podsearch_bot
podsearch_bot copied to clipboard
Fazendaaa
[Snyk] Fix for 13 vulnerabilities
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
-
Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
-
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches. Find out more.
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|
 |
Denial of Service (DoS) SNYK-JS-MONGODB-473855 |
No | No Known Exploit |
 |
Information Exposure SNYK-JS-MONGOOSE-472486 |
No | No Known Exploit |
|
Prototype Pollution SNYK-JS-MPATH-72672 |
No | No Known Exploit |
|
Prototype Pollution SNYK-JS-YARGSPARSER-560381 |
Yes | Proof of Concept |
 |
Regular Expression Denial of Service (ReDoS) npm:braces:20180219 |
Yes | Proof of Concept |
|
Denial of Service (DoS) npm:mem:20180117 |
Yes | No Known Exploit |
Commit messages
Package name: mongoose
The new version differs by 250 commits.- 40a879b chore: release 5.7.5
- 159457d chore: add vpn black friday as sponsor
- e6285ea Merge pull request #8244 from AbdelrahmanHafez/master
- d9163f5 fix: correct order for declaration
- cec9dda Minor refactor to ValidationError
- 13ae085 docs(index): add favicon to home page
- 96ce0eb style: fix lint
- 973b1e0 docs: add schema options to API docs
- cdfb507 chore: add useUnifiedTopology for tests re: #8212
- 936ddfb fix(update): handle subdocument pre('validate') errors in update validation
- 98b3b09 test(update): repro #7187
- b9c1012 docs(middleware): add note about accessing the document being updated in pre('findOneAndUpdate')
- 327b47a fix(subdocument): make subdocument#isModified use parent document's isModified
- 54db026 test(subdocument): repro #8223
- 89eb449 chore: now working on 5.7.5
- ffbff22 chore: change version for recompiling website
- 0562ca7 chore: add opencollective sponsors: top web design companies, casino top
- ee22c09 chore: now working on 5.7.5
- f3eca5b fix(query): delete top-level `_bsontype` property in queries to prevent silent empty queries
- cc10e0d test(query): repro #8222
- ede5aef chore: release 5.7.4
- 402db1a fix(model): support passing `options` to `Model.remove()`
- 7a20276 fix(schema): handle `required: null` and `required: undefined` as `required: false`
- 9b4a323 test(schema): repro #8219
With a Snyk patch:
| Severity | Issue | Exploit Maturity |
|---|---|---|
|
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
No Known Exploit |
|
Prototype Pollution npm:extend:20180424 |
No Known Exploit |
|
Prototype Pollution npm:hoek:20180212 |
No Known Exploit |
|
Denial of Service (DoS) npm:qs:20140806-1 |
No Known Exploit |
|
Remote Memory Exposure npm:request:20160119 |
No Known Exploit |
|
Uninitialized Memory Exposure npm:stringstream:20180511 |
Mature |
|
Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905 |
No Known Exploit |
Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the effected dependencies could be upgraded.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
📚 Read more about Snyk's upgrade and patch logic
