Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 52 vulnerabilities #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 52 vulnerabilities #1

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

    • package.json

  • Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
    Find out more.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Prototype Pollution
SNYK-JS-AJV-584908		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-GLOBPARENT-1016905		 Yes Proof of Concept
medium severity 504/1000
Why? Has a fix available, CVSS 5.8		 Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1085627		 Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ISSVG-1243891		 Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-JQUERY-174006		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880		 Yes Proof of Concept
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service (DoS)
SNYK-JS-JSYAML-173999		 Yes No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Arbitrary Code Execution
SNYK-JS-JSYAML-174129		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 Yes Proof of Concept
high severity 681/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.2		 Command Injection
SNYK-JS-LODASH-1040724		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-450202		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
SNYK-JS-LODASH-567746		 Yes Proof of Concept
critical severity 704/1000
Why? Has a fix available, CVSS 9.8		 Prototype Pollution
SNYK-JS-LODASH-590103		 Yes No Known Exploit
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-608086		 Yes Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-LODASH-73638		 Yes Proof of Concept
medium severity 541/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 4.4		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388		 No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Improper Certificate Validation
SNYK-JS-NODESASS-1059081		 Yes No Known Exploit
medium severity 550/1000
Why? Has a fix available, CVSS 6.5		 Out-of-bounds Read
SNYK-JS-NODESASS-535499		 Yes No Known Exploit
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1		 Out-of-bounds Read
SNYK-JS-NODESASS-535501		 Yes Proof of Concept
high severity 600/1000
Why? Has a fix available, CVSS 7.5		 Uncontrolled Recursion
SNYK-JS-NODESASS-535503		 Yes No Known Exploit
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Resource Exhaustion
SNYK-JS-NODESASS-535504		 Yes Proof of Concept
high severity 761/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.8		 NULL Pointer Dereference
SNYK-JS-NODESASS-535505		 Yes Proof of Concept
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Uncontrolled Recursion
SNYK-JS-NODESASS-540960		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Read
SNYK-JS-NODESASS-540962		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Input Validation
SNYK-JS-NODESASS-540966		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Improper Input Validation
SNYK-JS-NODESASS-540968		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Uncontrolled Recursion
SNYK-JS-NODESASS-540970		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Read
SNYK-JS-NODESASS-540972		 Yes No Known Exploit
high severity 761/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.8		 NULL Pointer Dereference
SNYK-JS-NODESASS-540974		 Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5		 Denial of Service (DoS)
SNYK-JS-NODESASS-540982		 Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5		 Out-of-bounds Read
SNYK-JS-NODESASS-540984		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Out-of-bounds Read
SNYK-JS-NODESASS-540986		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-NODESASS-540988		 Yes No Known Exploit
medium severity 509/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service (DoS)
SNYK-JS-NODESASS-542662		 Yes No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 Yes Proof of Concept
high severity 619/1000
Why? Has a fix available, CVSS 8.1		 Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-536840		 Yes No Known Exploit
high severity 706/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7		 Arbitrary Code Injection
SNYK-JS-SERIALIZEJAVASCRIPT-570062		 Yes Proof of Concept
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536528		 Yes No Known Exploit
high severity 624/1000
Why? Has a fix available, CVSS 8.2		 Arbitrary File Overwrite
SNYK-JS-TAR-1536531		 Yes No Known Exploit
low severity 410/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-TAR-1536758		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579147		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579152		 Yes No Known Exploit
high severity 639/1000
Why? Has a fix available, CVSS 8.5		 Arbitrary File Write
SNYK-JS-TAR-1579155		 Yes No Known Exploit
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Denial of Service (DoS)
SNYK-JS-TRIMNEWLINES-1298042		 Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		 Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Information Exposure
SNYK-JS-WEBPACKDEVSERVER-72405		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:hoek:20180212		 Yes Proof of Concept
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:lodash:20180130		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 245 commits.
  • 634ab49 chore(release): 2.0.0
  • 6ade2d0 refactor: remove unused file (#860)
  • e7525c9 test: nested url (#859)
  • 7259faa test: css hacks (#858)
  • 5e6034c feat: allow to filter import at-rules (#857)
  • 5e702e7 feat: allow filtering urls (#856)
  • 9642aa5 test: css stuff (#855)
  • 3338656 fix: reduce number of require for url (#854)
  • 533abbe test: issue 636 (#853)
  • 08c551c refactor: better warning on invalid url resolution (#852)
  • b0aa159 test: issue #589 (#851)
  • f599c70 fix: broken unucode characters (#850)
  • 1e551f3 test: issue 286 (#849)
  • 419d27b docs: improve readme (#848)
  • d94a698 refactor: webpack-default (#847)
  • b97d997 feat: schema options
  • 453248f fix: support module resolution in composes (#845)
  • 8a6ea10 refactor: postcss plugins (#844)
  • fdcf687 fix: url resolving logic (#843)
  • 889dc7f feat: allow to disable css modules and disable their by default (#842)
  • ee2d253 test: importLoaders option (#841)
  • 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
  • fe94ebc test: icss reserved keywords (#839)
  • 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: h2o2 The new version differs by 42 commits.

See the full diff

Package name: hapi The new version differs by 250 commits.
  • faacf02 deps and passthrough validation error. Closes #3136. Closes #3137. Closes #3138. Closes #3139. Closes #3140. Closes #3141. Closes #3142. Closes #3143. Closes #3144. Closes #3145. Closes #3146. Closes #3147
  • 40dbdc1 Merge pull request #3128 from mikefrey/patch-1
  • e169ee3 Spelling/grammar fix
  • af95913 Merge pull request #3111 from hapijs/johnbrett-patch-1
  • 2752e23 add test for multipart payload exceeding byte limit
  • d870e6a Merge pull request #3113 from danielb2/master
  • 5d1b437 test for strictHeader false
  • f8e897d Update hapijs/subtext to 4.0.1 from 4.0.0
  • 8aef93a typo
  • 526d5ea Cleanup
  • fb83094 Merge branch 'master' of github.com:hapijs/hapi
  • a739abe Allow validating any input. Closes #3107
  • 6f20a78 Merge pull request #3105 from devinivy/api-deps-on-init
  • d3ca463 Clarify that plugin deps are enforced during initialize
  • 0cd1b62 Merge pull request #3068 from kanongil/fast-shutdown
  • ea04005 version
  • 9e5c889 Fix incorrect entity error message. Closes #3101
  • 7a47a85 Actively end idle persistent connections on server.stop()
  • 2435a08 Test that server.stop() completes active requests before denying new requests
  • a123307 Add server.stop() destroy test for in-progress connections
  • 6e80746 Revise server.stop() self close test
  • ed195fa 13.2.1
  • 23e333e Cleanup for #3044
  • 687a378 Merge pull request #3044 from csabapalfi/disable-cache-control

See the full diff

Package name: inert The new version differs by 47 commits.

See the full diff

Package name: isomorphic-fetch The new version differs by 22 commits.
  • fc5e0d0 3.0.0
  • 496fa43 Add version that was previously uncomitted to the package.json due to the previous release process
  • 9f5a8b6 Add a list of alternatives
  • 49280e6 Resolve minor security issue
  • 0f5edd0 Explain why Isomorphic Fetch is needed in docs (#135)
  • e32b006 Fix travis (#190)
  • db0aa8c Update to latest version
  • 8bf02c4 Bump node-fetch from 1.7.3 to 2.6.1 (#189)
  • 89c7e70 Merge pull request #93 from paulmelnikow/fetch_ponyfill
  • 25e3cab Add link to fetch-ponyfill
  • 8d33aba Merge pull request #90 from josiah0/update-lintspaces-cli
  • c22fcda Update lintspaces-cli
  • 43437dc Merge pull request #35 from wheresrhys/patch-1
  • 0e03057 Merge pull request #42 from eknuth/patch-1
  • a0ea3ae add a license file
  • 6d55ed5 Merge pull request #40 from matthew-andrews/0.10
  • 4422447 Change the semver matcher for whatwg-fetch so that I don't have to keep manually bumping the version number
  • 5e757d9 Upgrade to the latest whatwg-fetch
  • 79e5368 Expose Headers, Response and Request constructor globally
  • 4a7ede8 update github/fetch
  • 43c9bf7 Merge pull request #29 from matthew-andrews/travis-container
  • 4b2c7c7 Use travis container infrastructure

See the full diff

Package name: less The new version differs by 127 commits.
  • b873737 Merge pull request #3177 from Kartoffelsalat/master
  • bd2a93f chore(package): update request to 2.83.0
  • 3699921 Merge pull request #3170 from thorn0/patch-1
  • 6985541 Having `inline` and `less` imports of the same name lead to a race condition
  • 2f1386f Merge pull request #3168 from matthew-dean/master
  • 4272871 Fixes #3116 - lessc not loading plugins in 3.0
  • ba5ad9c Point badges at master branch
  • 4962988 Update CHANGELOG.md
  • 12fe0c6 Update README.md
  • 45d06b9 Merge pull request #3163 from matthew-dean/master
  • 9590b7b Add dist files
  • 0b6536b Merge branch '3.x'
  • a48c24c calc() fix - fixes #974 (partially #1880)
  • 367b46a Merge pull request #3161 from matthew-dean/3.x
  • 4508495 Remove legacy upgrade
  • 2a4a63a Update CHANGELOG.md with 3.x list
  • bb6da28 Update README.md
  • f80a021 Merge pull request #3159 from matthew-dean/3.x
  • 8b4524f Bump to 3.0.0-RC.1
  • d30e3a6 Merge pull request #3150 from anthony-redFox/3.x
  • 0b7c81c Removed install npm 2 version for appveyor. It was hotfix for old node version.
  • 5d230dd Drop node 0.10 and 0.12 and added node 9 matrix testing
  • 385da8f Update stale.yml
  • d384779 Create stale.yml

See the full diff

Package name: node-fetch The new version differs by 233 commits.
  • b5e2e41 update version number
  • 2358a6c Honor the `size` option after following a redirect and revert data uri support
  • 8c197f8 docs: Fix typos and grammatical errors in README.md (#686)
  • 1e99050 fix: Change error message thrown with redirect mode set to error (#653)
  • 244e6f6 docs: Show backers in README
  • 6a5d192 fix: Properly parse meta tag when parameters are reversed (#682)
  • 47a24a0 chore: Add opencollective badge
  • 7b13662 chore: Add funding link
  • 5535c2e fix: Check for global.fetch before binding it (#674)
  • 1d5778a docs: Add Discord badge
  • eb3a572 feat: Data URI support (#659)
  • 086be6f Remove --save option as it isn't required anymore (#581)
  • 95286f5 v2.6.0 (#638)
  • bf8b4e8 Allow agent option to be a function (#632)
  • 0c2294e 2.5.0 release (#630)
  • 0fc414c Allow third party blob implementation (#629)
  • d8f5ba0 build: disable generation of package-lock since it is not used (#623)
  • 1fe1358 test: enable --throw-deprecation for tests (#625)
  • a35dcd1 chore(deps): address deprecated url-search-params package (#622)
  • b3ecba5 2.4.1 release (#619)
  • 1a88481 Fix Blob for older node versions and webpack. (#618)
  • c9805a2 2.4.0 release (#616)
  • 49d7760 Pass custom timeout to subsequent requests on redirect (#615)
  • cfc8e5b Swap packagephobia badge for flat style (#592)

See the full diff

Package name: node-sass The new version differs by 250 commits.
  • 918dcb3 Lint fix
  • 0a21792 Set rejectUnauthorized to true by default (#3149)
  • e80d4af chore: Drop EOL Node 15 (#3122)
  • d753397 feat: Add Node 17 support (#3195)
  • dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
  • bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
  • 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
  • 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
  • 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
  • 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
  • fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
  • 6200b21 docs: Double word "support" (#3159)
  • eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
  • 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
  • c167004 6.0.1
  • 911d4db remove mkdirp dep (#3108)
  • 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
  • 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
  • cfcbb2c chore: Use default Apline version from docker-node (#3121)
  • 886319b chore: Drop Node 10 support
  • c908f4f fix: Bump OSX minimum to 10.11
  • 8ab02da fix: Remove old compiler gyp settings
  • 3d7b9d0 chore: Add Node 16 support
  • 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5

See the full diff

Package name: redux-auth The new version differs by 92 commits.

See the full diff

Package name: serialize-javascript The new version differs by 29 commits.
  • b54341e v3.1.0
  • 7cee7e4 Revert "support for bigint (#80)"
  • 026a445 Bump mocha from 7.1.2 to 7.2.0 (#83)
  • 5130a71 support for bigint (#80)
  • ea76b23 Bump mocha from 7.1.1 to 7.1.2 (#82)
  • 073c8d8 Bump nyc from 15.0.0 to 15.0.1 (#81)
  • f21a6fb Don't replace regex / function placeholders within string literals (#79)
  • 1ac487e [Security] Bump minimist from 1.2.0 to 1.2.5 (#78)
  • c795cef Bump mocha from 7.1.0 to 7.1.1 (#77)
  • 3064431 Bump mocha from 7.0.1 to 7.1.0 (#74)
  • 9dbe8f6 Update example in README (#73)
  • f5957ee v3.0.0
  • eed510c Introduce support for Infinity (#72)
  • 82bb2d2 Bump mocha from 7.0.0 to 7.0.1 (#71)
  • fdfb10a Test on Node.js v12 (#70)
  • 2f5f126 Bump mocha from 6.2.2 to 7.0.0 (#69)
  • 35062c0 Bump nyc from 14.1.1 to 15.0.0 (#68)
  • 6c43b02 v2.1.2
  • 3e05a3f Ignore .nyc_output (#64)
  • 3c46e8e Bump mocha from 6.2.0 to 6.2.2 (#62)
  • 433fc9c 2.1.1
  • 16a68ab Merge pull request from GHSA-h9rv-jmmf-4pgx
  • 3bab6de Bump mocha from 6.2.1 to 6.2.2 (#60)
  • 7a6b13d Bump mocha from 6.2.0 to 6.2.1 (#59)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • bf4ec9c 3.0.0
  • 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
  • 49d6e38 Merge pull request #5086 from webpack/ci/node-8
  • 3dcb133 OSX test on node.js 8
  • f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
  • d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
  • 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
  • 8c9dc14 fix RawModule hashing
  • c2c5d73 Update README.md
  • 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
  • ae18552 update test case with changed hash due to less clutter in dependencies
  • fc20348 unite iteration through modules into one loop
  • 083843e remove code that pushes arrays of dependencies into dependencies
  • ab636b0 Merge pull request #5075 from andreipfeiffer/master
  • 3b3449c Refactor: use const for non reassignable identifier
  • 2ba0499 3.0.0-rc.2
  • 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
  • a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
  • 28f826a consistent order
  • 8a30188 use Set for ModuleReason chunk rewriting
  • 5d4ba56 Allow scope hoisting to process modules in multiple chunks
  • d6a7594 harmony modules without exports have no exports instead of unknown
  • 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
  • 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

Package name: webpack-dev-server The new version differs by 250 commits.
  • ff2874f chore(release): 3.1.11
  • b3217ca fix: check origin header for websocket connection (#1603)
  • 68dd49a fix: add url for compatibility with webpack@5 (#1598) (#1599)
  • fadae5d fix(Server): mime type for wasm in contentBase directory (#1575) (#1580)
  • 7a3a257 fix(package): update `spdy` v3.4.1...4.0.0 (assertion error) (#1491) (#1563)
  • 1fe82de ci(travis): Node 11 (on OS X) crashes, use 10 for now (#1588)
  • 55398b5 fix(bin/options): correct check for color support (`options.color`) (#1555)
  • 927a2b3 fix(Server): correct `node` version checks (#1543)
  • fa96a76 chore(PULL_REQUEST_TEMPLATE): allow features (#1539)
  • fe3219f chore(release): 3.1.10
  • c12def3 fix(Server): set `tls.DEFAULT_ECDH_CURVE` to `'auto'` (#1531)
  • e719959 fix(package): update `sockjs-client` v1.1.5...1.3.0 (`url-parse` vulnerability) (#1537)
  • d2f4902 fix(options): add `writeToDisk` option to schema (#1520)
  • bb484ad chore(release): 3.1.9
  • 8b8b087 chore(package): update `webpack-dev-middleware` v3.3.0...3.4.0 (`dependencies`)
  • d0725c9 chore(package): update `webpack-dev-middleware` v3.2.0...3.3.0 (`dependencies`) (#1499)
  • cbe6813 refactor(package): cross-platform `prepare` script (`scripts`) (#1498)
  • 3d37cc5 chore(release): 3.1.8
  • 8fb67c9 fix(package): `yargs` security vulnerability (`dependencies`) (#1492)
  • b9d11ca docs: fix typos (#1487)
  • 7a6ca47 fix(utils/createLogger): ensure `quiet` always takes precedence (`options.quiet`) (#1486)
  • 065978f chore(package): update `import-local` v1.0.0...2.0.0 (`dependencies`) (#1484)
  • f37f0a2 chore(release): 3.1.7
  • 2d35287 style(utils/addEntries): cleaner variable naming (#1478)

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
medium severity 636/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3		 Prototype Pollution
npm:hoek:20180212		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: package.json & .snyk to reduce vulnerabilities
67ca8a0 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326
- https://snyk.io/vuln/SNYK-JS-ISSVG-1085627
- https://snyk.io/vuln/SNYK-JS-ISSVG-1243891
- https://snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://snyk.io/vuln/SNYK-JS-JSYAML-173999
- https://snyk.io/vuln/SNYK-JS-JSYAML-174129
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-590103
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-1019388
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
- https://snyk.io/vuln/SNYK-JS-NODESASS-1059081
- https://snyk.io/vuln/SNYK-JS-NODESASS-535499
- https://snyk.io/vuln/SNYK-JS-NODESASS-535501
- https://snyk.io/vuln/SNYK-JS-NODESASS-535503
- https://snyk.io/vuln/SNYK-JS-NODESASS-535504
- https://snyk.io/vuln/SNYK-JS-NODESASS-535505
- https://snyk.io/vuln/SNYK-JS-NODESASS-540960
- https://snyk.io/vuln/SNYK-JS-NODESASS-540962
- https://snyk.io/vuln/SNYK-JS-NODESASS-540966
- https://snyk.io/vuln/SNYK-JS-NODESASS-540968
- https://snyk.io/vuln/SNYK-JS-NODESASS-540970
- https://snyk.io/vuln/SNYK-JS-NODESASS-540972
- https://snyk.io/vuln/SNYK-JS-NODESASS-540974
- https://snyk.io/vuln/SNYK-JS-NODESASS-540982
- https://snyk.io/vuln/SNYK-JS-NODESASS-540984
- https://snyk.io/vuln/SNYK-JS-NODESASS-540986
- https://snyk.io/vuln/SNYK-JS-NODESASS-540988
- https://snyk.io/vuln/SNYK-JS-NODESASS-542662
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840
- https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062
- https://snyk.io/vuln/SNYK-JS-TAR-1536528
- https://snyk.io/vuln/SNYK-JS-TAR-1536531
- https://snyk.io/vuln/SNYK-JS-TAR-1536758
- https://snyk.io/vuln/SNYK-JS-TAR-1579147
- https://snyk.io/vuln/SNYK-JS-TAR-1579152
- https://snyk.io/vuln/SNYK-JS-TAR-1579155
- https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-72405
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:lodash:20180130


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:hoek:20180212
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Demo on Heroku not working passing back headers after onResponse Flow control rules link is broken
1 participant
@snyk-bot