forked from storybookjs/storybook
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Fix for 140 vulnerabilities #472
Open
adrukh
wants to merge
1
commit into
master
Choose a base branch
from
snyk-fix-b5ad4781ad080f8679503ce5416dc502
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-LODASH-608086 - https://snyk.io/vuln/SNYK-JS-LODASH-6139239 - https://snyk.io/vuln/SNYK-JS-LODASH-73638 - https://snyk.io/vuln/SNYK-JS-LODASH-73639 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434283 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434284 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434285 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434286 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434287 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434288 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434289 - https://snyk.io/vuln/SNYK-JS-LODASHES-2434290 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173732 - https://snyk.io/vuln/SNYK-JS-LODASHMERGE-173733 - https://snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054 - https://snyk.io/vuln/SNYK-JS-MACADDRESS-567156 - https://snyk.io/vuln/SNYK-JS-MERGE-72553 - https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728 - https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818 - https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795 - https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 - https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 - https://snyk.io/vuln/SNYK-JS-MOMENT-2440688 - https://snyk.io/vuln/SNYK-JS-MOMENT-2944238 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-2342118 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311 - https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1017036 - https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453 - https://snyk.io/vuln/SNYK-JS-OBJECTPATH-1585658 - https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067 - https://snyk.io/vuln/SNYK-JS-QS-3153490 - https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-72875 - https://snyk.io/vuln/SNYK-JS-REQUEST-3361831 - https://snyk.io/vuln/SNYK-JS-SEMVER-3247795 - https://snyk.io/vuln/SNYK-JS-SETGETTER-1303099 - https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541 - https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 - https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683 - https://snyk.io/vuln/SNYK-JS-SOCKETIO-1024859 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752 - https://snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-3091012 - https://snyk.io/vuln/SNYK-JS-SOCKJS-575261 - https://snyk.io/vuln/SNYK-JS-TAR-1536528 - https://snyk.io/vuln/SNYK-JS-TAR-1536531 - https://snyk.io/vuln/SNYK-JS-TAR-1536758 - https://snyk.io/vuln/SNYK-JS-TAR-1579147 - https://snyk.io/vuln/SNYK-JS-TAR-1579152 - https://snyk.io/vuln/SNYK-JS-TAR-1579155 - https://snyk.io/vuln/SNYK-JS-TAR-174125 - https://snyk.io/vuln/SNYK-JS-TAR-6476909 - https://snyk.io/vuln/SNYK-JS-TARFS-174556 - https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 - https://snyk.io/vuln/SNYK-JS-TRIM-1017038 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471 - https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 - https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984 - https://snyk.io/vuln/SNYK-JS-URLPARSE-1078283 - https://snyk.io/vuln/SNYK-JS-URLPARSE-1533425 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770 - https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697 - https://snyk.io/vuln/SNYK-JS-URLPARSE-543307 - https://snyk.io/vuln/SNYK-JS-URLREGEX-569472 - https://snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623 - https://snyk.io/vuln/SNYK-JS-WS-1296835 - https://snyk.io/vuln/SNYK-JS-WS-7266574 - https://snyk.io/vuln/SNYK-JS-XML2JS-5414874 - https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936 - https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647 - https://snyk.io/vuln/SNYK-JS-Y18N-1021887 - https://snyk.io/vuln/SNYK-JS-HAWK-6969142 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577916 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577917 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-7577918 - https://snyk.io/vuln/npm:serve:20180318 - https://snyk.io/vuln/npm:url-parse:20180731 - https://snyk.io/vuln/npm:ws:20171108 - https://snyk.io/vuln/SNYK-JS-LODASH-567746 - https://snyk.io/vuln/SNYK-JS-BL-608877 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484 - https://snyk.io/vuln/npm:macaddress:20180511 - https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849 - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-ASYNC-2441827 - https://snyk.io/vuln/SNYK-JS-BRACES-6838727 - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749 - https://snyk.io/vuln/SNYK-JS-ES5EXT-6095076 - https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218 - https://snyk.io/vuln/npm:marked:20180225 - https://snyk.io/vuln/npm:sshpk:20180409 - https://snyk.io/vuln/SNYK-JS-INI-1048974 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://snyk.io/vuln/npm:deep-extend:20180409 - https://snyk.io/vuln/SNYK-JS-LODASH-1040724 - https://snyk.io/vuln/npm:is-url:20180319 - https://snyk.io/vuln/SNYK-JS-HTTPPROXY-569139 - https://snyk.io/vuln/npm:stringstream:20180511 - https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922 - https://snyk.io/vuln/SNYK-JS-JSON5-3182856 - https://snyk.io/vuln/SNYK-JS-DECOMPRESS-557358 - https://snyk.io/vuln/SNYK-JS-DOTPROP-543489 - https://snyk.io/vuln/npm:hoek:20180212 - https://snyk.io/vuln/npm:lodash:20180130 - https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116 - https://snyk.io/vuln/SNYK-JS-AJV-584908 - https://snyk.io/vuln/SNYK-JS-JSYAML-174129 - https://snyk.io/vuln/SNYK-JS-BROWSERIFYSIGN-6037026 - https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105 - https://snyk.io/vuln/npm:underscore.string:20170908 - https://snyk.io/vuln/SNYK-JS-COLORSTRING-1082939 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 - https://snyk.io/vuln/SNYK-JS-LODASH-1018905 - https://snyk.io/vuln/npm:ua-parser-js:20180227 - https://snyk.io/vuln/SNYK-JS-HAWK-2808852 - https://snyk.io/vuln/npm:querystringify:20180419 - https://snyk.io/vuln/SNYK-JS-FSTREAM-174725 - https://snyk.io/vuln/npm:extend:20180424 - https://snyk.io/vuln/npm:tunnel-agent:20170305 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899 - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 - https://snyk.io/vuln/SNYK-JS-ELLIPTIC-511941 - https://snyk.io/vuln/SNYK-JS-JPEGJS-570039 - https://snyk.io/vuln/SNYK-JS-JSYAML-173999 - https://snyk.io/vuln/SNYK-JS-KINDOF-537849 - https://snyk.io/vuln/npm:braces:20180219 - https://snyk.io/vuln/npm:clean-css:20180306 - https://snyk.io/vuln/SNYK-JS-GOT-2932019 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992 - https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943 - https://snyk.io/vuln/npm:cryptiles:20180710 - https://snyk.io/vuln/npm:serve:20180123 - https://snyk.io/vuln/npm:ssri:20180214 - https://snyk.io/vuln/npm:mixin-deep:20180215 - https://snyk.io/vuln/npm:mem:20180117 - https://snyk.io/vuln/npm:chownr:20180731 - https://snyk.io/vuln/npm:moment:20170905
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to fix 140 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
docs/package.json
docs/yarn.lock
Note for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/
directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarn
to update the contents of the./yarn/cache
directory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-LODASH-608086
SNYK-JS-LODASH-6139239
SNYK-JS-LODASH-73638
SNYK-JS-LODASH-73639
SNYK-JS-LODASHES-2434283
SNYK-JS-LODASHES-2434284
SNYK-JS-LODASHES-2434285
SNYK-JS-LODASHES-2434286
SNYK-JS-LODASHES-2434287
SNYK-JS-LODASHES-2434288
SNYK-JS-LODASHES-2434289
SNYK-JS-LODASHES-2434290
SNYK-JS-LODASHMERGE-173732
SNYK-JS-LODASHMERGE-173733
SNYK-JS-LODASHTEMPLATE-1088054
SNYK-JS-MACADDRESS-567156
SNYK-JS-MERGE-72553
SNYK-JS-MICROMATCH-6838728
SNYK-JS-MINIMATCH-3050818
SNYK-JS-MINIMIST-2429795
SNYK-JS-MINIMIST-559764
SNYK-JS-MIXINDEEP-450212
SNYK-JS-MOMENT-2440688
SNYK-JS-MOMENT-2944238
SNYK-JS-NODEFETCH-2342118
SNYK-JS-NODEFETCH-674311
SNYK-JS-OBJECTPATH-1017036
SNYK-JS-OBJECTPATH-1569453
SNYK-JS-OBJECTPATH-1585658
SNYK-JS-PATHPARSE-1077067
SNYK-JS-QS-3153490
SNYK-JS-REACTDEVUTILS-72875
SNYK-JS-REQUEST-3361831
SNYK-JS-SEMVER-3247795
SNYK-JS-SETGETTER-1303099
SNYK-JS-SETVALUE-1540541
SNYK-JS-SETVALUE-450213
SNYK-JS-SIMPLEGET-2361683
SNYK-JS-SOCKETIO-1024859
SNYK-JS-SOCKETIOPARSER-1056752
SNYK-JS-SOCKETIOPARSER-3091012
SNYK-JS-SOCKJS-575261
SNYK-JS-TAR-1536528
SNYK-JS-TAR-1536531
SNYK-JS-TAR-1536758
SNYK-JS-TAR-1579147
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-TAR-174125
SNYK-JS-TAR-6476909
SNYK-JS-TARFS-174556
SNYK-JS-TOUGHCOOKIE-5672873
SNYK-JS-TRIM-1017038
SNYK-JS-UAPARSERJS-1023599
SNYK-JS-UAPARSERJS-1072471
SNYK-JS-UAPARSERJS-610226
SNYK-JS-UNDERSCORE-1080984
SNYK-JS-URLPARSE-1078283
SNYK-JS-URLPARSE-1533425
SNYK-JS-URLPARSE-2401205
SNYK-JS-URLPARSE-2407759
SNYK-JS-URLPARSE-2407770
SNYK-JS-URLPARSE-2412697
SNYK-JS-URLPARSE-543307
SNYK-JS-URLREGEX-569472
SNYK-JS-WEBSOCKETEXTENSIONS-570623
SNYK-JS-WS-1296835
SNYK-JS-WS-7266574
SNYK-JS-XML2JS-5414874
SNYK-JS-XMLHTTPREQUESTSSL-1082936
SNYK-JS-XMLHTTPREQUESTSSL-1255647
SNYK-JS-Y18N-1021887
SNYK-JS-HAWK-6969142
SNYK-JS-ELLIPTIC-7577916
SNYK-JS-ELLIPTIC-7577917
SNYK-JS-ELLIPTIC-7577918
npm:serve:20180318
npm:url-parse:20180731
npm:ws:20171108
SNYK-JS-LODASH-567746
SNYK-JS-BL-608877
SNYK-JS-ELLIPTIC-571484
npm:macaddress:20180511
SNYK-JS-ANSIHTML-1296849
SNYK-JS-ANSIREGEX-1583908
SNYK-JS-ASYNC-2441827
SNYK-JS-BRACES-6838727
SNYK-JS-ENGINEIO-1056749
SNYK-JS-ES5EXT-6095076
SNYK-JS-JPEGJS-2859218
npm:marked:20180225
npm:sshpk:20180409
SNYK-JS-INI-1048974
SNYK-JS-LODASH-450202
npm:deep-extend:20180409
SNYK-JS-LODASH-1040724
npm:is-url:20180319
SNYK-JS-HTTPPROXY-569139
npm:stringstream:20180511
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-JSON5-3182856
SNYK-JS-DECOMPRESS-557358
SNYK-JS-DOTPROP-543489
npm:hoek:20180212
npm:lodash:20180130
SNYK-JS-INFLIGHT-6095116
SNYK-JS-AJV-584908
SNYK-JS-JSYAML-174129
SNYK-JS-BROWSERIFYSIGN-6037026
SNYK-JS-ENGINEIO-3136336
SNYK-JS-LOADERUTILS-3043105
npm:underscore.string:20170908
SNYK-JS-COLORSTRING-1082939
SNYK-JS-GLOBPARENT-1016905
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-LODASH-1018905
npm:ua-parser-js:20180227
SNYK-JS-HAWK-2808852
npm:querystringify:20180419
SNYK-JS-FSTREAM-174725
npm:extend:20180424
npm:tunnel-agent:20170305
SNYK-JS-ELLIPTIC-1064899
SNYK-JS-EXPRESS-6474509
SNYK-JS-ELLIPTIC-511941
SNYK-JS-JPEGJS-570039
SNYK-JS-JSYAML-173999
SNYK-JS-KINDOF-537849
npm:braces:20180219
npm:clean-css:20180306
SNYK-JS-GOT-2932019
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-LOADERUTILS-3105943
npm:cryptiles:20180710
npm:serve:20180123
npm:ssri:20180214
npm:mixin-deep:20180215
npm:mem:20180117
npm:chownr:20180731
npm:moment:20170905
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cryptographic Issues
🦉 More lessons are available in Snyk Learn
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@storybook/react","from":"3.3.15","to":"7.0.0"},{"name":"gatsby","from":"1.9.232","to":"5.4.0"},{"name":"gatsby-plugin-sharp","from":"1.6.41","to":"5.12.1"},{"name":"gatsby-remark-copy-linked-files","from":"1.5.30","to":"3.1.0"},{"name":"gatsby-remark-images","from":"1.5.56","to":"4.1.0"},{"name":"gatsby-source-filesystem","from":"1.5.27","to":"2.0.1"},{"name":"gatsby-transformer-remark","from":"1.7.36","to":"5.7.0"},{"name":"gh-pages","from":"1.1.0","to":"5.0.0"},{"name":"prop-types","from":"15.6.1","to":"15.6.2"},{"name":"react","from":"15.6.2","to":"16.0.0"},{"name":"react-dom","from":"15.6.2","to":"16.5.0"},{"name":"sitemap","from":"1.13.0","to":"2.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIHTML-1296849","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIHTML-1296849","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ANSIREGEX-1583908","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BL-608877","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BL-608877","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"npm:braces:20180219","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BRACES-6838727","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"Proof of Concept","id":"npm:braces:20180219","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"npm:braces:20180219","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-COLORSTRING-1082939","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-COLORSTRING-1082939","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-DECOMPRESS-557358","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write via Archive Extraction (Zip Slip)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-DECOMPRESS-557358","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write via Archive Extraction (Zip Slip)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-DOTPROP-543489","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-DOTPROP-543489","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-1064899","priority_score":554,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-511941","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Timing Attack"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577916","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577917","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577918","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-1064899","priority_score":554,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-511941","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Timing Attack"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577916","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577917","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577918","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-1064899","priority_score":554,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-511941","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Timing Attack"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577916","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577917","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577918","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-1064899","priority_score":554,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cryptographic Issues"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ELLIPTIC-511941","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Timing Attack"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577916","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577917","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ELLIPTIC-7577918","priority_score":776,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.1","score":455},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ENGINEIO-1056749","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ENGINEIO-3136336","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-6474509","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-6474509","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FSTREAM-174725","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FSTREAM-174725","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FSTREAM-174725","priority_score":579,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-GLOBPARENT-1016905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-GOT-2932019","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-HAWK-2808852","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HAWK-6969142","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Authentication Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-HAWK-2808852","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"t...