cloudboost
cloudboost copied to clipboard
CloudBoost
[Snyk] Fix for 24 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- data-service/package.json
- data-service/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
619/1000 Why? Has a fix available, CVSS 8.1 |
Prototype Pollution SNYK-JS-AJV-584908 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-ASYNC-2441827 |
Yes | Proof of Concept |
|
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7 |
Remote Memory Exposure SNYK-JS-BL-608877 |
No | Proof of Concept |
 |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355 |
No | Proof of Concept |
|
626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1 |
Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-INI-1048974 |
No | Proof of Concept |
|
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Denial of Service (DoS) SNYK-JS-JSZIP-1251497 |
No | Proof of Concept |
|
529/1000 Why? Has a fix available, CVSS 6.3 |
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562 |
No | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-450202 |
Yes | Proof of Concept |
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
No | No Known Exploit |
|
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4 |
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944 |
No | Proof of Concept |
|
561/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.8 |
Information Exposure SNYK-JS-PARSEURL-2935947 |
No | Proof of Concept |
 |
791/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.4 |
Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249 |
No | Proof of Concept |
|
591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4 |
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134 |
No | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
No | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-Y18N-1021887 |
No | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: googleapis
The new version differs by 171 commits.- 8669d9a run npm install before npm publish (#944)
- d571e5d release 25.0.0 (#932)
- 2722f1f update package-lock.json (#942)
- 515fa50 chore: asyncify generator (#926)
- 0c306e5 chore: update source-map-support to 0.5.2 (#941)
- 9cdb096 chore: remove node 7 from CI (#940)
- eb86822 Update README.md (#928)
- 658c7cb Update mocha to the latest version 🚀 (#935)
- 8654a48 chore(package): update source-map-support to version 0.5.1 (#931)
- 640c621 chore(package): update opn to version 5.2.0 (#925)
- 573d96e Update js-green-licenses to the latest version 🚀 (#933)
- e734909 Circleci tests (#937)
- 474bed7 chore: Upgrade to the latest google-auth-library (#891)
- efd4af5 chore(package): update semistandard to version 12.0.0 (#910)
- 70a2ec0 fix: cleanup and fix samples (#916)
- dfcae5a chore(package): update js-green-licenses to version 0.3.1 (#919)
- 6a9b578 publishing 24.0.0 (#922)
- cdf72a2 reverting breaking change (#921)
- 8135ce0 updating googleapis (#920)
- 4c4cf53 Revert "updating googleapis"
- 2ffccde Revert "bump version, fix formatting"
- a408328 bump version, fix formatting
- c0a06ba updating googleapis
- 6ab07d9 chore(package): update nock to version 9.1.5 (#902)
Package name: jimp
The new version differs by 206 commits.- d64200c bump version number
- 8405867 include types in package
- a00b5e5 longer timeout needed
- ba15d12 accept height and width as strings (#500)
- b976b68 add getHeight and getWidth functions (#504)
- f321190 handle windows env vars (#502)
- 80d2001 closes #224
- 020acbc Update CONTRIBUTING.md
- 08dbab0 use default param. fixes calling with threshold 0 (#498)
- cc96e11 fix a bunch of spelling mistakes (#499)
- d907c03 Update README.md
- 7c608e8 Add module build (#492)
- f19e77f Promisify Functions (#486)
- 69de0fc remove only
- c488bff Switch away from BigNumber.js (#497)
- fb87f39 Mime (#496)
- da3ae0e Merge pull request #495 from hipstersmoothie/bundle-wins
- 262df3e saves a few kB
- 7c21e7b switch to bignumber module
- ed69e9b Merge pull request #494 from hipstersmoothie/update-deps
- 81d1c42 update deps
- b86d323 Merge pull request #491 from hipstersmoothie/fix-build
- ec7a37c have to babel es6 modules because babelify wont. tfilter targets the specific file
- 17de0cc Merge pull request #490 from hipstersmoothie/readme
Package name: jsdom
The new version differs by 250 commits.- 74a8d1e Version 16.6.0
- f51f2ec Remove the dependency on request
- 2b6d5ae Update dependencies
- b72b33b Disable now-crashing canvas test
- 39b7972 Handle null and undefined thrown as exceptions
- 04f6c13 Add ParentNode.replaceChildren() (#3176)
- e4c4004 Version 16.5.3
- 2f41466 Fix MutationObserver infinite loop bugs (#3173)
- b232f2a Run partially-failing WPTs in the custom-elements directory
- 35e103e Run partially-failing WPTs in the cors directory
- 77b660a Run partially-failing WPTs in the FileAPI directory
- d8a245f Use `InnerHTML` mixin for `innerHTML` definition (#2981)
- bd50bbe Version 16.5.2
- d5cfd69 Fix event handler ObjectEnvironment instantiation
- 93e3d4a Remove vestigial concurrentNodeIterators option-passing
- c92f9c1 Check all associated elements for form validity
- 2202703 Fix failing WPTs calculation
- 21c7671 Upgrade dependencies
- c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
- a13d854 Use WeakRefs for NodeIterator tracking when supported
- fdf97d8 Fix radio/checkbox to not fire events when disconnected
- 761d8cc Refactor <output>
- b36d418 Make customElements.whenDefined() resolve with the constructor
- c5d13bb Remove a variety of redundant to-port tests
Package name: node-gcm
The new version differs by 39 commits.- c6b9eab Restore old dependency versions in package-lock.json (#373)
- 42afc1b Replace request with axios (#372) (thanks @ pmb-cl)
- d5cfe6a README: Update instructions on obtaining FCM Server Key (#368)
- e034e7d ci: improve node job names (#363)
- 46f03d7 ci: add CI tests (#361)
- 924a4f8 #360: Improve code sample for unregistered device token detection
- a4df9a3 Fix #358: rectify coding mistake in failedTokens snippets
- 345392c 1.0.5
- f268b8b #353: npm audit: update vulnerable dependencies
- 31e89bd 1.0.4
- 72a883f Merge pull request #349 from marneborn/upgrade-request
- dc80fc5 Merge pull request #337 from yog27ray/internalServer
- 29bb027 upgrade lodash
- 2b82cac use [email protected]
- 4bec224 1.0.3
- cbb1115 1.0.2
- 6d0bcc6 Merge pull request #345 from pertu/allow-uri-override
- fcb8d8c Move options.uri to overridable section
- 6c77b95 Add unit tests for uri override
- 2390554 Fix package.json: remove trailing comma in contributor list
- 456b0de README: Fix formatting of `fcm_options` param doc
- db66259 Merge pull request #342 from SpellChucker/add-fcm-options-message
- e435347 Fix syntax of link
- 859625a Update README with usage
Package name: nodemailer-mailgun-transport
The new version differs by 28 commits.- fc80bec Merge pull request #104 from Tol1/replace-mailgun-module
- 9c6596a Replace mailgun-js with official mailgun.js
- be34bb4 Fix the vuln by forcing netmask ver 2.0.2
- f6e30b5 Merge pull request #102 from kentcdodds/patch-1
- 5f02165 docs: update domain link
- 36f36e8 release new version that add support for apiKey alias
- 97731b4 Merge pull request #99 from captaincaius/feature-mailgun-templates-2
- 95aec61 add test and document using mailgun templates
- d7b1374 Merge pull request #98 from zgid123/master
- ba1a3da bumping semver
- 1553978 fixing vulns
- 4c3fb96 support option auth.apiKey as alias of auth.api_key
- d8de62f Merge pull request #87 from EmilienD/allow-custom-message-id
- ba13216 allow custom message-id
- eebbfb3 Merge pull request #84 from framp/master
- 87204df Small refactoring
- 7c861c3 Merge pull request #78 from strix/es6-syntax
- 79f5eb8 Fixed reference to
- 5af88a4 Changed self to simply this.
- fdc108b linting cleanup
- 44a0a02 Moved resolveAttachments function outside of promise chain since it is synchronous
- 4d50b02 Fixed path the handlebars template
- d2352c1 Updated syntax to es6
- 285e420 Merge pull request #77 from perzanko/master
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Command Injection 🦉 More lessons are available in Snyk Learn
