac Remove ASAR 240 bytes of JSON payload length limitation (#453)
  • 3df0ed1 Remove an unnecessary dependency (#458)
  • 1e4e8df 16.4.0
  • 29618c8 Add support for VCF (and fix ICS detection) (#451)
  • 6ab25f3 Add support for XCF (#450)
  • 7021d9a Remove moot check for sync word at odd offsets for MPEG detection (#448)
  • fd1e72c 16.3.0
  • 9319167 Add support for Zstandard compressed file (#439)
  • 2cc0869 Add file type descriptions (#433)
  • 98e6886 16.2.0
  • 9736aa3 Improve PDF / AI (Adobe Illustrator) recognition (#396)
  • 7f95cd2 Add support for 3mf (#415)
  • 579f8cb 16.1.0
  • e43cdc9 Add support for CHM (#424)

See the full diff

Package name: marked The new version differs by 250 commits.
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 🗜️ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • 41990a5 🗜️ build [skip ci]
  • a9696e2 fix: retain line breaks in tokens properly (#2341)
  • 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
  • 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
  • 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
  • 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
  • 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
  • 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
  • 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
  • be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
  • 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
  • 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
  • 59375fb chore(release): 4.0.8 [skip ci]
  • 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • ca7996b chore: release 5.13.15
  • e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
  • a1144dc test: run node 7 tests with upgraded npm re: #12297
  • dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
  • b9e985c test: more strict @ types/node version
  • 4d813fa test: fix @ types/node version in tests re: #12297
  • 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
  • 5eb11dd made function non async
  • 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
  • a2ec28d Merge pull request #11366 from laissonsilveira/5.x
  • 05ce577 Fix broken link from findandmodify method deprecation
  • d2b846f chore: release 5.13.14
  • 69c1f6c docs(models): fix up nModified example for 5.x
  • 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
  • a738440 chore: release 5.13.13
  • 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
  • c3463c4 Merge pull request #10916 from iovanom/gh-1090...

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ACORN-559469
- https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257
- https://snyk.io/vuln/SNYK-JS-EJS-1049328
- https://snyk.io/vuln/SNYK-JS-EJS-2803307
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969
- https://snyk.io/vuln/SNYK-JS-FILETYPE-2958042
- https://snyk.io/vuln/SNYK-JS-HAWK-2808852
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-KERBEROS-568900
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://snyk.io/vuln/SNYK-JS-MQUERY-1050858
- https://snyk.io/vuln/SNYK-JS-MQUERY-1089718
- https://snyk.io/vuln/SNYK-JS-NCONF-2395478
- https://snyk.io/vuln/SNYK-JS-NETMASK-1089716
- https://snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:braces:20180219
- https://snyk.io/vuln/npm:cli:20160615
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:ejs:20161128
- https://snyk.io/vuln/npm:ejs:20161130
- https://snyk.io/vuln/npm:ejs:20161130-1
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:marked:20150520
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170815
- https://snyk.io/vuln/npm:marked:20170815-1
- https://snyk.io/vuln/npm:marked:20170907
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:mongoose:20160116
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:npmconf:20180512
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:semver:20150403
- https://snyk.io/vuln/npm:st:20140206
- https://snyk.io/vuln/npm:st:20171013
- https://snyk.io/vuln/npm:tunnel-agent:20170305


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/npm:hawk:20160119
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20151024
- https://snyk.io/vuln/npm:request:20160119
- https://snyk.io/vuln/npm:tunnel-agent:20170305
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant