(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 8.1
SNYK-JS-AJV-584908
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ANSIREGEX-1583908
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-ASYNC-2441827
Why? Proof of Concept exploit, Has a fix available, CVSS 7.7
SNYK-JS-BL-608877
Why? Has a fix available, CVSS 8.1
SNYK-JS-BSON-561052
Why? Has a fix available, CVSS 7.4
SNYK-JS-HAWK-2808852
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
SNYK-JS-HOSTEDGITINFO-1088355
Why? Has a fix available, CVSS 7.5
SNYK-JS-MINIMATCH-1019388
Why? Has a fix available, CVSS 7.5
SNYK-JS-MONGODB-473855
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-MONGOOSE-1086688
Why? Proof of Concept exploit, Has a fix available, CVSS 7
SNYK-JS-MONGOOSE-2961688
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
SNYK-JS-MPATH-1577289
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
SNYK-JS-MQUERY-1050858
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
SNYK-JS-MQUERY-1089718
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JS-NPM-537603
Why? Proof of Concept exploit, Has a fix available, CVSS 2.6
SNYK-JS-NPM-537604
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
SNYK-JS-NPM-537606
Why? Has a fix available, CVSS 5.3
SNYK-JS-NPM-575435
Why? Has a fix available, CVSS 7.5
SNYK-JS-NPMUSERVALIDATE-1019352
Why? Has a fix available, CVSS 8.2
SNYK-JS-TAR-1536528
Why? Has a fix available, CVSS 8.2
SNYK-JS-TAR-1536531
Why? Has a fix available, CVSS 3.7
SNYK-JS-TAR-1536758
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579147
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579152
Why? Has a fix available, CVSS 8.5
SNYK-JS-TAR-1579155
Why? Has a fix available, CVSS 4.4
npm:chownr:20180731
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
npm:hoek:20180212
Why? Has a fix available, CVSS 7.5
npm:minimatch:20160620
Why? Has a fix available, CVSS 5.3
npm:npm:20180222
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1
npm:tunnel-agent:20170305
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: meanio
The new version differs by 47 commits.Package name: mongoose
The new version differs by 250 commits.Package name: npm
The new version differs by 250 commits.With a Snyk patch:
Why? Has a fix available, CVSS 3.7
npm:debug:20170905
Why? Proof of Concept exploit, Has a fix available, CVSS 6.3
npm:hoek:20180212
Why? Has a fix available, CVSS 5.1
npm:request:20160119
Why? Has a fix available, CVSS 5.9
npm:tough-cookie:20170905
Why? Proof of Concept exploit, Has a fix available, CVSS 5.1
npm:tunnel-agent:20170305
(*) Note that the real score may have changed since the PR was raised.
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Prototype Pollution 🦉 More lessons are available in Snyk Learn