Coverage decreased (-7.5%) to 32.294% when pulling 66cf59e376561a4b872f005bbb68494129013b43 on snyk-fix-2ba0f7cc8b798d11d325bf0f3b0c4315 into 2863501107151d123e04b69ea65fc05eec060c8d on master.
let us invalidate this, for now, the only major thing right now is the MongoDB dependency but is on the example application. We don't use any specific driver, other than disk, on the core code.
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 7.5
SNYK-JS-BCRYPT-572911
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
SNYK-JS-BCRYPT-575033
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-LODASH-450202
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
SNYK-JS-LODASH-567746
Why? Recently disclosed, CVSS 9.8
SNYK-JS-LODASH-590103
Why? Proof of Concept exploit, Recently disclosed, CVSS 7.3
SNYK-JS-LODASH-608086
Why? Has a fix available, CVSS 7.3
SNYK-JS-LODASH-73638
Why? Has a fix available, CVSS 4.4
SNYK-JS-LODASH-73639
Why? Proof of Concept exploit, CVSS 5.6
SNYK-JS-MINIMIST-559764
Why? Has a fix available, CVSS 7.5
SNYK-JS-MOCHA-561476
Why? Has a fix available, CVSS 3.7
npm:debug:20170905
Why? Proof of Concept exploit, Has a fix available, CVSS 7.1
npm:diff:20180305
Why? Has a fix available, CVSS 9.8
npm:growl:20160721
Why? Has a fix available, CVSS 6.3
npm:lodash:20180130
Why? Has a fix available, CVSS 5.3
npm:validator:20160218
(*) Note that the real score may have changed since the PR was raised.
With a Snyk patch:
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
SNYK-JS-LODASH-567746
Why? Has a fix available, CVSS 6.3
npm:lodash:20180130
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: š§ View latest project report
š Adjust project settings
š Read more about Snyk's upgrade and patch logic