[Snyk] Fix for 8 vulnerabilities #75

toshanmugaraj · 2022-10-05T15:45:39Z

This PR was automatically created by Snyk using the credentials of a real user.

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- private/node_scripts/unsubscribe_csv/package.json
- private/node_scripts/unsubscribe_csv/.snyk

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
630/1000 Why? Has a fix available, CVSS 8.1	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:hawk:20160119	No	No Known Exploit
539/1000 Why? Has a fix available, CVSS 6.5	Timing Attack npm:http-signature:20150122	No	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
469/1000 Why? Has a fix available, CVSS 5.1	Remote Memory Exposure npm:request:20160119	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ddp

The new version differs by 9 commits.

b5a6932 Update README
d221554 Prepare for 0.12.0 release.
6a37c0e Merge pull request [Snyk] Security upgrade ddp from 0.11.0 to 0.12.0 #72 from rclai/patch-1
3f51599 Merge pull request [Snyk] Security upgrade google-translate from 1.0.9 to 2.2.0 #73 from cfnelson/master
38e97b8 Merge pull request [Snyk] Security upgrade google-translate from 1.0.9 to 2.0.5 #78 from mayvn10/master
60e2540 0.11.0
3c3a80e 0.11.0 faye dependency
01298a3 Added try/catch for uncaught JSON parse error.
5fe08ff Fix adding changed handler on observer creator

Package name: mongodb

The new version differs by 250 commits.

c6f417e chore(release): 3.1.13
210c71d fix(db_ops): ensure we async resolve errors in createCollection
5ad9fa9 fix(changeStream): properly handle changeStream event mid-close (cannot send invitations when SMTP is configured without authentication RocketChat/Rocket.Chat#1902)
e806be4 fix(bulk): honor ignoreUndefined in initializeUnorderedBulkOp
050267d fix(*): restore ability to webpack by removing `makeLazyLoader`
6e896f4 docs: adding aggregation, createIndex, and runCommand examples
cb3cd12 chore(release): 3.1.12
508d685 Revert "chore(release): 3.2.0"
e7619aa chore(release): 3.2.0
d0dc228 chore(travis): include forgotten stage info for sharded builds
ffbe90b chore(travis): run sharded tests in travis as well
9bef6e7 feat(core): update to mongodb-core v3.1.11
e4bb39e chore(release): 3.1.11
76c0130 chore(core): bump version of mongodb-core
a3adb3f fix(bulk): fix error propagation in empty bulk.execute
ec0e30e doc(change-streams): correct typo, add missing example
10ea992 chore(package): update lock file
fcb3ec1 test(sharded): reduce some sharded errors
d4eae97 test(sessions): undo hack for apm events in sessions tests
0eaca21 test(sessions): fixing broken session test
6790a74 test(sharding): fixing old sharding tests
98f0c68 test(sharded): fixing sharded operation test
c6a9baa test(sessions): fixing session tests in sharded env
985f0e9 test(drop): fixing drop assertions for sharded tests

Severity	Priority Score (*)	Issue	Exploit Maturity
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

Learn how to fix vulnerabilities with free interactive lessons:

Provide feedback