cloudboost
cloudboost copied to clipboard
CloudBoost
[Snyk] Fix for 14 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- user-service/package.json
- user-service/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
619/1000 Why? Has a fix available, CVSS 8.1 |
Prototype Pollution SNYK-JS-AJV-584908 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-ASYNC-2441827 |
Yes | Proof of Concept |
 |
626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1 |
Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131 |
Yes | Proof of Concept |
|
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept |
|
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-450202 |
Yes | Proof of Concept |
|
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept |
|
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-73638 |
Yes | Proof of Concept |
|
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
Yes | Proof of Concept |
 |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:bson:20180225 |
Yes | Proof of Concept |
|
579/1000 Why? Has a fix available, CVSS 7.3 |
Prototype Pollution npm:extend:20180424 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jsdom
The new version differs by 250 commits.- 74a8d1e Version 16.6.0
- f51f2ec Remove the dependency on request
- 2b6d5ae Update dependencies
- b72b33b Disable now-crashing canvas test
- 39b7972 Handle null and undefined thrown as exceptions
- 04f6c13 Add ParentNode.replaceChildren() (#3176)
- e4c4004 Version 16.5.3
- 2f41466 Fix MutationObserver infinite loop bugs (#3173)
- b232f2a Run partially-failing WPTs in the custom-elements directory
- 35e103e Run partially-failing WPTs in the cors directory
- 77b660a Run partially-failing WPTs in the FileAPI directory
- d8a245f Use `InnerHTML` mixin for `innerHTML` definition (#2981)
- bd50bbe Version 16.5.2
- d5cfd69 Fix event handler ObjectEnvironment instantiation
- 93e3d4a Remove vestigial concurrentNodeIterators option-passing
- c92f9c1 Check all associated elements for form validity
- 2202703 Fix failing WPTs calculation
- 21c7671 Upgrade dependencies
- c1b9ea1 Port skipped "test_body_event_handler_inline" to WPT
- a13d854 Use WeakRefs for NodeIterator tracking when supported
- fdf97d8 Fix radio/checkbox to not fire events when disconnected
- 761d8cc Refactor <output>
- b36d418 Make customElements.whenDefined() resolve with the constructor
- c5d13bb Remove a variety of redundant to-port tests
Package name: mongodb
The new version differs by 250 commits.- 79da11f 3.1.3
- 337cb79 feat(core): update to mongodb-core 3.1.2
- ff5fafc refactor(topology-base): `getServer` => `selectServer`
- b33fc74 3.1.2
- 78f6977 fix(mongo_client): translate options for connectWithUrl
- 36e92f1 fix(db_ops): call collection.find() with correct parameters (#1795)
- 759dd85 fix(buffer): replace deprecated Buffer constructor
- cb9d915 docs(connect): remove references to MongoClient.connect
- b8d2f1d fix(teardown): properly destroy a topology when initial connect fails
- 64027e8 refactor(export): expose CommandCursor
- 6ef85c4 refactor(export): expose AggregationCursor
- 13d776f fix(cursor): set readPreference for cursor.count
- a5d0f1d feat(deprecation): wrap deprecated functions
- 4f907a0 feat(deprecation): create deprecation function
- 666b8fa refactor(bulk): Unify bulk operations
- a0d84f6 test(evergreen): adding evergreen config to native driver
- b8471f1 fix(collection): isCapped returns false instead of undefined
- 86344f4 fix(collection): ensure findAndModify always use readPreference primary
- c25c519 test(countDocuments): full test coverage for countDocuments
- 25ca557 docs(contributing): fix link to HISTORY.md
- 4395110 chore(MongoClient): add missing legacy option name on warning message
- 297d843 docs(sessions): updating docs for sessions
- 15dc808 fix(db_ops): fix two incorrectly named variables
- fca1185 fix(count-documents): return callback on error case
Package name: nodemailer-mailgun-transport
The new version differs by 28 commits.- fc80bec Merge pull request #104 from Tol1/replace-mailgun-module
- 9c6596a Replace mailgun-js with official mailgun.js
- be34bb4 Fix the vuln by forcing netmask ver 2.0.2
- f6e30b5 Merge pull request #102 from kentcdodds/patch-1
- 5f02165 docs: update domain link
- 36f36e8 release new version that add support for apiKey alias
- 97731b4 Merge pull request #99 from captaincaius/feature-mailgun-templates-2
- 95aec61 add test and document using mailgun templates
- d7b1374 Merge pull request #98 from zgid123/master
- ba1a3da bumping semver
- 1553978 fixing vulns
- 4c3fb96 support option auth.apiKey as alias of auth.api_key
- d8de62f Merge pull request #87 from EmilienD/allow-custom-message-id
- ba13216 allow custom message-id
- eebbfb3 Merge pull request #84 from framp/master
- 87204df Small refactoring
- 7c861c3 Merge pull request #78 from strix/es6-syntax
- 79f5eb8 Fixed reference to
- 5af88a4 Changed self to simply this.
- fdc108b linting cleanup
- 44a0a02 Moved resolveAttachments function outside of promise chain since it is synchronous
- 4d50b02 Fixed path the handlebars template
- d2352c1 Updated syntax to es6
- 285e420 Merge pull request #77 from perzanko/master
Package name: slack-notify
The new version differs by 18 commits.- b6c0a8e Version bump to 2.0.0, increase minimum node version to 13.2.0
- 372143a Merge pull request #26 from andrewchilds/2022-refactor
- 84448dc Rewrite API to support promises instead of callbacks [fixes #17]
- 2dbfbad Use current webhook URL format in docs; remove redundant docs from src
- f6247eb Remove default configuration overrides [fixes #15]
- b4053fa Update docs
- 58618a2 Remove lodash/request deps, use ES module syntax
- 79d3891 Replace coffeescript with js
- dd68f24 Process lebab arrow rule
- 99ccf1b Process lebab let rule
- a1268c9 Merge pull request #20 from ScaleDrone/master
- 77f3862 Merge pull request #21 from christianuhlcc/master
- c8e932c bump travis node version
- 5dafe46 version bump
- f7f32fc version update to newer lodash 4.17 for security vulnerabilites
- 06dffcb Don't overassign defaults
- 7593b99 Merge pull request #11 from Starefossen/patch-1
- 9cd07c6 Use svg version for Travis badge
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Command Injection
