event-backend
event-backend copied to clipboard
[Snyk] Fix for 8 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
![]() |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
![]() |
584/1000 Why? Has a fix available, CVSS 7.4 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852 |
No | No Known Exploit |
![]() |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
No | No Known Exploit |
![]() |
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
![]() |
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
![]() |
589/1000 Why? Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042 |
No | No Known Exploit |
![]() |
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
No | No Known Exploit |
![]() |
741/1000 Why? Mature exploit, Has a fix available, CVSS 7.1 |
Uninitialized Memory Exposure npm:base64url:20180511 |
Yes | Mature |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: grunt
The new version differs by 81 commits.- 0afeb5c 1.6.0
- 2805dc3 Merge pull request #1750 from gruntjs/dep-update-jan28
- 3f1e423 README updates
- 8fd096d Bump to 16
- 42c5f95 Update more deps
- 1d88050 Bump eslint and node version
- 82d79b8 1.5.3
- 572d79b Merge pull request #1745 from gruntjs/fix-copy-op
- 58016ff Patch up race condition in symlink copying.
- 0749e1d Merge pull request #1746 from JamieSlome/patch-1
- 69b7c50 Create SECURITY.md
- ac667b2 1.5.2
- 7f15fd5 Update Changelog
- b0ec6e1 Merge pull request #1743 from gruntjs/cleanup-link
- 433f91b Clean up link handling
- d5969ec 1.5.1
- ad22608 Merge pull request #1742 from gruntjs/update-symlink-test
- 0652305 Fix symlink test
- a7ab0a8 1.5.0
- b2b2c2b Updated changelog
- 3eda6ae Merge pull request #1740 from gruntjs/update-deps-22-10
- 47d32de Update testing matrix
- 2e9161c More updates
- 04b960e Remove console log
Package name: grunt-cli
The new version differs by 5 commits.Package name: grunt-contrib-uglify
The new version differs by 27 commits.- a3f3f34 5.2.1
- 3c8d904 Update Readme
- 0850dcd update dependencies (#568)
- c27ad5f Bump minimist from 1.2.5 to 1.2.6 (#567)
- 98b4c5f Fix documentation in relation to issue #565 (#566)
- 7228446 Bump minimist from 1.2.5 to 1.2.6 (#563)
- e410511 Update deps, v5.1.0 (#564)
- 2cb31be Update uglify-js to v3.15.2 (#562)
- 12ca0f2 Fix wording in README.md (#560)
- 1f6a012 Bump path-parse from 1.0.6 to 1.0.7 (#558)
- 0e4b1a0 Update uglify-js (#557)
- 9ccf10d Bump hosted-git-info from 2.8.8 to 2.8.9 (#556)
- 4e83e45 Update UglifyJS to 3.13.3 (#554)
- 8674feb Bump ini from 1.3.5 to 1.3.8 (#552)
- 14b71da v5.0.0
- 9259448 Bump lodash from 4.17.11 to 4.17.19 (#550)
- 4645446 Bump js-yaml from 3.5.5 to 3.14.0 (#551)
- b7bcde4 Delete .travis.yml
- cba2631 Delete appveyor.yml
- 3dc53f0 ini github workflow
- f65dbb9 v4.0.1. (#535)
- b33a071 upgrade devDependencies (#536)
- 1e40037 upgrade to uglify-js 3.5.0 (#534)
- 33724cd update links to uglifyJS documentation (#530)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Server-side Request Forgery (SSRF) 🦉 Prototype Pollution