Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 63 vulnerabilities #11

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

sanae-snyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 584/1000
Why? Has a fix available, CVSS 7.4
Directory Traversal
SNYK-JS-ADMZIP-1065796
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
high severity 751/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.6
Prototype Pollution
SNYK-JS-DUSTJSLINKEDIN-1089257
Yes Proof of Concept
medium severity 526/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.1
Arbitrary Code Injection
SNYK-JS-EJS-1049328
Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Remote Code Execution (RCE)
SNYK-JS-EJS-2803307
Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-EXPRESSFILEUPLOAD-473997
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-EXPRESSFILEUPLOAD-595969
Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-INI-1048974
Yes Proof of Concept
medium severity 429/1000
Why? Has a fix available, CVSS 4.3
Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088
Yes No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-JQUERY-174006
Yes Proof of Concept
medium severity 701/1000
Why? Mature exploit, Has a fix available, CVSS 6.3
Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129
Yes Mature
medium severity 711/1000
Why? Mature exploit, Has a fix available, CVSS 6.5
Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880
Yes Mature
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
No Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2
Command Injection
SNYK-JS-LODASH-1040724
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-450202
No Proof of Concept
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Prototype Pollution
SNYK-JS-LODASH-567746
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-608086
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-LODASH-73638
No Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4
Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
No Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540
No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Directory Traversal
SNYK-JS-MOMENT-2440688
No No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MONGOOSE-1086688
Yes Proof of Concept
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Information Exposure
SNYK-JS-MONGOOSE-472486
No No Known Exploit
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-MPATH-1577289
Yes Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Prototype Poisoning
SNYK-JS-QS-3153490
No Proof of Concept
high severity 801/1000
Why? Mature exploit, Has a fix available, CVSS 8.3
Prototype Pollution
SNYK-JS-TYPEORM-590152
No Mature
medium severity 596/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.5
Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Prototype Pollution
SNYK-JS-XML2JS-5414874
No Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Prototype Pollution
SNYK-JS-YARGSPARSER-560381
Yes Proof of Concept
low severity 506/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:debug:20170905
No Proof of Concept
high severity 644/1000
Why? Has a fix available, CVSS 8.6
Code Injection
npm:dustjs-linkedin:20160819
No No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Arbitrary Code Execution
npm:ejs:20161128
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Cross-site Scripting (XSS)
npm:ejs:20161130
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Denial of Service (DoS)
npm:ejs:20161130-1
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908
No No Known Exploit
medium severity 484/1000
Why? Has a fix available, CVSS 5.4
Cross-site Scripting (XSS)
npm:jquery:20150627
Yes No Known Exploit
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
Prototype Pollution
npm:lodash:20180130
No Proof of Concept
high severity 654/1000
Why? Has a fix available, CVSS 8.8
Cross-site Scripting (XSS)
npm:marked:20150520
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Cross-site Scripting (XSS)
npm:marked:20170112
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Cross-site Scripting (XSS)
npm:marked:20170815
No No Known Exploit
medium severity 454/1000
Why? Has a fix available, CVSS 4.8
Cross-site Scripting (XSS)
npm:marked:20170815-1
No No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:marked:20170907
No No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:marked:20180225
No Proof of Concept
medium severity 469/1000
Why? Has a fix available, CVSS 5.1
Denial of Service (DoS)
npm:mem:20180117
Yes No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:mime:20170907
Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9
Regular Expression Denial of Service (ReDoS)
npm:moment:20161019
No No Known Exploit
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:moment:20170905
No No Known Exploit
medium severity 641/1000
Why? Mature exploit, Has a fix available, CVSS 5.1
Remote Memory Exposure
npm:mongoose:20160116
No Mature
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
npm:ms:20170412
Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616
Yes No Known Exploit
high severity 756/1000
Why? Mature exploit, Has a fix available, CVSS 7.4
Uninitialized Memory Exposure
npm:npmconf:20180512
Yes Mature
high severity 589/1000
Why? Has a fix available, CVSS 7.5
Prototype Override Protection Bypass
npm:qs:20170213
No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
npm:semver:20150403
Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Directory Traversal
npm:st:20140206
No Proof of Concept
medium severity 644/1000
Why? Mature exploit, Has a fix available, CVSS 4.3
Open Redirect
npm:st:20171013
Yes Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: adm-zip The new version differs by 84 commits.

See the full diff

Package name: body-parser The new version differs by 250 commits.

See the full diff

Package name: cfenv The new version differs by 3 commits.
  • fb0a2aa update dependencies, now at version 1.2.4
  • 63e072a version 1.2.3
  • 02bb92d Issue 45 Remove '.cfignore'

See the full diff

Package name: errorhandler The new version differs by 85 commits.

See the full diff

Package name: express The new version differs by 250 commits.
  • 3d7fce5 4.17.3
  • f906371 build: update example dependencies
  • 6381bc6 deps: qs@6.9.7
  • a007863 deps: body-parser@1.19.2
  • e98f584 Revert "build: use minimatch@3.0.4 for Node.js < 4"
  • a659137 tests: use strict mode
  • a39e409 tests: prevent leaking changes to NODE_ENV
  • 82de4de examples: fix path traversal in downloads example
  • 12310c5 build: use nyc for test coverage
  • 884657d examples: remove bitwise syntax for includes check
  • 7511d08 build: use minimatch@3.0.4 for Node.js < 4
  • 2585f20 tests: fix test missing assertion
  • 9d09762 build: supertest@6.2.2
  • 43cc56e build: clean up gitignore
  • 1c7bbcc build: Node.js@14.19
  • 9cbbc8a deps: cookie@0.4.2
  • 6fbc269 pref: remove unnecessary regexp for trust proxy
  • 2bc734a deps: accepts@~1.3.8
  • 89bb531 docs: fix typo in res.download jsdoc
  • 744564f tests: add test for multiple ips in "trust proxy"
  • da6cb0e tests: add range tests to res.download
  • 00ad5be tests: add more tests for app.request & app.response
  • 141914e tests: fix tests that did not bubble errors
  • bd4fdfe tests: remove global dependency on should

See the full diff

Package name: express-fileupload The new version differs by 250 commits.

See the full diff

Package name: marked The new version differs by 250 commits.
  • ae01170 chore(release): 4.0.10 [skip ci]
  • fceda57 🗜️ build [skip ci]
  • 8f80657 fix(security): fix redos vulnerabilities
  • c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
  • d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
  • 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
  • 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
  • 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
  • ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
  • e5171a9 chore(release): 4.0.9 [skip ci]
  • 41990a5 🗜️ build [skip ci]
  • a9696e2 fix: retain line breaks in tokens properly (#2341)
  • 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
  • 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
  • 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
  • 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
  • 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
  • 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
  • 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
  • be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
  • 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
  • 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
  • 59375fb chore(release): 4.0.8 [skip ci]
  • 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mongoose The new version differs by 250 commits.
  • 07946be chore: release v5.13.9
  • 264554f fix: upgrade to mpath v0.8.4 re: security issue
  • fc5fc7e fix: peg @ types/bson version to 1.x || 4.0.x to avoid stubbed 4.2.x release
  • 1f28237 fix(populate): avoid setting empty array on lean document when populate result is undefined
  • 1dc9b45 style: fix lint
  • 3f7dfc5 fix(document): make `depopulate()` handle populated paths underneath document arrays
  • b34d1d5 fix(index.d.ts): simplify UpdateQuery to avoid "excessively deep and possibly infinite" errors with `extends Document` and `any`
  • 2a3399e docs: another layout fix for 5.x docs
  • 5bf3c29 chore: update makefile again
  • 191678c chore: update makefile re: #10607
  • 776fae9 docs: fix up 5.x docs navbar
  • a803885 test(typescript): add coverage for #10590
  • bf43078 fix(index.d.ts): allow specifying `weights` as an IndexOption
  • cb1e787 chore: release 5.13.8
  • 5c0140c fix(index.d.ts): add `match` to `VirtualTypeOptions.options`
  • 6122f4b docs(api): add `Document#$where` to API docs
  • 2871c1b style: fix lint
  • 8d00f62 Merge pull request #10587 from osmanakol/master
  • 57e729b allow QueryOptions populate parameter use PopulateOptions
  • 6c36263 fix(index.d.ts): allow strings for ObjectIds in nested properties
  • e90aab1 docs(History): make a note about #10555
  • fca0627 style: fix lint
  • 6b92599 fix(populate): handle populating subdoc array virtual with sort
  • 283d43f test(populate): repro #10552

See the full diff

Package name: ms The new version differs by 19 commits.

See the full diff

Package name: tap The new version differs by 250 commits.
  • bc49fb7 15.0.0
  • 4378608 remove publishConfig beta tag
  • 2c2e75f provide mkdirRecursive polyfill for old node versions
  • 8f4c855 correctly specify 10.0.x versions
  • 5e61672 update deps
  • c44c418 Support 10.0 and test in CI
  • dc5c841 tcompare@5.0.4
  • 385b6d2 Add .taprc.yml/yaml handling to change log
  • 4f87466 just run regular test script as snap script
  • 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
  • 564e96f Add detection for .yaml and .yml
  • 75bae93 update cli doc
  • c1289bf 15.0.0-3
  • d6fe32f Do not CI on node 10
  • d2e0428 do not use equals() alias in self-test
  • 3f787c4 tell npm to be colorful in CI
  • 1512818 run tests with color on github actions
  • 4626fa1 Docs: update documentation for tap v15
  • 02d536b libtap@1.0.1
  • f7c7c58 update cli doc
  • 2aa497c 15.0.0-2
  • 8d7f62e Add support for overriding libtap's internal settings
  • 29eed63 new snapshot folder layout
  • 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: validator The new version differs by 114 commits.
  • 47ee5ad 13.7.0
  • 496fc8b fix(rtrim): remove regex to prevent ReDOS attack (#1738)
  • 45901ec Merge pull request #1851 from validatorjs/chore/fix-merge-conflicts
  • 83cb7f8 chore: merge conflict clean-up
  • f17e220 feat(isMobilePhone): add El Salvador es-SV locale
  • 5b06703 feat(isMobilePhone): add Palestine ar-PS locale
  • a3faa83 feat(isMobilePhone): add Botswana en-BW locale
  • 26605f9 feat(isMobilePhone): add Turkmenistan tk-TM
  • 0e5d5d4 feat(isMobilePhone): add Guyana en-GY locale
  • f7ff349 feat(isMobilePhone): add Frech Polynesia fr-PF locale
  • 8627e48 feat(isMobilePhone): add Kiribati en-KI locale
  • ed60123 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
  • c96d805 feat(isMobilePhone): add Maldives dv-MV locale
  • 5c2d69e feat(isMobilePhone): regex for Burkina Faso fr-BF and Namibia en-NA locales
  • fc0fefc feat(isMobilePhone): add Bhutan dz-BT locale (#1770)
  • 01d3da3 feat(isMobilePhone): add Tajikistan tg-TJ locale (#1846)
  • af2b43c feat(isUUID): add support for validation of version v1 and v2 (#1848)
  • 769f6d5 feat(contains): add possibility to check that string contains seed multiple times (#1836)
  • f2381e0 feat: (...

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257
- https://snyk.io/vuln/SNYK-JS-EJS-1049328
- https://snyk.io/vuln/SNYK-JS-EJS-2803307
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969
- https://snyk.io/vuln/SNYK-JS-INI-1048974
- https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MARKED-174116
- https://snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://snyk.io/vuln/SNYK-JS-MARKED-451540
- https://snyk.io/vuln/SNYK-JS-MARKED-584281
- https://snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-TYPEORM-590152
- https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602
- https://snyk.io/vuln/SNYK-JS-XML2JS-5414874
- https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:dustjs-linkedin:20160819
- https://snyk.io/vuln/npm:ejs:20161128
- https://snyk.io/vuln/npm:ejs:20161130
- https://snyk.io/vuln/npm:ejs:20161130-1
- https://snyk.io/vuln/npm:fresh:20170908
- https://snyk.io/vuln/npm:jquery:20150627
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:marked:20150520
- https://snyk.io/vuln/npm:marked:20170112
- https://snyk.io/vuln/npm:marked:20170815
- https://snyk.io/vuln/npm:marked:20170815-1
- https://snyk.io/vuln/npm:marked:20170907
- https://snyk.io/vuln/npm:marked:20180225
- https://snyk.io/vuln/npm:mem:20180117
- https://snyk.io/vuln/npm:mime:20170907
- https://snyk.io/vuln/npm:moment:20161019
- https://snyk.io/vuln/npm:moment:20170905
- https://snyk.io/vuln/npm:mongoose:20160116
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:negotiator:20160616
- https://snyk.io/vuln/npm:npmconf:20180512
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:semver:20150403
- https://snyk.io/vuln/npm:st:20140206
- https://snyk.io/vuln/npm:st:20171013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants