Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk-local] Fix for 5 vulnerabilities #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

@snyk-bot snyk-bot commented Nov 3, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity Prototype Pollution
SNYK-JS-DUSTJSLINKEDIN-1089257
Yes Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MPATH-1577289
No Proof of Concept
high severity Remote Code Execution (RCE)
SNYK-JS-PACRESOLVER-1564857
No Proof of Concept
high severity Command Injection
SNYK-JS-SSH2-1656673
No No Known Exploit
Commit messages
Package name: dustjs-linkedin The new version differs by 29 commits.

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • 07946be chore: release v5.13.9
  • 264554f fix: upgrade to mpath v0.8.4 re: security issue
  • fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
  • 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
  • 1dc9b45 style: fix lint
  • 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
  • b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
  • 2a3399e docs: another layout fix for 5.x docs
  • 5bf3c29 chore: update makefile again
  • 191678c chore: update makefile re: #10607
  • 776fae9 docs: fix up 5.x docs navbar
  • a803885 test(typescript): add coverage for #10590
  • bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
  • cb1e787 chore: release 5.13.8
  • 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
  • 6122f4b docs(api): add `Document#$where` to API docs
  • 2871c1b style: fix lint
  • 8d00f62 Merge pull request #10587 from osmanakol/master
  • 57e729b allow QueryOptions populate parameter use PopulateOptions
  • 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
  • e90aab1 docs(History): make a note about #10555
  • fca0627 style: fix lint
  • 6b92599 fix(populate): handle populating subdoc array virtual with sort
  • 283d43f test(populate): repro #10552

See the full diff

Package name: snyk The new version differs by 250 commits.
  • 4cc1a94 Merge pull request #2105 from snyk/feat/webpack
  • 7737f75 Merge pull request #2181 from snyk/test/migrate-old-snyk-format
  • 418e6ad Merge pull request #2180 from snyk/test/migrate-is-docker
  • 95631e7 test: migrate is-docker to jest
  • babe22a test: migrate old-snyk-format to jest
  • e22e94f feat: Snyk CLI is bundled with Webpack
  • dd46c19 Merge pull request #2175 from snyk/fix/snyk-protect-multiple
  • e7c314f Merge pull request #2178 from snyk/test/server-close
  • 5e824c0 fix(protect): skip previously patched files
  • ca2177a fix(protect): catch and log unexpected errors
  • c9ddb44 chore(protect): move api url warnings to stderr
  • e8fed38 refactor(protect): move stdout logs to top level
  • 55e88f9 Merge pull request #2177 from snyk/test/set-jest-acceptance-timeout
  • 1522c5f test: server.close uses callbacks, not promises
  • 13dce51 test: increase timeout for slow oauth test
  • 65c35be Merge pull request #2172 from snyk/chore/no-run-test-on-master
  • a1e3992 chore: don't run tests on master
  • 20feb67 Merge pull request #2165 from snyk/chore/dont-wait-for-regression-tests
  • f50bca7 Merge pull request #2167 from snyk/refactor/replace-cc-parser-with-split-functions
  • 1ed7d11 refactor: replace cc parser with split functions
  • 707801d Merge pull request #2166 from snyk/fix/support_quotes_in_poetry_toml
  • dc6b784 Merge pull request #2163 from snyk/chore/remove-store-test-results
  • 7973015 fix: support quoted keys in inline tables
  • 18f0d2a Merge pull request #2164 from snyk/chore/upgrade-snyk-nuget-plugin

See the full diff

Package name: tap The new version differs by 250 commits.
  • bc49fb7 15.0.0
  • 4378608 remove publishConfig beta tag
  • 2c2e75f provide mkdirRecursive polyfill for old node versions
  • 8f4c855 correctly specify 10.0.x versions
  • 5e61672 update deps
  • c44c418 Support 10.0 and test in CI
  • dc5c841 tcompare@5.0.4
  • 385b6d2 Add .taprc.yml/yaml handling to change log
  • 4f87466 just run regular test script as snap script
  • 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
  • 564e96f Add detection for .yaml and .yml
  • 75bae93 update cli doc
  • c1289bf 15.0.0-3
  • d6fe32f Do not CI on node 10
  • d2e0428 do not use equals() alias in self-test
  • 3f787c4 tell npm to be colorful in CI
  • 1512818 run tests with color on github actions
  • 4626fa1 Docs: update documentation for tap v15
  • 02d536b libtap@1.0.1
  • f7c7c58 update cli doc
  • 2aa497c 15.0.0-2
  • 8d7f62e Add support for overriding libtap's internal settings
  • 29eed63 new snapshot folder layout
  • 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade:
- http://localhost:8000/vuln/SNYK-JS-ANSIREGEX-1583908
- http://localhost:8000/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257
- http://localhost:8000/vuln/SNYK-JS-MPATH-1577289
- http://localhost:8000/vuln/SNYK-JS-PACRESOLVER-1564857
- http://localhost:8000/vuln/SNYK-JS-SSH2-1656673
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant