Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 16 vulnerabilities #42

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 16 vulnerabilities #42

wants to merge 1 commit into from

Conversation

ops-sandy
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 No Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-NEDB-1305279		 Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Arbitrary Code Injection
SNYK-JS-OPEN-174041		 No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5		 Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 No Proof of Concept
high severity 741/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.4		 Arbitrary Command Injection
npm:open:20180512		 No Proof of Concept
low severity 324/1000
Why? Has a fix available, CVSS 2.2		 Uninitialized Memory Exposure
npm:utile:20180614		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: bcrypt The new version differs by 19 commits.
  • 2f124bd Fix artifact upload path
  • 10eacf5 Prepare v5.0.1
  • 6eacfe1 Merge pull request #856 from kelektiv/update-deps
  • feb477c Update node-pre-gyp to 1.0.0
  • 42c8b0c Merge pull request #852 from kelektiv/update-deps
  • bafefc3 Update packages
  • 7c5d8df Merge pull request #851 from recrsn/node-15-ci
  • 1ba55f9 Add Node 15 to CI
  • 19c06c1 Update Node version compatibility info
  • 09cb4fc Merge pull request #825 from dogon11/patch-1
  • 2821c03 Merge pull request #811 from techhead/use_buffers
  • 63c8403 Merge pull request #838 from alete89/docs/improve-hash-info
  • 984ef18 remove reference to $2y$ algo identifier
  • 630c897 fixes: #828
  • 0f93284 README.md typo fix
  • 4125ebc Update README.md
  • f503e57 Create SECURITY.md
  • f158e6e Allow optional use of Node Buffers.
  • 8866277 Deploy on any travis tag

See the full diff

Package name: sails The new version differs by 250 commits.
  • e46c83b 1.5.1
  • 023319e Update version of prompt to 1.2.1 (#7202)
  • ed349a1 Add note about supported versions of Postgres
  • 15b43ff Merge pull request #7181 from balderdashy/update-upgrading-to-1.0-docs
  • 39e34cd Update To1.0.md
  • 9c821ec Add note about undefined attributes
  • 799f2c0 Update README.md
  • 2533f67 Fix broken link in docs
  • ead0403 1.5.0
  • 6199f96 Merge pull request #7172 from ElizabethForest/master
  • 4bc6054 Merge pull request #7176 from sailscastshq/docs-typo-fix
  • 71844d4 fix: correct misspelt waterline
  • 780864e Merge pull request #7175 from jarodccrowe/master
  • 72609ac going over this PR with @ mikermcneil
  • b2bcf39 Add documentation regarding a breaking change in SSL connection syntax
  • 384e796 Merge pull request #7174 from eltociear/patch-1
  • 4a081c7 Fix typo in sails-run.js
  • 8c9012c Restore Construction Type
  • 869c0f3 disable no-unused-vars check
  • 9747d06 add handleConstructingSessionStore to allow for more flexibility
  • 0ad5947 Fix tests - avoid having mongo cause issues for later tests
  • cc0820b support connect-mongo v4
  • f399a2a Merge pull request #7158 from zsteinkamp/patch-1
  • 1b1ca7c Small text correction

See the full diff

Package name: sails-disk The new version differs by 25 commits.

See the full diff

Package name: sails-mysql The new version differs by 8 commits.
  • 962ab29 3.0.0
  • b78d563 Merge pull request #361 from balderdashy/update-machinepack-mysql
  • 706bf0d Update node versions in travis.yml
  • 58850c2 Update package.json
  • c980c20 2.0.0
  • fbceafd Merge pull request #359 from balderdashy/upgrade-machinepack-mysql-dependency
  • 025e80c update node versions in appveyor
  • baba304 machinepack-mysql ^3.1.0 -> ^4.0.0

See the full diff

Package name: sails-postgresql The new version differs by 30 commits.
  • af28689 5.0.0
  • dd707b5 Merge pull request #295 from balderdashy/upgrade-machinepack
  • af2c6f6 test - Update travis config
  • 65e51bf Revert "update travis config"
  • dfd2ab7 update travis config
  • 43e03ea update node versions in Travis tests
  • 2e1abbf machinepack-postgresql 4.0.0
  • 2b1ceb9 4.0.0
  • df00256 Merge pull request #293 from balderdashy/check-for-invalid-columnName
  • a35741e 3.0.0
  • 394a6b3 Merge pull request #292 from balderdashy/upgrade-machinepack-postgresql-dependency
  • c37478f update check to look for double underscores
  • ab57dc1 Update build-schema.js
  • a34d3ef Update build-schema.js
  • 41e018d machinepack-postgresql ^2.0.0 -> ^3.0.0
  • fb9aaf2 Merge pull request #291 from balderdashy/update-troubleshooting-tips
  • 2bee4af Update spawn-connection.js
  • 0077052 Update spawn-connection.js
  • 031f2f3 2.0.0
  • 650116b Merge pull request #288 from balderdashy/pg-upgrade-fixes
  • 37833fd Remove logs
  • cb89450 Move log so it's actually in the right place
  • b072e13 Temporarily add some logs, just to double-check
  • d86b470 Update tests to no longer use `availableObjectsCount()`

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 Arbitrary Code Injection

@snyk-bot
fix: package.json to reduce vulnerabilities
ad270f6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-NEDB-1305279
- https://snyk.io/vuln/SNYK-JS-OPEN-174041
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:open:20180512
- https://snyk.io/vuln/npm:utile:20180614
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ops-sandy @snyk-bot