[Snyk] Fix for 23 vulnerabilities

[Shimizu-Kanaden-sys]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
• package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	574/1000 Why? Has a fix available, CVSS 7.2	Use of Weak Hash SNYK-JS-CRYPTOJS-6028119	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-DOTTIE-3332763	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	No	No Known Exploit
	519/1000 Why? Has a fix available, CVSS 6.1	Open Redirect SNYK-JS-EXPRESS-6474509	No	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Authorization Bypass SNYK-JS-EXPRESSJWT-575022	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Directory Traversal SNYK-JS-GRUNT-2635969	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Race Condition SNYK-JS-GRUNT-2813632	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	Yes	Proof of Concept
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SANITIZEHTML-6256334	No	Proof of Concept
	564/1000 Why? Has a fix available, CVSS 7	SQL Injection SNYK-JS-SEQUELIZE-2959225	No	No Known Exploit
	629/1000 Why? Has a fix available, CVSS 8.3	Improper Filtering of Special Elements SNYK-JS-SEQUELIZE-3324088	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-SEQUELIZE-3324089	No	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Access of Resource Using Incompatible Type ('Type Confusion') SNYK-JS-SEQUELIZE-3324090	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 16 commits.

• 424dadd 1.19.2
• 11248a2 deps: [email protected]
• 7a088eb build: [email protected]
• ecedf31 build: [email protected]
• b6bfabd build: [email protected]
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: [email protected]
• 70560b1 build: [email protected]
• 548a06f build: [email protected]
• 3b00678 deps: [email protected]
• d5acb61 build: [email protected]
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: [email protected]
• c631b58 build: [email protected]
• c81a8e2 build: [email protected]
• 3c4dcb8 build: [email protected]

See the full diff

Package name: dottie

The new version differs by 6 commits.

• e0c8bae 2.0.4
• 7d3aee1 rudimentary __proto__ guarding
• b48e227 add github action to run tests
• 001ca40 2.0.3
• dbf26a6 Setting a null value should convert it to object ([Snyk] Security upgrade @angular-devkit/build-angular from 16.2.13 to 17.0.0 #37)
• b581120 added power support arch ppc64le on yml file. ([Snyk] Fix for 4 vulnerabilities #35)

See the full diff

Package name: express

The new version differs by 166 commits.

• b28db2c 4.19.2
• 0b74695 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks fixes #5554 #5555
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• 4ee853e docs: loosen TC activity rules
• 414854b docs: nominating @ wesleytodd to be project captian
• 06c6b88 docs: update release date
• 1b51eda 4.18.3
• b625132 build: pin Node 21.x to minor
• e3eca80 build: pin Node 21.x to minor
• 23b44b3 build: support Node.js 21.6.2
• b9fea12 build: support Node.js 21.x in appveyor
• c259c34 build: support Node.js 21.x
• fdeb1d3 build: support Node.js 20.x in appveyor
• 734b281 build: support Node.js 20.x
• 0e3ab6e examples: improve view count in cookie-sessions
• 59af63a build: [email protected]
• e720c5a docs: add documentation for benchmarks

See the full diff

Package name: express-jwt

The new version differs by 186 commits.

• c69a0e4 update changelog
• 2157954 8.0.0
• d8ffa02 upgrade jsonwebtoken to v9
• c555b48 Merge pull request Add "2 Hour Hacking: Juice Shop" in LA juice-shop/juice-shop#306 from auth0/SRE-57-Upload-opslevel-yaml
• 172d07c 7.7.7
• f79b001 7.7.6
• 076b3dc remove types for express-unless and update it. closes Feature: Add refresh button to score-board. juice-shop/juice-shop#307
• 0c87c3a Upload OpsLevel YAML
• f0e41d6 Fix misspelled word in readme
• 45ba2e0 7.7.5
• 139aa05 update express-unless
• 2f99e2d 7.7.4
• 2242f01 update express-unless
• eb50853 update changelog
• c30feb4 7.7.3
• c583fdd Merge branch 'ItzRabbs-master'
• 9ccf0cf Remove esModuleInterop and fix assert import in tests
• e1fe1d2 Fix tsc build error for express-unless
• 7c1fb33 7.7.2
• 6c87fe4 fix instaceof comparison for UnauthorizedError. closes Test suites will not always run for #277 customized app juice-shop/juice-shop#292
• b1344fa update changelog
• c5f00ea 7.7.1
• 7a02ca7 fix readme and package-lock
• f3f5af5 build(deps): required runtime types

See the full diff

Package name: glob

The new version differs by 114 commits.

• a68703e 9.0.0
• 58159ca test: cwd can be a url
• a547a9c more docs
• 42a3ac7 link to bash manual for Pattern Matching
• 474172d update readme with cwd URL support
• ad3904d update readme with posix class support
• b22fc7d [email protected]
• cdd1627 update all the things, remove unused mkdirp types
• 75c6416 Merge branch 'v9'
• fa0cd77 cwd can be a file:// url
• d03ed0a typedoc github action
• 9a5a45a put bench results in readme
• 20b2f88 docs, fix benchmark script
• 4829c88 upgrade ci actions
• 5cbacdd [email protected]
• 210310b omit symlinks on windows
• d34c8d5 full test coverage, clean up signals and remove extranous code
• 5f21b46 adding lots of tests, clean up types
• b12e6ba slashes on nodir test
• 75f74b0 more windows test slashes
• 3aa1abd more windows test affordances
• 3e68a7b some windows test affordances
• 8c2e082 feature complete and tests passing
• c3be35a correct ** vs ./** behavior

See the full diff

Package name: grunt

The new version differs by 36 commits.

• 8372e11 1.6.1
• 72f6f03 Changelog updates
• 8d4c183 Merge pull request Facing DatabaseError [SequelizeDatabaseError]: SQLITE_ERROR: no such table: Wallets , while doing npm start after npm install. Also tried changing access rights but got similar error.[🐛]  juice-shop/juice-shop#1755 from gruntjs/rm-dep
• 1c7d483 Add recursive
• 2d4fd38 Merge pull request New Crowdin updates juice-shop/juice-shop#1756 from gruntjs/downgrade-glob
• 902db7c Downgrade glob
• 494f243 Fix syntax
• b01389e remove mkdirp
• 0072510 remove dep on rimraf and mkdirp
• 0afeb5c 1.6.0
• 2805dc3 Merge pull request [🐛] Version 13.1.0 does not work on ARM-based systems (rPi, Mac M1, ...) juice-shop/juice-shop#1750 from gruntjs/dep-update-jan28
• 3f1e423 README updates
• 8fd096d Bump to 16
• 42c5f95 Update more deps
• 1d88050 Bump eslint and node version
• 82d79b8 1.5.3
• 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
• 58016ff Patch up race condition in symlink copying.
• 0749e1d Merge pull request Bug/code injection juice-shop/juice-shop#1746 from JamieSlome/patch-1
• 69b7c50 Create SECURITY.md
• ac667b2 1.5.2
• 7f15fd5 Update Changelog
• b0ec6e1 Merge pull request Fix error rendering bug in 'Change Password' form juice-shop/juice-shop#1743 from gruntjs/cleanup-link
• 433f91b Clean up link handling

See the full diff

Package name: jsonwebtoken

The new version differs by 250 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (Update sequelize to the latest version 🚀 juice-shop/juice-shop#861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning (Duplicate solves of the Error Handling Challenge juice-shop/juice-shop#856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (Update helmet to the latest version 🚀 juice-shop/juice-shop#852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (Added text2png for Strong Captcha juice-shop/juice-shop#851)
• 7e6a86b Upload OpsLevel YAML (Update otplib to the latest version 🚀 juice-shop/juice-shop#849)
• 74d5719 docs: update references vercel/ms references (Pastebin-related challenges juice-shop/juice-shop#770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (New Crowdin translations juice-shop/juice-shop#754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (Update multer to the latest version 🚀 juice-shop/juice-shop#704)
• 88cb9df Replace tilde-indexOf with includes (Amend typo juice-shop/juice-shop#647)
• a6235fa Adds not to README on decoded payload validation (New Crowdin translations juice-shop/juice-shop#646)
• 5ed1f06 docs: fix tiny style change in readme (Added tests for Services and changed browser for tests. juice-shop/juice-shop#622)
• 9fb90ca style: add missing semicolon (Un-Solve challenges juice-shop/juice-shop#641)
• a9e38b8 ci: use circleci (Prepared Administration Component and replaced star rating. juice-shop/juice-shop#589)
• 7f1f8b4 8.5.1
• e5874ae fix: ensure correct PS signing and verification (Update nyc to the latest version 🚀 juice-shop/juice-shop#585)
• 84e03ef README: fix markdown for algorithms table
• 1c0de55 8.5.0
• eefb9d9 feat: add PS JWA support for applicable node versions (Fixes for code consistency in tracking order juice-shop/juice-shop#573)
• 8737789 Add complete option in jwt.verify (New Crowdin translations juice-shop/juice-shop#522)
• 7b60c12 Force use_strict during testing (Nosql challenge Tier 3 juice-shop/juice-shop#577)

See the full diff

Package name: sanitize-html

The new version differs by 199 commits.

• 4a7d7dd Merge pull request Revert 653 revert 650 greenkeeper/config 1.31.0 juice-shop/juice-shop#654 from apostrophecms/release-2.12.1
• f8e02be release 2.12.1
• c5dbdf7 Merge pull request Update config to the latest version 🚀 juice-shop/juice-shop#650 from dylanarmstrong/fix/ignore-source-maps
• 5a5a74e Merge pull request Rebase to master juice-shop/juice-shop#652 from apostrophecms/add-thanks-to-changelog
• ee71ff0 Add community contribution thanks you
• a226fe7 Merge pull request JWT alg="none" challenge needs updating juice-shop/juice-shop#651 from apostrophecms/release-2.12.0
• ff18600 release 2.12.0
• 1e2294c test: added test for postcss map
• c376501 doc: update changelog
• 075499d fix: ignore source maps when processing with postcss
• eb932f8 Merge pull request New Crowdin translations juice-shop/juice-shop#646 from gkumar9891/allow-svg-element
• 31def35 changes to documentation
• b268d15 changes in documentation
• 54a6ac2 allow svg element
• c52a9f0 Merge pull request Angular UI - Glitch and TODO collection juice-shop/juice-shop#634 from zhna123/empty-alt
• 2c7ac45 Added more tests and modified CHANGELOG
• 4f6cea6 Added 'allowedEmptyAttributes' option and kept empty 'alt' value by default.
• cb6efe1 Merge pull request Replace bootswatch based theming juice-shop/juice-shop#628 from alfreema/patch-1
• 9856e7b Delete .circleci directory
• 1bde207 Update README.md - Remove circleci reference
• b3400f2 Update README.md
• c4491ea Merge pull request Added tests for basket component and added socket.io juice-shop/juice-shop#625 from apostrophecms/2.11.0
• 7bd3e3f release 2.11.0
• 6c0e5fe thank you

See the full diff

Package name: sequelize

The new version differs by 42 commits.

• d3f5b5a feat: throw an error if attribute includes parentheses (fixes CVE-2023-22578) (#15710)
• 53bd9b7 meta: fix null test getWhereConditions (#15705)
• 13f2e89 fix: accept undefined in where (#15703)
• d9e0728 fix: throw if where receives an invalid value (#15699)
• 48d6193 fix: update moment-timezone version (#15685)
• fd4afa6 feat(types): use retry-as-promised types for retry options to match documentation (#15484)
• 1247c01 feat: add support for bigints (backport of #14485) (#15413)
• 94beace feat(postgres): add support for lock_timeout [#15345] (#15355)
• 7885000 fix(oracle): remove hardcoded maxRows value (#15323)
• bc39fd6 fix: fix parameters not being replaced when after $$ strings (#15307)
• a205765 fix(postgres): invalidate connection after client-side timeout (#15283)
• 67e69cd fix: remove options.model overwrite on bulkUpdate (#15252)
• 00c6da3 fix(types): add instance.dataValues property to model.d.ts (#15240)
• bf98d7c meta: swap Slack links (#15159)
• 7990095 fix: don't treat \ as escape in standard strings, support E-strings, support vars after ->> operator, treat lowercase e as valid e-string prefix (#15139)
• 851daaf fix(types): fix TS 4.9 excessive depth error on `InferAttributes` (v6) (#15135)
• 9dd93b8 fix(types): expose legacy "types" folder in export alias ( #15123)
• 06ad05d feat(oracle): add support for `dialectOptions.connectString` (#15042)
• a44772e feat(snowflake): Add support for `QueryGenerator#tableExistsQuery` (#15087)
• 55051d0 docs: add missing ssl options for sequelize instance (v6) (#15049)
• 5c88734 docs(model): Added paranoid option for Model.BelongsToMany.through (#15065)
• 7203b66 fix(postgres): add custom order direction to subQuery ordering with minified alias (#15056)
• 5f621d7 fix(oracle): add support for Oracle DB 18c CI (#15016)
• 3468378 feat(types): add typescript 4.8 compatibility (#14990)

See the full diff

Package name: socket.io

The new version differs by 84 commits.

• f8a66fd chore(release): 3.0.5
• 752dfe3 chore: bump debug version
• bf54327 revert: restore the socket middleware functionality
• 170b739 fix: properly clear timeout on connection failure
• 230cd19 chore: bump dependencies
• a0a3481 test: fix random test failure
• f773b48 chore: update GitHub issue templates
• 292d62e docs(examples): update TypeScript example
• 178e899 docs(examples): add Angular TodoMVC + Socket.IO example
• d1bfe40 refactor: add more typing info and upgrade prettier (#3725)
• 81c1f4e chore(release): 3.0.4
• 1fba399 ci: migrate to GitHub Actions
• 4e6d404 chore: make tests work on Windows (#3708)
• 28c7cc0 style(issue-template): fix typo (#3700)
• 06a2bd3 chore(release): 3.0.3
• 85ebd35 chore: cleanup dist folder before compilation
• 9b6f971 chore(release): 3.0.2
• 43705d7 fix: merge Engine.IO options
• 118cc68 chore: add 3rd party types in the list of dependencies
• c596e54 docs(examples): update React Native example
• f7e0009 docs(examples): update TypeScript example
• e69d0ad chore: bump socket.io-client version
• 0317a07 chore(release): 3.0.1
• d00c0c0 docs(examples): update examples to Socket.IO v3

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"body-parser","from":"1.19.1","to":"1.19.2"},{"name":"dottie","from":"2.0.2","to":"2.0.4"},{"name":"express","from":"4.17.2","to":"4.19.2"},{"name":"express-jwt","from":"3.0.0","to":"8.0.0"},{"name":"glob","from":"7.2.3","to":"9.0.0"},{"name":"grunt","from":"1.4.1","to":"1.6.1"},{"name":"jsonwebtoken","from":"5.0.0","to":"9.0.0"},{"name":"pdfkit","from":"0.11.0","to":"0.12.2"},{"name":"replace","from":"1.2.1","to":"1.2.2"},{"name":"sanitize-html","from":"2.0.0","to":"2.12.1"},{"name":"sequelize","from":"6.19.1","to":"6.29.0"},{"name":"socket.io","from":"2.4.1","to":"3.0.5"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-CRYPTOJS-6028119","priority_score":574,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.2","score":360},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Use of Weak Hash"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-DOTTIE-3332763","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-DOTTIE-3332763","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-ENGINEIO-1056749","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-ENGINEIO-3136336","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-6474509","priority_score":519,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.1","score":305},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESSJWT-575022","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Authorization Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-GRUNT-2635969","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Directory Traversal"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-GRUNT-2813632","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Race Condition"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JSONWEBTOKEN-3180022","priority_score":534,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Authentication"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JSONWEBTOKEN-3180024","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Restriction of Security Token Assignment"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JSONWEBTOKEN-3180026","priority_score":554,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Use of a Broken or Risky Cryptographic Algorithm"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JSONWEBTOKEN-3180022","priority_score":534,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.4","score":320},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Authentication"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JSONWEBTOKEN-3180024","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper Restriction of Security Token Assignment"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-JSONWEBTOKEN-3180026","priority_score":554,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.8","score":340},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Use of a Broken or Risky Cryptographic Algorithm"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MINIMATCH-3050818","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MINIMATCH-3050818","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-MINIMATCH-3050818","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-QS-3153490","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-QS-3153490","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-QS-3153490","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SANITIZEHTML-1070780","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Validation Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SANITIZEHTML-1070786","priority_score":539,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access Restriction Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SANITIZEHTML-2957526","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-SANITIZEHTML-6256334","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEQUELIZE-2959225","priority_score":564,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7","score":350},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"SQL Injection"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEQUELIZE-3324088","priority_score":629,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.3","score":415},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Filtering of Special Elements"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEQUELIZE-3324089","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEQUELIZE-3324090","priority_score":529,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Access of Resource Using Incompatible Type ('Type Confusion')"},{"exploit_maturity":"Proof of Concept","id":"npm:debug:20170905","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"npm:debug:20170905","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"npm:debug:20170905","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"}],"prId":"afe3a879-0453-4d6e-8796-8ac60f0d32f4","prPublicId":"afe3a879-0453-4d6e-8796-8ac60f0d32f4","packageManager":"npm","priorityScoreList":[574,696,696,589,519,584,636,646,631,534,539,554,479,696,646,539,479,586,564,629,479,529,506],"projectPublicId":"5f81707a-da8d-4e94-b0dc-75e5d54533d9","projectUrl":"https://app.snyk.io/org/shimizu-kanaden-sys/project/5f81707a-da8d-4e94-b0dc-75e5d54533d9?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"user-initiated","upgrade":["SNYK-JS-CRYPTOJS-6028119","SNYK-JS-DOTTIE-3332763","SNYK-JS-ENGINEIO-1056749","SNYK-JS-ENGINEIO-3136336","SNYK-JS-EXPRESS-6474509","SNYK-JS-EXPRESSJWT-575022","SNYK-JS-GRUNT-2635969","SNYK-JS-GRUNT-2813632","SNYK-JS-INFLIGHT-6095116","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026","SNYK-JS-MINIMATCH-3050818","SNYK-JS-QS-3153490","SNYK-JS-SANITI...