search

alectronic0 / alectronic-chirper

This is basic program twitter clone using the MEAN Stack & GDS tool kits.
https://alectronic-chirper.herokuapp.com/
0 stars 0 forks source link

[Snyk] Fix for 16 vulnerabilities #123

Closed alectronic0 closed 9 months ago

alectronic0 commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **706/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.7 | Remote Memory Exposure
[SNYK-JS-BL-608877](https://snyk.io/vuln/SNYK-JS-BL-608877) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | Yes | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **344/1000**
**Why?** Has a fix available, CVSS 2.6 | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | No | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **584/1000**
**Why?** Has a fix available, CVSS 7.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-HAWK-2808852](https://snyk.io/vuln/SNYK-JS-HAWK-2808852) | Yes | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **706/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.7 | Server-side Request Forgery (SSRF)
[SNYK-JS-NETMASK-1089716](https://snyk.io/vuln/SNYK-JS-NETMASK-1089716) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **706/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.7 | Server-side Request Forgery (SSRF)
[SNYK-JS-NETMASK-6056519](https://snyk.io/vuln/SNYK-JS-NETMASK-6056519) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **726/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.1 | Remote Code Execution (RCE)
[SNYK-JS-PACRESOLVER-1564857](https://snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Server-side Request Forgery (SSRF)
[SNYK-JS-REQUEST-3361831](https://snyk.io/vuln/SNYK-JS-REQUEST-3361831) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **676/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.1 | Information Exposure
[SNYK-JS-REQUESTRETRY-2411026](https://snyk.io/vuln/SNYK-JS-REQUESTRETRY-2411026) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **646/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.5 | Prototype Pollution
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-TRIMNEWLINES-1298042](https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **596/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.5 | Arbitrary Code Injection
[SNYK-JS-UNDERSCORE-1080984](https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **636/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[npm:hoek:20180212](https://snyk.io/vuln/npm:hoek:20180212) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[npm:timespan:20170907](https://snyk.io/vuln/npm:timespan:20170907) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @hmcts/nodejs-logging The new version differs by 11 commits.
  • 771bb21 ROC-3285 Integrate logging with Azure Application Insights (#28)
  • 3f757ad ROC-1105: Log tracing IDs on all logger calls (#24)
  • 86beda4 ROC-1105: Add possibility to return origin request id (#23)
  • 417c2bc ROC-1105: Request tracing (#22)
  • f8219f8 Setup release from tags (#21)
  • 04ac2c7 Merge pull request #20 from Louisblack/update-moment
  • 6970d82 Update yarn.lock with new moment version
  • f85c955 Bump version to 1.4.3
  • c7e41e1 Update moment to 2.19.3
  • 8eb48d8 Merge pull request #17 from hmcts/greenkeeper/initial
  • f1e9dde chore(package): update dependencies
See the full diff
Package name: node-sass The new version differs by 227 commits.
  • 3b556c1 7.0.2
  • c716359 Bump sass-graph@^4.0.1 (#3292)
  • 24741b3 docs(readme): fix docpad plugin link
  • 1523330 feat: Drop Node 12
  • 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
  • 1456114 build(deps): bump actions/upload-artifact from 2 to 3
  • b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
  • e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
  • 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
  • 29e2344 build(deps): bump actions/checkout from 2 to 3
  • 85b0d22 build(deps): bump actions/setup-node from 2 to 3
  • 3bb51da Use make-fetch-happen instead of request (#3193)
  • adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
  • 77d12f0 chore: disable Apline for Node 16/17 builds
  • 308d533 ci: use Python 3 for Node 12
  • c818907 ci: unpin actions/setup-node to v2
  • 99242d7 7.0.1
  • 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
  • c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
  • 918dcb3 Lint fix
  • 0a21792 Set rejectUnauthorized to true by default (#3149)
  • e80d4af chore: Drop EOL Node 15 (#3122)
  • d753397 feat: Add Node 17 support (#3195)
  • dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
See the full diff
Package name: nunjucks The new version differs by 78 commits.
  • 9a0ce36 3.13 release - fix typo in CHANGELOG
  • c2de0e4 Release 3.1.3
  • 4d8a4cc Update chokidar optionalDependency. Fixes #1103
  • d140280 Update CONTRIBUTING.md to reflect supported node releases [ci skip]
  • af6427d Update CHANGELOG
  • 1b76fb8 Update package.json engines to reflect supported node versions
  • 8afacce Add unit tests for {% if x is [not] defined %}. refs #1110
  • 248cf56 Fix "Invalid type: Is" error when using {% if x is defined %}
  • 2eaea16 Drop node v4 support, add node v9
  • 8041120 Include file/lineno in TemplateError message. fixes #1087, #1095
  • 1b4558d Merge pull request #1090 from TheDancingCode/forceescape
  • f478b06 Add "forceescape" filter
  • de49d33 Merge pull request #1089 from gingerrific/master
  • 3ab849c Update remaining src links
  • dedb978 Update API.md links to use correct paths
  • 323dabe Fix postinstall-build packaging issue, v3.1.2
  • 9f1b7da Prepare for next release
  • 6f3e4a3 v3.1.1
  • eed7b2d Fix bug that broke template caching. fixes #1074
  • db8e3c3 Fix error when running npm install nunjucks --no-bin-links
  • 2c97201 try/catch require of chokidar to make it truly optional
  • a65d3b8 bower forbids minified js in the main property
  • 2c98065 Add nunjucks folder to bower.json ignore
  • 470181d Prepare for next release
See the full diff
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/alectronic0/project/69d52760-7d0e-4bec-93f8-4cf82f0df885?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/alectronic0/project/69d52760-7d0e-4bec-93f8-4cf82f0df885?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"4ad03295-50f8-4451-a33f-8da7a021e296","prPublicId":"4ad03295-50f8-4451-a33f-8da7a021e296","dependencies":[{"name":"@hmcts/nodejs-logging","from":"1.4.2","to":"3.0.0"},{"name":"node-sass","from":"4.7.2","to":"7.0.2"},{"name":"nunjucks","from":"3.0.1","to":"3.1.3"}],"packageManager":"npm","projectPublicId":"69d52760-7d0e-4bec-93f8-4cf82f0df885","projectUrl":"https://app.snyk.io/org/alectronic0/project/69d52760-7d0e-4bec-93f8-4cf82f0df885?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BL-608877","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-HAWK-2808852","SNYK-JS-NETMASK-1089716","SNYK-JS-NETMASK-6056519","SNYK-JS-PACRESOLVER-1564857","SNYK-JS-REQUEST-3361831","SNYK-JS-REQUESTRETRY-2411026","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-UNDERSCORE-1080984","npm:hoek:20180212","npm:timespan:20170907","npm:tunnel-agent:20170305"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-BL-608877","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-HAWK-2808852","SNYK-JS-NETMASK-1089716","SNYK-JS-NETMASK-6056519","SNYK-JS-PACRESOLVER-1564857","SNYK-JS-REQUEST-3361831","SNYK-JS-REQUESTRETRY-2411026","SNYK-JS-TOUGHCOOKIE-5672873","SNYK-JS-TRIMNEWLINES-1298042","SNYK-JS-UNDERSCORE-1080984","npm:hoek:20180212","npm:timespan:20170907"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,706,586,344,586,584,706,706,726,646,676,646,589,596,636,589,576],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) 🦉 [Server-side Request Forgery (SSRF)](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr) 🦉 [Remote Code Execution (RCE)](https://learn.snyk.io/lesson/malicious-code-injection/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)