search

tonythetiger323 / MayThe4thBeRussov2

Wedding website for Megan Bailey & Randy Russo
MIT License
0 stars 0 forks source link

[Snyk] Fix for 25 vulnerabilities #233

Closed tonythetiger323 closed 1 year ago

tonythetiger323 commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - server/package.json - server/.snyk #### Note for [zero-installs](https://yarnpkg.com/features/zero-installs) users If you are using the Yarn feature [zero-installs](https://yarnpkg.com/features/zero-installs) that was introduced in Yarn V2, note that this PR does not update the `.yarn/cache/` directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run `yarn` to update the contents of the `./yarn/cache` directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.
⚠️ Warning ``` Failed to update the yarn.lock, please update manually before merging. ```
#### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Server-Side Request Forgery (SSRF)
[SNYK-JS-AXIOS-1038255](https://snyk.io/vuln/SNYK-JS-AXIOS-1038255) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-1579269](https://snyk.io/vuln/SNYK-JS-AXIOS-1579269) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Insecure Encryption
[SNYK-JS-BCRYPT-572911](https://snyk.io/vuln/SNYK-JS-BCRYPT-572911) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **616/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.9 | Cryptographic Issues
[SNYK-JS-BCRYPT-575033](https://snyk.io/vuln/SNYK-JS-BCRYPT-575033) | Yes | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **399/1000**
**Why?** Has a fix available, CVSS 3.7 | Improper Input Validation
[SNYK-JS-CLASSVALIDATOR-1730566](https://snyk.io/vuln/SNYK-JS-CLASSVALIDATOR-1730566) | No | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2332181](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181) | Yes | Proof of Concept ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **344/1000**
**Why?** Has a fix available, CVSS 2.6 | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-2396346](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | Yes | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | Open Redirect
[SNYK-JS-GOT-2932019](https://snyk.io/vuln/SNYK-JS-GOT-2932019) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **429/1000**
**Why?** Has a fix available, CVSS 4.3 | Reverse Tabnabbing
[SNYK-JS-ISTANBULREPORTS-2328088](https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **534/1000**
**Why?** Has a fix available, CVSS 6.4 | Improper Authentication
[SNYK-JS-JSONWEBTOKEN-3180022](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **539/1000**
**Why?** Has a fix available, CVSS 6.5 | Improper Restriction of Security Token Assignment
[SNYK-JS-JSONWEBTOKEN-3180024](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180024) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **554/1000**
**Why?** Has a fix available, CVSS 6.8 | Use of a Broken or Risky Cryptographic Algorithm
[SNYK-JS-JSONWEBTOKEN-3180026](https://snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180026) | Yes | No Known Exploit ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **399/1000**
**Why?** Has a fix available, CVSS 3.7 | Information Exposure
[SNYK-JS-NESTJSCORE-2869127](https://snyk.io/vuln/SNYK-JS-NESTJSCORE-2869127) | Yes | No Known Exploit ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **454/1000**
**Why?** Has a fix available, CVSS 4.8 | Session Fixation
[SNYK-JS-PASSPORT-2840631](https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631) | No | No Known Exploit ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Prototype Poisoning
[SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | Yes | Proof of Concept ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **801/1000**
**Why?** Mature exploit, Has a fix available, CVSS 8.3 | Prototype Pollution
[SNYK-JS-TYPEORM-590152](https://snyk.io/vuln/SNYK-JS-TYPEORM-590152) | No | Mature ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090599](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090599) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090600](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090600) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090601](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090601) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-VALIDATOR-1090602](https://snyk.io/vuln/SNYK-JS-VALIDATOR-1090602) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Prototype Pollution
[SNYK-JS-XML2JS-5414874](https://snyk.io/vuln/SNYK-JS-XML2JS-5414874) | No | Proof of Concept ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **601/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.6 | Prototype Pollution
[SNYK-JS-YARGSPARSER-560381](https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised. ##### With a [Snyk patch](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities#patches): Severity | Priority Score (*) | Issue | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **731/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 8.2 | Prototype Pollution
[SNYK-JS-LODASH-567746](https://snyk.io/vuln/SNYK-JS-LODASH-567746) | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/tonythetiger323/project/d80193da-1057-4264-8902-29011f766db7?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/tonythetiger323/project/d80193da-1057-4264-8902-29011f766db7?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"37e9c408-b539-437d-93e6-3fa03926baa5","prPublicId":"37e9c408-b539-437d-93e6-3fa03926baa5","dependencies":[{"name":"@nestjs/common","from":"6.5.3","to":"8.0.7"},{"name":"@nestjs/core","from":"6.5.3","to":"9.0.5"},{"name":"@nestjs/jwt","from":"6.1.1","to":"10.0.0"},{"name":"@nestjs/platform-express","from":"6.5.3","to":"8.4.0"},{"name":"bcrypt","from":"3.0.6","to":"5.0.0"},{"name":"body-parser","from":"1.19.0","to":"1.19.2"},{"name":"class-validator","from":"0.10.2","to":"0.14.0"},{"name":"express","from":"4.17.1","to":"4.17.3"},{"name":"jest","from":"24.8.0","to":"25.0.0"},{"name":"nodemon","from":"1.19.1","to":"2.0.17"},{"name":"nyc","from":"14.1.1","to":"15.0.0"},{"name":"passport","from":"0.4.0","to":"0.6.0"},{"name":"passport-jwt","from":"4.0.0","to":"4.0.1"},{"name":"ts-jest","from":"24.0.2","to":"25.3.0"},{"name":"typeorm","from":"0.2.18","to":"0.3.14"}],"packageManager":"yarn","projectPublicId":"d80193da-1057-4264-8902-29011f766db7","projectUrl":"https://app.snyk.io/org/tonythetiger323/project/d80193da-1057-4264-8902-29011f766db7?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-BCRYPT-572911","SNYK-JS-BCRYPT-575033","SNYK-JS-CLASSVALIDATOR-1730566","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-GOT-2932019","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026","SNYK-JS-LODASH-567746","SNYK-JS-NESTJSCORE-2869127","SNYK-JS-PASSPORT-2840631","SNYK-JS-QS-3153490","SNYK-JS-TYPEORM-590152","SNYK-JS-VALIDATOR-1090599","SNYK-JS-VALIDATOR-1090600","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090602","SNYK-JS-XML2JS-5414874","SNYK-JS-YARGSPARSER-560381"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-BCRYPT-572911","SNYK-JS-BCRYPT-575033","SNYK-JS-CLASSVALIDATOR-1730566","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-GOT-2932019","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-JSONWEBTOKEN-3180022","SNYK-JS-JSONWEBTOKEN-3180024","SNYK-JS-JSONWEBTOKEN-3180026","SNYK-JS-NESTJSCORE-2869127","SNYK-JS-PASSPORT-2840631","SNYK-JS-QS-3153490","SNYK-JS-TYPEORM-590152","SNYK-JS-VALIDATOR-1090599","SNYK-JS-VALIDATOR-1090600","SNYK-JS-VALIDATOR-1090601","SNYK-JS-VALIDATOR-1090602","SNYK-JS-XML2JS-5414874","SNYK-JS-YARGSPARSER-560381"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["pr-warning-shown","priorityScore"],"priorityScoreList":[696,616,696,589,616,399,586,344,586,484,429,534,539,554,731,399,454,696,801,586,586,586,586,586,601],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr) 🦉 [Server-Side Request Forgery (SSRF)](https://learn.snyk.io/lessons/ssrf-server-side-request-forgery/javascript/?loc=fix-pr) 🦉 [Insecure Encryption](https://learn.snyk.io/lessons/insecure-hash/javascript/?loc=fix-pr) 🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc=fix-pr)