Skip to content

[Snyk-dev] Fix for 100 vulnerabilities#169

Open
VeronicaSnyk wants to merge 1 commit intomainfrom
snyk-fix-1027a8230ef08fa748713fe696f2738a
Open

[Snyk-dev] Fix for 100 vulnerabilities#169
VeronicaSnyk wants to merge 1 commit intomainfrom
snyk-fix-1027a8230ef08fa748713fe696f2738a

Conversation

@VeronicaSnyk
Copy link
Copy Markdown
Owner

@VeronicaSnyk VeronicaSnyk commented Feb 5, 2026

snyk-top-banner

Snyk has created this PR to fix 100 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Prototype Pollution
SNYK-JS-LODASH-567746		   ****  
high severity Prototype Pollution
SNYK-JS-LODASH-608086		   ****  
high severity Prototype Pollution
SNYK-JS-LODASH-73638		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-174116		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-451540		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-584281		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818		   ****  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		   ****  
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		   ****  
high severity Prototype Pollution
SNYK-JS-MIXINDEEP-450212		   ****  
high severity Directory Traversal
SNYK-JS-MOMENT-2440688		   ****  
high severity Denial of Service (DoS)
SNYK-JS-MONGODB-473855		   ****  
medium severity Prototype Pollution
SNYK-JS-MONGOOSE-1086688		   ****  
high severity Prototype Pollution
SNYK-JS-MONGOOSE-2961688		   ****  
medium severity Information Exposure
SNYK-JS-MONGOOSE-472486		   ****  
medium severity Prototype Pollution
SNYK-JS-MPATH-1577289		   ****  
high severity Prototype Pollution
SNYK-JS-MQUERY-1050858		   ****  
high severity Prototype Pollution
SNYK-JS-MQUERY-1089718		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067		   ****  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-13271681		   ****  
high severity Prototype Pollution
SNYK-JS-SETVALUE-1540541		   ****  
high severity Prototype Pollution
SNYK-JS-SETVALUE-450213		   ****  
high severity Prototype Pollution
SNYK-JS-TYPEORM-590152		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251		   ****  
medium severity Arbitrary Code Injection
SNYK-JS-UNDERSCORE-1080984		   ****  
high severity Prototype Pollution
SNYK-JS-UNSETVALUE-2400660		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090599		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090600		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090601		   ****  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-VALIDATOR-1090602		   ****  
high severity Prototype Pollution
SNYK-JS-Y18N-1021887		   ****  
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		   ****  
critical severity Arbitrary File Write via Archive Extraction (Zip Slip)
npm:adm-zip:20180415		   855  
high severity Remote Code Execution (RCE)
SNYK-JS-EJS-2803307		   621  
medium severity Cross-site Scripting (XSS)
SNYK-JS-JQUERY-565129		   496  
high severity Command Injection
SNYK-JS-LODASH-1040724		   318  
high severity Uninitialized Memory Exposure
npm:npmconf:20180512		   286  
high severity Prototype Pollution
SNYK-JS-DUSTJSLINKEDIN-1089257		   279  
medium severity Prototype Pollution
SNYK-JS-JQUERY-174006		   267  
medium severity Cross-site Scripting (XSS)
SNYK-JS-JQUERY-567880		   266  
high severity Arbitrary Code Execution
npm:ejs:20161128		   242  
medium severity Remote Memory Exposure
npm:mongoose:20160116		   237  
high severity Denial of Service (DoS)
SNYK-JS-DICER-2311764		   222  
high severity Prototype Pollution
SNYK-JS-EXPRESSFILEUPLOAD-595969		   220  
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20180225		   214  
high severity DLL Injection
SNYK-JS-KERBEROS-568900		   212  
medium severity Open Redirect
npm:st:20171013		   208  
high severity Code Injection
npm:dustjs-linkedin:20160819		   201  
high severity Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767		   198  
high severity Directory Traversal
SNYK-JS-ADMZIP-1065796		   195  
high severity Cross-site Scripting (XSS)
npm:marked:20150520		   190  
critical severity Prototype Pollution
SNYK-JS-HANDLEBARS-534988		   188  
medium severity Prototype Pollution
npm:lodash:20180130		   186  
medium severity Arbitrary Code Injection
SNYK-JS-EJS-1049328		   167  
high severity Prototype Pollution
SNYK-JS-AJV-584908		   165  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		   159  
high severity Denial of Service (DoS)
SNYK-JS-EXPRESSFILEUPLOAD-473997		   154  
high severity Prototype Pollution
SNYK-JS-LODASH-450202		   154  
high severity Cross-site Scripting (XSS)
npm:marked:20170815		   154  
high severity Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042		   152  
high severity Denial of Service (DoS)
SNYK-JS-LODASH-12239302		   152  
high severity Cross-site Scripting (XSS)
npm:marked:20170112		   152  
high severity Regular Expression Denial of Service (ReDoS)
npm:marked:20170907		   152  
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		   151  
high severity Prototype Pollution
SNYK-JS-INI-1048974		   149  
high severity Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478		   148  
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-1279029		   145  
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-469063		   141  
medium severity Denial of Service (DoS)
npm:ejs:20161130-1		   136  
medium severity Regular Expression Denial of Service (ReDoS)
npm:moment:20161019		   136  
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-567742		   134  
medium severity Cross-site Scripting (XSS)
npm:ejs:20161130		   134  
medium severity Directory Traversal
npm:st:20140206		   127  
high severity Prototype Override Protection Bypass
npm:qs:20170213		   115  
high severity Directory Traversal
SNYK-JS-ASYNC-12239908		   114  
high severity Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388		   114  
high severity Regular Expression Denial of Service (ReDoS)
npm:fresh:20170908		   114  
high severity Regular Expression Denial of Service (ReDoS)
npm:negotiator:20160616		   114  
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-173692		   108  
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-174183		   108  
medium severity Alternate solution to CWE-1333 Inefficient Regular Expression Complexity
SNYK-JS-DEBUG-14214893
medium severity Cross-site Scripting (XSS)
npm:jquery:20150627		   97  
medium severity Cross-site Scripting (XSS)
npm:marked:20170815-1		   95  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		   84  
medium severity Denial of Service (DoS)
npm:mem:20180117		   73  
medium severity Cross-site Scripting (XSS)
SNYK-JS-COLORNAME-17614999		   69  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355		   63  
low severity Validation Bypass
SNYK-JS-KINDOF-537849		   58  
low severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BRACEEXPANSION-9789073		   57  
low severity Regular Expression Denial of Service (ReDoS)
npm:ms:20170412		   54  
low severity Regular Expression Denial of Service (ReDoS)
npm:moment:20170905		   53  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-13283909		   46  
medium severity Regular Expression Denial of Service (ReDoS)
npm:ms:20151024		   46  
medium severity Regular Expression Denial of Service (ReDoS)
npm:semver:20150403		   46  
low severity Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		   40  
low severity Regular Expression Denial of Service (ReDoS)
npm:mime:20170907		   40  
medium severity Reverse Tabnabbing
SNYK-JS-ISTANBULREPORTS-2328088		   35  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities
b63cd08 
The following vulnerabilities are fixed with an upgrade:
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-567746
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-608086
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-73638
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-73639
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-174116
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-2342073
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-2342082
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-451540
- https://dev.snyk.io/vuln/SNYK-JS-MARKED-584281
- https://dev.snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://dev.snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://dev.snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://dev.snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
- https://dev.snyk.io/vuln/SNYK-JS-MOMENT-2440688
- https://dev.snyk.io/vuln/SNYK-JS-MONGODB-473855
- https://dev.snyk.io/vuln/SNYK-JS-MONGOOSE-1086688
- https://dev.snyk.io/vuln/SNYK-JS-MONGOOSE-2961688
- https://dev.snyk.io/vuln/SNYK-JS-MONGOOSE-472486
- https://dev.snyk.io/vuln/SNYK-JS-MPATH-1577289
- https://dev.snyk.io/vuln/SNYK-JS-MQUERY-1050858
- https://dev.snyk.io/vuln/SNYK-JS-MQUERY-1089718
- https://dev.snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
- https://dev.snyk.io/vuln/SNYK-JS-PATHTOREGEXP-13271681
- https://dev.snyk.io/vuln/SNYK-JS-SETVALUE-1540541
- https://dev.snyk.io/vuln/SNYK-JS-SETVALUE-450213
- https://dev.snyk.io/vuln/SNYK-JS-TYPEORM-590152
- https://dev.snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
- https://dev.snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
- https://dev.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660
- https://dev.snyk.io/vuln/SNYK-JS-VALIDATOR-1090599
- https://dev.snyk.io/vuln/SNYK-JS-VALIDATOR-1090600
- https://dev.snyk.io/vuln/SNYK-JS-VALIDATOR-1090601
- https://dev.snyk.io/vuln/SNYK-JS-VALIDATOR-1090602
- https://dev.snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://dev.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
- https://dev.snyk.io/vuln/npm:adm-zip:20180415
- https://dev.snyk.io/vuln/SNYK-JS-EJS-2803307
- https://dev.snyk.io/vuln/SNYK-JS-JQUERY-565129
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://dev.snyk.io/vuln/npm:npmconf:20180512
- https://dev.snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257
- https://dev.snyk.io/vuln/SNYK-JS-JQUERY-174006
- https://dev.snyk.io/vuln/SNYK-JS-JQUERY-567880
- https://dev.snyk.io/vuln/npm:ejs:20161128
- https://dev.snyk.io/vuln/npm:mongoose:20160116
- https://dev.snyk.io/vuln/SNYK-JS-DICER-2311764
- https://dev.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969
- https://dev.snyk.io/vuln/npm:marked:20180225
- https://dev.snyk.io/vuln/SNYK-JS-KERBEROS-568900
- https://dev.snyk.io/vuln/npm:st:20171013
- https://dev.snyk.io/vuln/npm:dustjs-linkedin:20160819
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://dev.snyk.io/vuln/SNYK-JS-ADMZIP-1065796
- https://dev.snyk.io/vuln/npm:marked:20150520
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://dev.snyk.io/vuln/npm:lodash:20180130
- https://dev.snyk.io/vuln/SNYK-JS-EJS-1049328
- https://dev.snyk.io/vuln/SNYK-JS-AJV-584908
- https://dev.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://dev.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-450202
- https://dev.snyk.io/vuln/npm:marked:20170815
- https://dev.snyk.io/vuln/SNYK-JS-FILETYPE-2958042
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-12239302
- https://dev.snyk.io/vuln/npm:marked:20170112
- https://dev.snyk.io/vuln/npm:marked:20170907
- https://dev.snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://dev.snyk.io/vuln/SNYK-JS-INI-1048974
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://dev.snyk.io/vuln/npm:ejs:20161130-1
- https://dev.snyk.io/vuln/npm:moment:20161019
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-567742
- https://dev.snyk.io/vuln/npm:ejs:20161130
- https://dev.snyk.io/vuln/npm:st:20140206
- https://dev.snyk.io/vuln/npm:qs:20170213
- https://dev.snyk.io/vuln/SNYK-JS-ASYNC-12239908
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
- https://dev.snyk.io/vuln/npm:fresh:20170908
- https://dev.snyk.io/vuln/npm:negotiator:20160616
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://dev.snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
- https://dev.snyk.io/vuln/SNYK-JS-DEBUG-14214893
- https://dev.snyk.io/vuln/npm:jquery:20150627
- https://dev.snyk.io/vuln/npm:marked:20170815-1
- https://dev.snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://dev.snyk.io/vuln/npm:mem:20180117
- https://dev.snyk.io/vuln/SNYK-JS-COLORNAME-17614999
- https://dev.snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://dev.snyk.io/vuln/SNYK-JS-KINDOF-537849
- https://dev.snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
- https://dev.snyk.io/vuln/npm:ms:20170412
- https://dev.snyk.io/vuln/npm:moment:20170905
- https://dev.snyk.io/vuln/SNYK-JS-DEBUG-13283909
- https://dev.snyk.io/vuln/npm:ms:20151024
- https://dev.snyk.io/vuln/npm:semver:20150403
- https://dev.snyk.io/vuln/npm:debug:20170905
- https://dev.snyk.io/vuln/npm:mime:20170907
- https://dev.snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@VeronicaSnyk @snyk-bot