(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 8.1
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ANSIREGEX-1583908
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
SNYK-JS-BL-608877
Why? Has a fix available, CVSS 8.1
SNYK-JS-BSON-561052
Why? Has a fix available, CVSS 7.4
SNYK-JS-HAWK-2808852
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-HOSTEDGITINFO-1088355
Why? Has a fix available, CVSS 7.5
SNYK-JS-MINIMATCH-1019388
Why? Has a fix available, CVSS 7.5
SNYK-JS-MONGODB-473855
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-MONGOOSE-1086688
Why? Proof of Concept exploit, Has a fix available, CVSS 7
SNYK-JS-MONGOOSE-2961688
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-MPATH-1577289
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-MQUERY-1050858
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-MQUERY-1089718
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JS-NPM-537603
Why? Proof of Concept exploit, Has a fix available, CVSS 2.6
SNYK-JS-NPM-537604
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JS-NPM-537606
Why? Has a fix available, CVSS 5.3
SNYK-JS-NPM-575435
Why? Has a fix available, CVSS 7.5
SNYK-JS-NPMUSERVALIDATE-1019352
Why? Has a fix available, CVSS 8.2
SNYK-JS-TAR-1536528
Why? Has a fix available, CVSS 8.2
SNYK-JS-TAR-1536531
Why? Has a fix available, CVSS 3.7
SNYK-JS-TAR-1536758
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579147
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579152
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579155
Why? Has a fix available, CVSS 4.4
npm:chownr:20180731
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
npm:hoek:20180212
Why? Has a fix available, CVSS 7.5
npm:minimatch:20160620
Why? Has a fix available, CVSS 5.3
npm:npm:20180222
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1
npm:tunnel-agent:20170305
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: meanio
The new version differs by 47 commits.- 36bd4db bumped version
- 64a4945 Merge pull request #111 from linnovate/snyk-fix-86f5d575
- 76dd175 fix: package.json & .snyk to reduce vulnerabilities
- 61e7da3 bumping version deploying new npm
- d1f252f Wilcard events and sticky sockets (#109)
- cd5820f pushing 0.9.0
- d2b2409 Merge pull request #106 from clowenhg/fixes-0.9.0/config-module
- eebd431 newline
- 0f1ba09 Including `loadConfig` for backward compatibility
- 2ea4199 updated module/index to use getConfig()
- 8710ae4 Updated db to use getConfig()
- 6a3295c Creating a 'static' getConfig
- c52d9bf Fixed some missed conflicts
- 874ab45 Merge branch '0.9.0' into fixes-0.9.0/config-module
- 76e76e7 Merge pull request #108 from pashist/0.9.0
- b929780 fix mod static routes
- 2d81916 fix
- dfd0e86 Addressing some houndci style issues
- b5e8b97 Merge pull request #107 from clowenhg/0.9.0
- 6d88b06 Setting to node "5" to use latest stable
- 3fa11f0 Updating travis config
- a483d7a removed aggregation
- f34d1e8 changing aggregation to getConfig()
- fc5a13c Updated libraries to call getConfig()
See the full diffPackage name: mongoose
The new version differs by 250 commits.- ca7996b chore: release 5.13.15
- e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
- a1144dc test: run node 7 tests with upgraded npm re: #12297
- dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
- b9e985c test: more strict @ types/node version
- 4d813fa test: fix @ types/node version in tests re: #12297
- 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
- 5eb11dd made function non async
- 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
- a2ec28d Merge pull request #11366 from laissonsilveira/5.x
- 05ce577 Fix broken link from findandmodify method deprecation
- d2b846f chore: release 5.13.14
- 69c1f6c docs(models): fix up nModified example for 5.x
- 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
- a738440 chore: release 5.13.13
- 4d12a62 Merge pull request #10942 from jneal-afs/fix-query-set-ts-type
- c3463c4 Merge pull request #10916 from iovanom/gh-10902-v5
- ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
- d205c4d make value optional
- c6fd7f7 Fix ts types for query set
- 22e9b3b [gh-10902 v5] Add node major version to utils
- 5468642 [gh-10902 v5] Emit end event in before close
- 271bc60 Merge pull request #10910 from lorand-horvath/patch-2
- b7ebeec Update mongodb driver to 3.7.3
See the full diffPackage name: npm
The new version differs by 250 commits.- 30a9844 7.21.0
- 0b2cd9d update AUTHORS
- 06461ec docs: changelog for v7.21.0
- 771a1cb chore(tests): fix snapshots
- 71cdfd8 spdx-license-ids@3.0.10
- 94f92de make-fetch-happen@9.0.5
- 7ac621c smart-buffer@4.2.0
- 218caca is-core-module@2.6.0
- ff6626a fix(docs): update npm-publish access flag info
- b6f40b5 tar@6.1.10
- e9e5ee5 @ npmcli/arborist@2.8.2
- 991a3bd read-package-json@4.0.0
- f077724 init-package-json@2.0.4
- 68a19bb fix(error-message): look for er.path not er.file
- ff34d6c feat(cache): initial implementation of ls and rm
- 8183976 normalize-package-data@3.0.3
- df57f0d @ npmcli/run-script@1.8.6
- 487731c fix(logging): sanitize logged argv
- 7a58264 chore(ci): check that docs are up to date in ci
- 22f3bbb chore(docs): add more 'autogenerated' comments
- 4314490 fix(docs): revert auto-generated portion of docs
- 32e88c9 fix(did-you-mean): switch levenshtein libraries
- 59b9851 7.20.6
- 2591e67 update AUTHORS
See the full diffWith a Snyk patch:
Why? Has a fix available, CVSS 3.7
npm:debug:20170905
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
npm:hoek:20180212
Why? Has a fix available, CVSS 5.1
npm:request:20160119
Why? Has a fix available, CVSS 5.9
npm:tough-cookie:20170905
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1
npm:tunnel-agent:20170305
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn