New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 4 vulnerabilities #2

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-c6aa45b64d55e554c2af69c23683c69e

snyk-bot commented Sep 12, 2020

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Insecure use of /tmp folder npm:cli:20160615	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	No	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit

Commit messages

Package name: body-parser

The new version differs by 53 commits.

b2659a7 1.18.2
6339bf7 perf: remove argument reassignment
d5f9a4a deps: debug@2.6.9
d041563 1.18.1
9efa9ab deps: content-type@~1.0.4
f1ef6cc deps: qs@6.5.1
e438db5 deps: raw-body@2.3.2
15c3585 deps: iconv-lite@0.4.19
adfa01c 1.18.0
0632e2f Include the "type" property on all generated errors
b8f97cd Include the "body" property on verify errors
c659e8a tests: add test for err.body on json parse error
4e15325 tests: reorganize json error tests
5bd7ed5 tests: reorganize json strict option tests
3cb380b tests: store server on mocha context instead of variable shadowing
29c8cd0 docs: document too many parameters error
7b9cb14 Use http-errors to set status code on errors
29a27f1 docs: fix typo in jsdoc comment
448dc57 Fix JSON strict violation error to match native parse error
87df7e6 tests: add leading whitespace strict json test
1841248 deps: raw-body@2.3.1
e666dbe deps: http-errors@~1.6.2
c2a110a deps: bytes@3.0.0
a1a2e31 build: Node.js@8.4

See the full diff

With a Snyk patch:

Severity	Issue	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json, package-lock.json & .snyk to reduce vulnerabilities

f47caab

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/npm:cli:20160615
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:minimatch:20160620
- https://snyk.io/vuln/npm:ms:20170412


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:ms:20170412

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet