Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 49 vulnerabilities #85

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 49 vulnerabilities #85

wants to merge 1 commit into from

Conversation

wmurphysnyk
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 199/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 848, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.65, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept
high severity 172/1000
Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 75, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.32, Likelihood: 2.06, Score Version: V5		 Use of Weak Hash
SNYK-JS-CRYPTOJS-6028119		 No No Known Exploit
high severity 198/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 406, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.64, Score Version: V5		 Denial of Service (DoS)
SNYK-JS-DECODEURICOMPONENT-3149970		 Yes Proof of Concept
high severity 211/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00049, Social Trends: No, Days since published: 213, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.81, Score Version: V5		 Prototype Pollution
SNYK-JS-DOTTIE-3332763		 No Proof of Concept
high severity 199/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00242, Social Trends: No, Days since published: 1095, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.65, Score Version: V5		 Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749		 Yes Proof of Concept
high severity 142/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0007, Social Trends: No, Days since published: 413, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 1.89, Score Version: V5		 Denial of Service (DoS)
SNYK-JS-ENGINEIO-3136336		 No No Known Exploit
high severity 241/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00197, Social Trends: No, Days since published: 1286, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 10.8, Likelihood: 2.23, Score Version: V5		 Authorization Bypass
SNYK-JS-EXPRESSJWT-575022		 Yes No Known Exploit
medium severity 255/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Local, EPSS: 0.00045, Social Trends: No, Days since published: 635, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 98, Impact: 10.8, Likelihood: 2.36, Score Version: V5		 Directory Traversal
SNYK-JS-GRUNT-2635969		 No Proof of Concept
medium severity 269/1000
Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Local, EPSS: 0.00042, Social Trends: No, Days since published: 607, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 98, Impact: 11.4, Likelihood: 2.36, Score Version: V5		 Race Condition
SNYK-JS-GRUNT-2813632		 No Proof of Concept
medium severity 177/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 39, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.35, Score Version: V5		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept
medium severity 197/1000
Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00046, Social Trends: No, Days since published: 382, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2, Score Version: V5		 Improper Authentication
SNYK-JS-JSONWEBTOKEN-3180022		 Yes No Known Exploit
medium severity 133/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00053, Social Trends: No, Days since published: 382, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 2.52, Score Version: V5		 Improper Restriction of Security Token Assignment
SNYK-JS-JSONWEBTOKEN-3180024		 Yes No Known Exploit
medium severity 217/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0005, Social Trends: No, Days since published: 382, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 10.8, Likelihood: 2, Score Version: V5		 Use of a Broken or Risky Cryptographic Algorithm
SNYK-JS-JSONWEBTOKEN-3180026		 Yes No Known Exploit
medium severity 78/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1057, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.65, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 No Proof of Concept
high severity 298/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00606, Social Trends: No, Days since published: 1057, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12.2, Likelihood: 2.43, Score Version: V5		 Command Injection
SNYK-JS-LODASH-1040724		 No Proof of Concept
high severity 189/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01552, Social Trends: No, Days since published: 1651, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.68, Score Version: V5		 Prototype Pollution
SNYK-JS-LODASH-450202		 No Proof of Concept
high severity 188/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1235, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5		 Prototype Pollution
SNYK-JS-LODASH-608086		 No Proof of Concept
high severity 186/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 1801, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.64, Score Version: V5		 Prototype Pollution
SNYK-JS-LODASH-73638		 No Proof of Concept
medium severity 166/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00317, Social Trends: No, Days since published: 1739, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.2, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 No Proof of Concept
medium severity 56/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00071, Social Trends: No, Days since published: 447, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.94, Likelihood: 1.89, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		 No No Known Exploit
low severity 73/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 658, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.45, Score Version: V5		 Prototype Pollution
SNYK-JS-MINIMIST-2429795		 Yes Proof of Concept
high severity 199/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00437, Social Trends: No, Days since published: 400, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.65, Score Version: V5		 Prototype Poisoning
SNYK-JS-QS-3153490		 No Proof of Concept
medium severity 148/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00063, Social Trends: No, Days since published: 297, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 2.81, Score Version: V5		 Server-side Request Forgery (SSRF)
SNYK-JS-REQUEST-3361831		 No Proof of Concept
medium severity 185/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00137, Social Trends: No, Days since published: 1063, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 3.52, Score Version: V5		 Validation Bypass
SNYK-JS-SANITIZEHTML-1070780		 Yes Proof of Concept
medium severity 133/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00137, Social Trends: No, Days since published: 1063, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 2.52, Score Version: V5		 Access Restriction Bypass
SNYK-JS-SANITIZEHTML-1070786		 Yes No Known Exploit
medium severity 75/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00112, Social Trends: No, Days since published: 497, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.52, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SANITIZEHTML-2957526		 Yes No Known Exploit
critical severity 291/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1218, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 11.4, Likelihood: 2.56, Score Version: V5		 Arbitrary Code Execution
SNYK-JS-SANITIZEHTML-585892		 Yes No Known Exploit
high severity 211/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 202, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 2.81, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept
high severity 222/1000
Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 535, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.26, Score Version: V5		 SQL Injection
SNYK-JS-SEQUELIZE-2959225		 No No Known Exploit
high severity 214/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00076, Social Trends: No, Days since published: 325, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.78, Likelihood: 2.74, Score Version: V5		 Improper Filtering of Special Elements
SNYK-JS-SEQUELIZE-3324088		 No No Known Exploit
medium severity 81/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00087, Social Trends: No, Days since published: 325, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.74, Score Version: V5		 Information Exposure
SNYK-JS-SEQUELIZE-3324089		 No No Known Exploit
medium severity 178/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0005, Social Trends: No, Days since published: 325, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.52, Score Version: V5		 Access of Resource Using Incompatible Type ('Type Confusion')
SNYK-JS-SEQUELIZE-3324090		 No No Known Exploit
high severity 304/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00132, Social Trends: No, Days since published: 712, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12.2, Likelihood: 2.48, Score Version: V5		 Information Exposure
SNYK-JS-SIMPLEGET-2361683		 Yes Proof of Concept
high severity 264/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00097, Social Trends: No, Days since published: 620, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 98, Impact: 7.49, Likelihood: 3.52, Score Version: V5		 Denial of Service (DoS)
SNYK-JS-SQLITE3-2388645		 No Proof of Concept
high severity 300/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00143, Social Trends: No, Days since published: 300, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 98, Impact: 12.2, Likelihood: 2.45, Score Version: V5		 Arbitrary Code Execution
SNYK-JS-SQLITE3-3358947		 No No Known Exploit
high severity 119/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00889, Social Trends: No, Days since published: 887, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12, Likelihood: 0.989, Score Version: V5		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 No No Known Exploit
high severity 121/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01656, Social Trends: No, Days since published: 887, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12, Likelihood: 1.01, Score Version: V5		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 No No Known Exploit
low severity 50/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 886, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.94, Likelihood: 1.69, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 No No Known Exploit
high severity 121/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0011, Social Trends: No, Days since published: 859, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12.4, Likelihood: 0.969, Score Version: V5		 Arbitrary File Write
SNYK-JS-TAR-1579147		 No No Known Exploit
high severity 121/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0011, Social Trends: No, Days since published: 859, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12.4, Likelihood: 0.969, Score Version: V5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 No No Known Exploit
high severity 121/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00059, Social Trends: No, Days since published: 859, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12.4, Likelihood: 0.968, Score Version: V5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 No No Known Exploit
medium severity 148/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00173, Social Trends: No, Days since published: 192, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 2.81, Score Version: V5		 Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873		 No Proof of Concept
high severity 144/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 694, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 1.92, Score Version: V5		 Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		 Yes No Known Exploit
high severity 308/1000
Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2066, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 8.78, Likelihood: 3.5, Score Version: V5		 Uninitialized Memory Exposure
npm:base64url:20180511		 Yes Mature
low severity 72/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00296, Social Trends: No, Days since published: 2295, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.94, Likelihood: 2.43, Score Version: V5		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes Proof of Concept
high severity 266/1000
Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00559, Social Trends: No, Days since published: 3205, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.49, Likelihood: 3.54, Score Version: V5		 Authentication Bypass
npm:jsonwebtoken:20150331		 Yes Proof of Concept
high severity 204/1000
Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2722, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: High, Package Popularity Score: 99, Impact: 12, Likelihood: 1.69, Score Version: V5		 Forgeable Public/Private Tokens
npm:jws:20160726		 Yes No Known Exploit
medium severity 175/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00121, Social Trends: No, Days since published: 2154, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.48, Score Version: V5		 Prototype Pollution
npm:lodash:20180130		 No Proof of Concept
medium severity 224/1000
Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00084, Social Trends: No, Days since published: 2462, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.24, Likelihood: 4.27, Score Version: V5		 Cross-site Scripting (XSS)
npm:sanitize-html:20161026		 No Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: body-parser The new version differs by 16 commits.

See the full diff

Package name: check-dependencies The new version differs by 61 commits.

See the full diff

Package name: dottie The new version differs by 6 commits.

See the full diff

Package name: express The new version differs by 30 commits.

See the full diff

Package name: glob The new version differs by 116 commits.

See the full diff

Package name: grunt The new version differs by 36 commits.

See the full diff

Package name: grunt-contrib-compress The new version differs by 5 commits.

See the full diff

Package name: i18n The new version differs by 93 commits.

@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
cf16512 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119
- https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970
- https://snyk.io/vuln/SNYK-JS-DOTTIE-3332763
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-EXPRESSJWT-575022
- https://snyk.io/vuln/SNYK-JS-GRUNT-2635969
- https://snyk.io/vuln/SNYK-JS-GRUNT-2813632
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
- https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022
- https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024
- https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-REQUEST-3361831
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-2959225
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324088
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324089
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-3324090
- https://snyk.io/vuln/SNYK-JS-SIMPLEGET-2361683
- https://snyk.io/vuln/SNYK-JS-SQLITE3-2388645
- https://snyk.io/vuln/SNYK-JS-SQLITE3-3358947
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
- https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://snyk.io/vuln/npm:base64url:20180511
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:jsonwebtoken:20150331
- https://snyk.io/vuln/npm:jws:20160726
- https://snyk.io/vuln/npm:lodash:20180130
- https://snyk.io/vuln/npm:sanitize-html:20161026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wmurphysnyk @snyk-bot