event-backend
event-backend copied to clipboard
[Snyk] Fix for 20 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
619/1000 Why? Has a fix available, CVSS 8.1 |
Prototype Pollution SNYK-JS-AJV-584908 |
Yes | No Known Exploit | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-ASYNC-2441827 |
Yes | Proof of Concept | |
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-AWSSDK-1059424 |
No | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970 |
No | Proof of Concept | |
626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1 |
Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131 |
Yes | Proof of Concept | |
644/1000 Why? Has a fix available, CVSS 8.6 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
Yes | No Known Exploit | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
Yes | Proof of Concept | |
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2 |
Command Injection SNYK-JS-LODASH-1040724 |
Yes | Proof of Concept | |
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 |
Prototype Pollution SNYK-JS-LODASH-567746 |
Yes | Proof of Concept | |
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3 |
Prototype Pollution SNYK-JS-LODASH-608086 |
Yes | Proof of Concept | |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept | |
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
Yes | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
Yes | Proof of Concept | |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept | |
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Prototype Pollution SNYK-JS-XML2JS-5414874 |
No | Proof of Concept | |
741/1000 Why? Mature exploit, Has a fix available, CVSS 7.1 |
Uninitialized Memory Exposure npm:base64url:20180511 |
Yes | Mature | |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:bson:20180225 |
Yes | Proof of Concept | |
641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1 |
Uninitialized Memory Exposure npm:concat-stream:20160901 |
Yes | Mature | |
579/1000 Why? Has a fix available, CVSS 7.3 |
Insecure Randomness npm:crypto-browserify:20140722 |
No | No Known Exploit | |
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7 |
Regular Expression Denial of Service (ReDoS) npm:debug:20170905 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: connect-mongo
The new version differs by 90 commits.- 63ca966 docs: update readme and bump version to 3.0.0
- aceb1ee chore: bump version to 3.0.0-rc.2
- 0e4a234 test: add test cases on event listener
- e77a7f1 test: replace mocha with jest (#324)
- ad39e88 test: replace deprecated collection.insert to collection.insertOne
- 545c06e docs: update README on testing
- 2d5442e chore: upgrade depns mocha
- 5d3a321 chore: upgrade nyc depns
- 54cd91d chore: upgrade depns
- afb7a12 docs: remove some badges
- 6c2484b docs: update README for supporting version
- c925c92 test: fix test case
- 6827330 chore: bump version to 3.0.0-rc.1
- f62692b ci: update .npmignore
- aa2637d ci: remove node 6 support and add linting in travis
- 801291b fix linting error
- f928547 travis add test on Node 12
- 12275f0 better linting
- eb23b1e linting fix
- 66194c7 bump major version to 3.0.0-rc
- f29084f Wait for client open, before calling db. (#321)
- d252bfc Install Stale bot
- 15d91c1 Transparent crypto support (#314)
- 08ccada Update readme refer to latest release to avoid confusion
Package name: grunt-cli
The new version differs by 5 commits.Package name: mongoose
The new version differs by 250 commits.- 66d559b chore: release 4.7.7
- 0504ec6 fix(populate): handle nested virtuals in virtual populate
- b412210 test(populate): repro #4581
- 4efecd5 fix(utils): don't crash if to[key] is null
- 066f128 chore: upgrade mongodb -> 2.2.21
- 370ac04 chore: upgrade bson dep to match mongodb-core
- dd8003b fix: add a toBSON to documents for easier querying
- ab680e4 test: repro #4866
- 075213f chore: upgrade mongodb -> 2.2.20
- e4fb16c chore: actually bump to 2.2.19
- f47260b chore: upgrade mongodb -> 2.2.18
- 344a2b7 chore: remove vestigial log
- 625e5cd Merge branch 'master' of github.com:Automattic/mongoose
- 2c020d1 chore: improve spelling re: #4858
- f921d15 Merge pull request #4854 from davidwu226/master
- 32208ba chore: now working on 4.7.7
- faf2c6a chore: release 4.7.6
- 5a1129a Fix warning from Bluebird:
- 175ad20 fix(query): don't call error handler if passRawResult is true and no error occurred
- d1492ce test(query): repro #4836
- 22552c5 docs(populate): remove implicit Model.populate() example
- 62c8b08 fix(populate): use base model name if no discriminator for backwards compat
- f0aa82d test(populate): repro #4843
- 8f39e1b fix: handle refs correctly even if using browser driver
Package name: newrelic
The new version differs by 250 commits.- f35a229 release: 6.5.0 (2020-03-19)
- 5779e3c Updated release notes
- 435d053 Merge pull request #1969 from NodeJS-agent/ntzaperas/attribute-rename
- 3d0dbd2 Rename span error attribute
- a01821f Fix span error attributes appearing on span intrinsics
- 76e0572 Updated changelog for v6.5.0.
- cd9406c Merge pull request #1966 from NodeJS-agent/ntzaperas/lasp-span-errors
- bfb2e70 Remove span_error_attributes feature flag
- 613a285 Test span error attributes and HSM/ignore
- a4ac95b Merge pull request #1964 from NodeJS-agent/mgoin/ConvertAgentAggregatorsUnitTests
- 2de8843 Merge pull request #1959 from NodeJS-agent/mgoin/ConvertAgentsUnitTestFullyTap
- 3f53da6 Converts event-aggregator.test.js to fully use tap API.
- e339089 Use the same attributes on spans as on TransactionErrors
- 0166c8a Span error attributes should adhere to security policy
- de2658d Converts base-aggregator.test.js to fully use tap API.
- 1e036e5 Converts synthetics.test.js to fully use tap API.
- 6d75845 Converts intrinsics.test.js to fully use tap API.
- 8c43fc6 Converts agent.test.js to fully use tap API.
- ade4dc3 Merge pull request #1957 from NodeJS-agent/ntzaperas/NODE-2307-error-attrs-on-spans
- 2ce89a6 Put span error attributes behind a feature flag
- 9013e0f Tests for span error attributes
- 64c6d47 Update tests to match new error interface
- ecae7a2 Add error info to span and link to TransactionError events
- 233e48e Merge pull request #1956 from NodeJS-agent/mgoin/NODE-2314-EventHandlersNotCleaningUp
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution 🦉 Regular Expression Denial of Service (ReDoS) 🦉 Command Injection 🦉 More lessons are available in Snyk Learn