Skip to content
This repository has been archived by the owner on Dec 17, 2024. It is now read-only.

[Snyk] Fix for 23 vulnerabilities #5

Closed
wants to merge 1 commit into from
Closed

[Snyk] Fix for 23 vulnerabilities #5

wants to merge 1 commit into from

Conversation

svcsnyksanity
Copy link

snyk-top-banner

Snyk has created this PR to fix 23 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827		   696  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		   696  
high severity Code Injection
SNYK-JS-LODASH-1040724		   681  
high severity Improper Privilege Management
SNYK-JS-SHELLJS-2332187		   676  
medium severity Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909		   646  
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		   631  
medium severity Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		   596  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835		   586  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		   525  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		   514  
medium severity Arbitrary File Overwrite
SNYK-JS-TAR-1536528		   514  
medium severity Arbitrary File Overwrite
SNYK-JS-TAR-1536531		   514  
medium severity Arbitrary File Write
SNYK-JS-TAR-1579147		   514  
medium severity Arbitrary File Write
SNYK-JS-TAR-1579152		   514  
medium severity Arbitrary File Write
SNYK-JS-TAR-1579155		   514  
medium severity Timing Attack
SNYK-JS-JOSE-1251487		   509  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		   506  
medium severity Open Redirect
SNYK-JS-GOT-2932019		   484  
medium severity Denial of Service (DoS)
SNYK-JS-JOSE-3018688		   479  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		   479  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Open Redirect
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@kubernetes/client-node","from":"0.12.3","to":"0.21.0"},{"name":"@snyk/dep-graph","from":"1.21.0","to":"1.23.1"},{"name":"snyk-config","from":"4.0.0","to":"5.2.0"},{"name":"snyk-docker-plugin","from":"4.13.0","to":"6.5.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ASYNC-2441827","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-GOT-2932019","priority_score":484,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.4","score":270},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JOSE-1251487","priority_score":509,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.9","score":295},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Timing Attack"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JOSE-3018688","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Denial of Service (DoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MINIMATCH-3050818","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SHELLJS-2332187","priority_score":676,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.1","score":355},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Privilege Management"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1536528","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Overwrite"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1536531","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Overwrite"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1536758","priority_score":525,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1579147","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1579152","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-TAR-1579155","priority_score":514,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"severity","label":"medium","score":300},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary File Write"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-UNDERSCORE-1080984","priority_score":596,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Arbitrary Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-WS-1296835","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"a7ebf2dd-9aba-4f98-ab24-b95a7d82c183","prPublicId":"a7ebf2dd-9aba-4f98-ab24-b95a7d82c183","packageManager":"npm","priorityScoreList":[696,484,586,631,509,479,586,681,479,506,514,586,696,676,514,514,525,514,514,514,646,596,586],"projectPublicId":"0257d1e3-1dc6-4163-a1a1-b7c5164ad440","projectUrl":"https://app.snyk.io/org/frontend-6c4/project/0257d1e3-1dc6-4163-a1a1-b7c5164ad440?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pr-warning-shown","priorityScore"],"type":"auto","upgrade":["SNYK-JS-ASYNC-2441827","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-INFLIGHT-6095116","SNYK-JS-JOSE-1251487","SNYK-JS-JOSE-3018688","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MINIMATCH-3050818","SNYK-JS-MINIMIST-2429795","SNYK-JS-NORMALIZEURL-1296539","SNYK-JS-PATHPARSE-1077067","SNYK-JS-SEMVER-3247795","SNYK-JS-SHELLJS-2332187","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-TAR-6476909","SNYK-JS-UNDERSCORE-1080984","SNYK-JS-WS-1296835"],"vulns":["SNYK-JS-ASYNC-2441827","SNYK-JS-GOT-2932019","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-INFLIGHT-6095116","SNYK-JS-JOSE-1251487","SNYK-JS-JOSE-3018688","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-MINIMATCH-3050818","SNYK-JS-MINIMIST-2429795","SNYK-JS-NORMALIZEURL-1296539","SNYK-JS-PATHPARSE-1077067","SNYK-JS-SEMVER-3247795","SNYK-JS-SHELLJS-2332187","SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1536758","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-TAR-6476909","SNYK-JS-UNDERSCORE-1080984","SNYK-JS-WS-1296835"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'

@snyk-bot
fix: package.json to reduce vulnerabilities
a77a259 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-SHELLJS-2332187
- https://snyk.io/vuln/SNYK-JS-TAR-6476909
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-JOSE-1251487
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-JOSE-3018688
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
@joshbrand joshbrand closed this Dec 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@svcsnyksanity @joshbrand @snyk-bot