[Snyk] Fix for 10 vulnerabilities
Snyk has created this PR to fix 10 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
-
package.json -
package-lock.json
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
| Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462 |
786 | |
| Prototype Pollution SNYK-JS-LODASH-567746 |
731 | |
| Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
696 | |
| Code Injection SNYK-JS-LODASH-1040724 |
681 | |
| Prototype Pollution SNYK-JS-JSON5-3182856 |
641 | |
| Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
586 | |
| Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067 |
586 | |
| Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289 |
559 | |
| Prototype Pollution SNYK-JS-MINIMIST-2429795 |
506 | |
| Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-5777726 |
399 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 Code Injection
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"cwe-sdk","from":"1.1.8","to":"1.1.17"},{"name":"nyc","from":"15.1.0","to":"17.0.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FASTXMLPARSER-5777726","priority_score":399,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-FASTXMLPARSER-7573289","priority_score":559,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.9","score":345},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-JSON5-3182856","priority_score":641,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1018905","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-1040724","priority_score":681,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Code Injection"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-PATHPARSE-1077067","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"b0af5d65-a353-47c7-b146-ed9c65bf970b","prPublicId":"b0af5d65-a353-47c7-b146-ed9c65bf970b","packageManager":"npm","priorityScoreList":[786,399,559,641,586,681,731,506,586,696],"projectPublicId":"70dcc4f6-987a-4389-a700-04bf4bb8e786","projectUrl":"https://app.snyk.io/org/lirantal/project/70dcc4f6-987a-4389-a700-04bf4bb8e786?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-FASTXMLPARSER-5777726","SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-JSON5-3182856","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-567746","SNYK-JS-MINIMIST-2429795","SNYK-JS-PATHPARSE-1077067","SNYK-JS-SEMVER-3247795"],"vulns":["SNYK-JS-BABELTRAVERSE-5962462","SNYK-JS-FASTXMLPARSER-5777726","SNYK-JS-FASTXMLPARSER-7573289","SNYK-JS-JSON5-3182856","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-567746","SNYK-JS-MINIMIST-2429795","SNYK-JS-PATHPARSE-1077067","SNYK-JS-SEMVER-3247795"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'