cnodejs
[Snyk] Fix for 10 vulnerabilities
Snyk has created this PR to fix 10 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
-
package.json
Vulnerabilities that will be fixed with an upgrade:
| Issue | Score | |
|---|---|---|
 |
Authentication Bypass SNYK-JS-HAWK-6969142 |
786 |
 |
Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860 |
696 |
 |
Prototype Pollution npm:hoek:20180212 |
636 |
|
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
631 |
|
Prototype Pollution SNYK-JS-AJV-584908 |
619 |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852 |
584 |
|
Cross-site Scripting SNYK-JS-EXPRESS-7926867 |
541 |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251 |
479 |
 |
Cross-site Scripting SNYK-JS-SEND-7926862 |
391 |
|
Cross-site Scripting SNYK-JS-SERVESTATIC-7926865 |
391 |
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
- This PR was automatically created by Snyk using the credentials of a real user.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Cross-site Scripting 🦉 Regular Expression Denial of Service (ReDoS) 🦉 More lessons are available in Snyk Learn
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"body-parser","from":"1.17.1","to":"1.20.3"},{"name":"data2xml","from":"1.2.4","to":"1.2.5"},{"name":"express","from":"4.16.0","to":"4.21.0"},{"name":"loader-builder","from":"2.4.1","to":"2.7.0"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BODYPARSER-7926860","priority_score":696,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-BODYPARSER-7926860","priority_score":696,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Asymmetric Resource Consumption (Amplification)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-EXPRESS-7926867","priority_score":541,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.1","score":255},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-HAWK-2808852","priority_score":584,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-HAWK-6969142","priority_score":786,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.3","score":465},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Authentication Bypass"},{"exploit_maturity":"Proof of Concept","id":"SNYK-JS-INFLIGHT-6095116","priority_score":631,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.2","score":310},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing Release of Resource after Effective Lifetime"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SEND-7926862","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-SERVESTATIC-7926865","priority_score":391,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"2.1","score":105},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Cross-site Scripting"},{"exploit_maturity":"No Known Exploit","id":"SNYK-JS-UGLIFYJS-1727251","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"},{"exploit_maturity":"Proof of Concept","id":"npm:hoek:20180212","priority_score":636,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.3","score":315},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Prototype Pollution"}],"prId":"5640edc5-5e41-4848-b35a-d200d0ae2c40","prPublicId":"5640edc5-5e41-4848-b35a-d200d0ae2c40","packageManager":"npm","priorityScoreList":[619,696,541,584,786,631,391,391,479,636],"projectPublicId":"cb954843-04fd-4846-a4fe-a53538af4220","projectUrl":"https://app.snyk.io/org/fengmk2/project/cb954843-04fd-4846-a4fe-a53538af4220?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-AJV-584908","SNYK-JS-BODYPARSER-7926860","SNYK-JS-EXPRESS-7926867","SNYK-JS-HAWK-2808852","SNYK-JS-HAWK-6969142","SNYK-JS-INFLIGHT-6095116","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865","SNYK-JS-UGLIFYJS-1727251","npm:hoek:20180212"],"vulns":["SNYK-JS-AJV-584908","SNYK-JS-BODYPARSER-7926860","SNYK-JS-EXPRESS-7926867","SNYK-JS-HAWK-2808852","SNYK-JS-HAWK-6969142","SNYK-JS-INFLIGHT-6095116","SNYK-JS-SEND-7926862","SNYK-JS-SERVESTATIC-7926865","SNYK-JS-UGLIFYJS-1727251","npm:hoek:20180212"],"patch":["npm:hoek:20180212"],"isBreakingChange":false,"remediationStrategy":"vuln"}'
