Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 29 vulnerabilities #6

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Fix for 29 vulnerabilities #6

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,37 +16,37 @@
},
"dependencies": {
"adm-zip": "0.4.7",
"body-parser": "1.9.0",
"cfenv": "^1.0.4",
"body-parser": "1.19.2",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mongoose 4.2.4 / package.json

Total vulnerabilities: 5

Critical: 3 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-2564 CRITICAL CRITICAL 9.8 6.4.6 Open
CVE-2019-17426 CRITICAL CRITICAL 9.1 - Open
CVE-2023-3696 CRITICAL CRITICAL 9.8 5.13.20 Open
PRISMA-2021-0067 HIGH HIGH - 5.12.2 Open
GHSA-r5xw-q988-826m MEDIUM MEDIUM 5.1 4.3.6 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lodash 4.17.4 / package.json

Total vulnerabilities: 7

Critical: 1 High: 2 Medium: 4 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2019-10744 CRITICAL CRITICAL 9.1 4.17.12 Open
CVE-2021-23337 HIGH HIGH 7.2 4.17.21 Open
CVE-2020-8203 HIGH HIGH 7.4 4.17.20 Open
CVE-2020-28500 MEDIUM MEDIUM 5.3 4.17.21 Open
CVE-2019-1010266 MEDIUM MEDIUM 6.5 4.17.11 Open
CVE-2018-3721 MEDIUM MEDIUM 6.5 4.17.5 Open
CVE-2018-16487 MEDIUM MEDIUM 5.6 4.17.11 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

file-type 8.1.0 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-36313 MEDIUM MEDIUM 5.5 16.5.4 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

adm-zip 0.4.7 / package.json

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
PRISMA-2021-0034 HIGH HIGH - 0.5.3 Open
CVE-2018-1002204 MEDIUM MEDIUM 5.5 0.4.9 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

dustjs-linkedin 2.5.0 / package.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2021-4264 HIGH HIGH 8.8 3.0.0 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

express-fileupload 0.0.5 / package.json

Total vulnerabilities: 4

Critical: 1 High: 2 Medium: 0 Low: 1
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2020-7699 CRITICAL CRITICAL 9.8 1.1.9 Open
PRISMA-2022-0318 HIGH HIGH 7.5 1.1.6-alpha.6 Open
PRISMA-2022-0323 HIGH HIGH 7.5 1.0.0 Open
GHSA-q3w9-g74q-vp5f LOW LOW 1 1.1.6-alpha.6 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hbs 4.1.2 / package.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2021-32822 MEDIUM MEDIUM 4 - Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moment 2.15.1 / package.json

Total vulnerabilities: 2

Critical: 0 High: 2 Medium: 0 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2022-24785 HIGH HIGH 7.5 2.29.2 Open
CVE-2017-18214 HIGH HIGH 7.5 2.19.3 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ejs 1.0.0 / package.json

Total vulnerabilities: 3

Critical: 1 High: 1 Medium: 1 Low: 0
Vulnerability IDSeverityCVSSFixed inStatus
CVE-2017-1000228 CRITICAL CRITICAL 9.8 2.5.5 Open
CVE-2017-1000189 HIGH HIGH 7.5 2.5.5 Open
CVE-2017-1000188 MEDIUM MEDIUM 6.1 2.5.5 Open

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ejs 1.0.0 / package.json

LOW  Unknown License (NOT_FOUND)

This package use a non-SPDX, unrecognized, or private open-source license. Ensure this package is compliant.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ejs-locals 1.0.2 / package.json

LOW  Unknown License (NOT_FOUND)

This package use a non-SPDX, unrecognized, or private open-source license. Ensure this package is compliant.

"cfenv": "^1.2.4",
"consolidate": "0.14.5",
"dustjs-helpers": "1.5.0",
"dustjs-linkedin": "2.5.0",
"ejs": "1.0.0",
"ejs-locals": "1.0.2",
"errorhandler": "1.2.0",
"express": "4.12.4",
"errorhandler": "1.4.3",
"express": "4.17.3",
"express-fileupload": "0.0.5",
"express-session": "^1.17.2",
"file-type": "^8.1.0",
"hbs": "^4.0.4",
"hbs": "^4.1.2",
"humanize-ms": "1.0.1",
"jquery": "^2.2.4",
"jquery": "^3.5.0",
"lodash": "4.17.4",
"marked": "0.3.5",
"marked": "4.0.10",
"method-override": "latest",
"moment": "2.15.1",
"mongodb": "^3.5.9",
"mongoose": "4.2.4",
"morgan": "latest",
"ms": "^0.7.1",
"ms": "^2.0.0",
"mysql": "^2.18.1",
"npmconf": "0.0.24",
"npmconf": "2.1.3",
"optional": "^0.1.3",
"st": "0.2.4",
"st": "1.2.2",
"stream-buffers": "^3.0.1",
"tap": "^11.1.3",
"typeorm": "^0.2.24",
"validator": "^13.5.2"
"tap": "^15.0.0",
"typeorm": "^0.3.14",
"validator": "^13.7.0"
},
"devDependencies": {
"browserify": "^13.1.1",
Expand Down