sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed! 
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
Open shehackspurple opened 1 year ago
sonarcloud[bot]
commented
1 year ago Kudos, SonarCloud Quality Gate passed!
0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells
No Coverage information
0.0% Duplication
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - api/package.json - api/.snyk #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **654/1000****Why?** Has a fix available, CVSS 8.8 | Authentication Bypass by Spoofing
[SNYK-JS-AUTOLINKER-2438289](https://snyk.io/vuln/SNYK-JS-AUTOLINKER-2438289) | Yes | No Known Exploit  | **551/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.6 | Cross-site Scripting (XSS)
[SNYK-JS-AUTOLINKER-564438](https://snyk.io/vuln/SNYK-JS-AUTOLINKER-564438) | Yes | Proof of Concept  | **459/1000**
**Why?** Has a fix available, CVSS 4.9 | Denial of Service (DoS)
[SNYK-JS-AUTOLINKER-73494](https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494) | Yes | No Known Exploit  | **630/1000**
**Why?** Has a fix available, CVSS 8.1 | Internal Property Tampering
[SNYK-JS-BSON-561052](https://snyk.io/vuln/SNYK-JS-BSON-561052) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | Yes | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-1018905](https://snyk.io/vuln/SNYK-JS-LODASH-1018905) | No | Proof of Concept  | **681/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.2 | Command Injection
[SNYK-JS-LODASH-1040724](https://snyk.io/vuln/SNYK-JS-LODASH-1040724) | No | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-450202](https://snyk.io/vuln/SNYK-JS-LODASH-450202) | No | Proof of Concept  | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | No | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-608086](https://snyk.io/vuln/SNYK-JS-LODASH-608086) | No | Proof of Concept  | **686/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.3 | Prototype Pollution
[SNYK-JS-LODASH-73638](https://snyk.io/vuln/SNYK-JS-LODASH-73638) | No | Proof of Concept  | **541/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 4.4 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-LODASH-73639](https://snyk.io/vuln/SNYK-JS-LODASH-73639) | No | Proof of Concept  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-MONGODB-473855](https://snyk.io/vuln/SNYK-JS-MONGODB-473855) | Yes | No Known Exploit  | **454/1000**
**Why?** Has a fix available, CVSS 4.8 | Session Fixation
[SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | No | No Known Exploit  | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-REMARKABLE-174639](https://snyk.io/vuln/SNYK-JS-REMARKABLE-174639) | No | No Known Exploit  | **624/1000**
**Why?** Has a fix available, CVSS 8.2 | Cross-site Scripting (XSS)
[SNYK-JS-REMARKABLE-174641](https://snyk.io/vuln/SNYK-JS-REMARKABLE-174641) | No | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090599](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090600](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090601](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601) | Yes | Proof of Concept  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090602](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602) | Yes | Proof of Concept  | **636/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[npm:hoek:20180212](https://snyk.io/vuln/npm:hoek:20180212) | Yes | Proof of Concept  | **636/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[npm:lodash:20180130](https://snyk.io/vuln/npm:lodash:20180130) | No | Proof of Concept  | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Cross-site Scripting (XSS)
[npm:remarkable:20160820](https://snyk.io/vuln/npm:remarkable:20160820) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jsonwebtoken
The new version differs by 10 commits.- f313850 8.0.0
- f38bd8e updated changelog
- 2ec3263 Merge pull request #393 from ziluvatar/migration-notes-to-readme
- 12cd8f7 docs: readme, migration notes
- cfc04a9 Merge pull request #349 from ziluvatar/fix-max-age-number-and-seconds
- 3305cf0 verify: remove process.nextTick (#302)
- 0be5409 Reduce size of NPM package (#347)
- 2e7e68d Remove joi to shrink module size (#348)
- 66a4f8b maxAge: Add validation to timespan result
- b61cc34 maxAge: Fix logic with number + use seconds instead of ms
See the full diffPackage name: mongodb
The new version differs by 250 commits.- c6f417e chore(release): 3.1.13
- 210c71d fix(db_ops): ensure we async resolve errors in createCollection
- 5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (#1902)
- e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
- 050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
- 6e896f4 docs: adding aggregation, createIndex, and runCommand examples
- cb3cd12 chore(release): 3.1.12
- 508d685 Revert "chore(release): 3.2.0"
- e7619aa chore(release): 3.2.0
- d0dc228 chore(travis): include forgotten stage info for sharded builds
- ffbe90b chore(travis): run sharded tests in travis as well
- 9bef6e7 feat(core): update to mongodb-core v3.1.11
- e4bb39e chore(release): 3.1.11
- 76c0130 chore(core): bump version of mongodb-core
- a3adb3f fix(bulk): fix error propagation in empty bulk.execute
- ec0e30e doc(change-streams): correct typo, add missing example
- 10ea992 chore(package): update lock file
- fcb3ec1 test(sharded): reduce some sharded errors
- d4eae97 test(sessions): undo hack for apm events in sessions tests
- 0eaca21 test(sessions): fixing broken session test
- 6790a74 test(sharding): fixing old sharding tests
- 98f0c68 test(sharded): fixing sharded operation test
- c6a9baa test(sessions): fixing session tests in sharded env
- 985f0e9 test(drop): fixing drop assertions for sharded tests
See the full diffPackage name: nodemon
The new version differs by 114 commits.- 27e91c3 fix: update packge-lock
- 0144e4f fix: bump update-notifier to v6.0.0 (#2029)
- c870342 chore: update supporters
- 5c0b472 chore: add supporter
- e26aaa9 fix: support windows by using path.delimiter
- 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
- de5d32a docs: Unified Node.js capitalization (#1986)
- e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
- bc4547b chore: update sponsors
- 07159c5 chore: add supporters
- cd100da chore: update supporters
- 6a34922 chore: supporters
- e5d6067 chore: updating supporters
- 242f9f7 Merge branch 'main' of github.com:remy/nodemon
- 141e58c chore: update supporters
- 53422af ci(release): workflow uses 'npm' cache (#1933)
- 581c641 ci(node.js): workflow uses 'npm' cache (#1934)
- cb1c8b9 docs: Fix typo in faq.md (#1950)
- 54784ab fix: bump prod dep versions
- 26db983 chore: update supporters
- 61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938)
- b449171 docs: Fix typo in faq.md
- 0a3175f chore: update supporters
- 18516d8 chore: add supporter
See the full diffPackage name: passport
The new version differs by 160 commits.- c33067b 0.6.0
- 3052bb4 Update changelog.
- 42630cb Merge pull request #900 from jaredhanson/fix-fixation
- 8dd79fe Use utils-merge rather than Object.assign for compatibility.
- 4f6bd5b Change keepSessionData to keepSessionData.
- 46756e5 Silence verbose logging.
- 987b191 Add tests.
- f8a175f Add tests.
- 29a90d6 No need to guard callback existence.
- bfba8a1 Add tests.
- 17111d7 Add option to keep session data on logout.
- a349c2b Add option to keep session data.
- e69834e Add optional options to login and logout.
- 8825a9a Add tests.
- c1991cf Add tests.
- 294f22c Better session detection and exceptions.
- 80cc4e3 Add tests.
- 3001654 Add tests.
- b395106 Clean up tests.
- cfa8259 Add tests.
- ee0bf81 Add tests.
- cc7606c Add tests.
- 71c54f6 Add test.
- 88c1f1b Handle logout without session manager.
See the full diffPackage name: swagger-jsdoc
The new version differs by 43 commits.- ce9ad85 Release 3.3.0
- f265196 chore(deps): upgrade all dependencies (#166)
- 78afae5 Update swagger-parser to fix remote execution bug (#165)
- b472303 Update outdated dev dependencies (#164)
- 1db7d5e fix: JSDoc Official website link (#162)
- ece24be Release 3.2.9
- 7041d59 Updating js-yaml dependency to 3.13.1 to fix remote execution vulnerability (#157)
- 098078b Release 3.2.8
- f159612 Bump js-yaml version to fix https://www.npmjs.com/advisories/788 (#156)
- a040963 fix: CLI usage example (#154)
- 9769dfd Release 3.2.7
- 08d0cbc Removes apis from input Def before generation. (#151)
- 3563890 Release 3.2.6
- 2a9fae8 Adding specification configuration documentation to GETTING-STARTED.md (#147)
- d0555ae Release 3.2.5
- 2ac328d fix: remove es2017 specific language feature (#145)
- 714d42b Release 3.2.4
- 95727cc Return false for non-empty objects (#143)
- e93291f Update CLI usage example (#140)
- 261009f Quick spelling change (#135)
- 36984bf Correction
- 2d2a6c7 Release 3.2.2
- e2e12fa Simplify
- 36e2a48 Add documentation section
See the full diff**Why?** Proof of Concept exploit, Has a fix available, CVSS 6.3 | Prototype Pollution
[npm:hoek:20180212](https://snyk.io/vuln/npm:hoek:20180212) | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: