[Snyk] Upgrade: ethereumjs-util, source-map-support, ganache-core, sha3, webpack, webpack-cli, yargs #45
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- ethereumjs-util from 6.1.0 to 6.2.1.
See this package in npm: https://www.npmjs.com/package/ethereumjs-util
- source-map-support from 0.5.12 to 0.5.21.
See this package in npm: https://www.npmjs.com/package/source-map-support
- ganache-core from 2.10.2 to 2.13.2.
See this package in npm: https://www.npmjs.com/package/ganache-core
- sha3 from 1.2.2 to 1.2.6.
See this package in npm: https://www.npmjs.com/package/sha3
- webpack from 4.35.3 to 4.47.0.
See this package in npm: https://www.npmjs.com/package/webpack
- webpack-cli from 3.1.0 to 3.3.12.
See this package in npm: https://www.npmjs.com/package/webpack-cli
- yargs from 13.2.4 to 13.3.2.
See this package in npm: https://www.npmjs.com/package/yargs
See this project in Snyk:
https://app.snyk.io/org/bram00767/project/e6427225-36da-46ef-b72e-b065692aa7ea?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
ethereumjs-util
from 6.1.0 to 6.2.1 | 2 versions ahead of your current version | 4 years ago
on 2020-07-16
source-map-support
from 0.5.12 to 0.5.21 | 9 versions ahead of your current version | 3 years ago
on 2021-11-19
ganache-core
from 2.10.2 to 2.13.2 | 33 versions ahead of your current version | 4 years ago
on 2021-01-12
sha3
from 1.2.2 to 1.2.6 | 4 versions ahead of your current version | 5 years ago
on 2019-12-05
webpack
from 4.35.3 to 4.47.0 | 28 versions ahead of your current version | a year ago
on 2023-09-06
webpack-cli
from 3.1.0 to 3.3.12 | 19 versions ahead of your current version | 4 years ago
on 2020-06-18
yargs
from 13.2.4 to 13.3.2 | 2 versions ahead of your current version | 4 years ago
on 2020-03-13
Issues fixed by the recommended upgrade:
SNYK-JS-TAR-1536531
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-ACORN-559469
SNYK-JS-AJV-584908
SNYK-JS-AJV-584908
SNYK-JS-Y18N-1021887
SNYK-JS-ELLIPTIC-571484
SNYK-JS-BROWSERIFYSIGN-6037026
SNYK-JS-COPYPROPS-1082870
SNYK-JS-DECODEURICOMPONENT-3149970
SNYK-JS-ELLIPTIC-571484
SNYK-JS-SERIALIZEJAVASCRIPT-570062
SNYK-JS-TAR-1579147
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-TAR-1536528
SNYK-JS-TAR-1536531
SNYK-JS-NORMALIZEURL-1296539
SNYK-JS-QS-3153490
SNYK-JS-QS-3153490
SNYK-JS-LODASH-567746
SNYK-JS-LODASH-608086
SNYK-JS-TAR-1579147
SNYK-JS-SIMPLEGET-2361683
SNYK-JS-SSRI-1246392
SNYK-JS-LODASH-6139239
SNYK-JS-TAR-1536528
SNYK-JS-BL-608877
SNYK-JS-ELLIPTIC-571484
SNYK-JS-INI-1048974
SNYK-JS-JSONSCHEMA-1920922
SNYK-JS-LOADERUTILS-3043105
SNYK-JS-ES5EXT-6095076
SNYK-JS-GLOBALMODULESPATH-3167973
SNYK-JS-Y18N-1021887
SNYK-JS-HOSTEDGITINFO-1088355
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-COOKIEJAR-3149984
SNYK-JS-DECOMPRESS-557358
SNYK-JS-DECOMPRESSTAR-559095
SNYK-JS-ELLIPTIC-1064899
SNYK-JS-ELLIPTIC-1064899
SNYK-JS-MINIMIST-559764
SNYK-JS-PATHPARSE-1077067
SNYK-JS-LOADERUTILS-3105943
SNYK-JS-ELLIPTIC-1064899
SNYK-JS-ELLIPTIC-511941
SNYK-JS-MINIMATCH-3050818
SNYK-JS-MINIMIST-559764
SNYK-JS-TERSER-2806366
SNYK-JS-ELLIPTIC-511941
SNYK-JS-LOADERUTILS-3042992
SNYK-JS-EXPRESS-6474509
SNYK-JS-YARGSPARSER-560381
SNYK-JS-YARGSPARSER-560381
SNYK-JS-YARGSPARSER-560381
SNYK-JS-TAR-1536758
SNYK-JS-MINIMIST-2429795
SNYK-JS-TAR-1536758
SNYK-JS-MINIMIST-2429795
SNYK-JS-KINDOF-537849
Release notes
Package name: ethereumjs-util
-
6.2.1 - 2020-07-16
- Stricter prefixed hex typing, PRs #3348, #3427 and #3357 (some changes removed in PR #3382 for backwards compatibility reasons, will be reintroduced along upcoming breaking releases)
- Fixes an issue in the delete operation used for unhashed tries and pruning activated which resulted in a wrong state root (bad!), PR #3333
-
6.2.0 - 2019-11-07
-
6.1.0 - 2019-02-12
from ethereumjs-util GitHub release notesOther Features
Bugfixes
Package name: source-map-support
-
0.5.21 - 2021-11-19
-
0.5.20 - 2021-09-09
-
0.5.19 - 2020-04-24
-
0.5.18 - 2020-04-21
-
0.5.17 - 2020-04-19
-
0.5.16 - 2019-10-29
- 🐛 Fix "cannot read property 'name' of undefined" error
-
0.5.15 - 2019-10-28
- 🐛 Adapt to node's removal of the module header
-
0.5.14 - 2019-10-28
- 🐛 Fix extraction of function name from next frame’s position
-
0.5.13 - 2019-07-31
-
0.5.12 - 2019-04-08
from source-map-support GitHub release notes0.5.21
0.5.20
0.5.19
0.5.18
0.5.17
0.5.13
0.5.12
Package name: ganache-core
-
2.13.2 - 2021-01-12
- fix: add
- fix: storage value encoding in forked trie. (#658)
- fix: handle failure to retrieve
- chore: update eth-sig-util to v3.0.0 (#711)
- ganache-cli v6.12.2
-
2.13.2-tezos.2 - 2021-02-16
-
2.13.2-tezos.0 - 2021-02-03
-
2.13.1 - 2020-10-26
- feat: add ability to use blockHash with eth_getLogs (#639) Thanks, @ tynes!
- fix: update merkle-patricia-tree to v3.0.0 to support Node v14 (#636)
- fix: fix snapshots for forking (#627) Thanks, @ seesemichaelj!
- fix: remove dev dependencies from published package's shrinkwrap (#640)
- fix: patch keccak to prevent Node v14 segfault (c26ba24)
- fix: bundle patched version of keccak (c5e6db6)
- test: throw if test contracts fail compilation (#633)
- chore: simply release process (#638)
- test: increase infura test timeouts so they stop failing in CI (#642)
- chore: update CI's Node version to 14.13.0 (#641)
- try npm 7 to see if it can
- update to npm v7.0.0-rc.0 (2af3122)
- chore: fix prepublish script for npm 7 (b30a886)
- ganache-cli v6.12.0
- Ganache UI v2.5.4
-
2.13.1-beta.1 - 2020-10-26
-
2.13.1-beta.0 - 2020-10-19
-
2.13.1-alpha.4 - 2020-10-19
-
2.13.1-alpha.2 - 2020-10-19
-
2.13.1-alpha.1 - 2020-10-19
-
2.13.1-alpha.0 - 2020-10-19
-
2.13.0 - 2020-10-09
-
2.13.0-rc.0 - 2020-10-09
-
2.13.0-beta.1 - 2020-10-07
-
2.13.0-beta.0 - 2020-10-06
-
2.13.0-alpha.2 - 2020-10-01
-
2.13.0-alpha.1 - 2020-10-01
-
2.13.0-alpha.0 - 2020-10-01
-
2.12.2-beta.0 - 2020-09-29
-
2.12.1 - 2020-09-28
-
2.12.0 - 2020-09-28
-
2.12.0-tezos.0 - 2020-12-03
-
2.12.0-beta.0 - 2020-09-15
-
2.11.3 - 2020-09-08
-
2.11.3-forking.0 - 2020-08-18
-
2.11.3-filecoin-alpha - 2020-08-06
-
2.11.3-beta.0 - 2020-08-25
-
2.11.2 - 2020-08-05
-
2.11.1 - 2020-08-05
-
2.11.0 - 2020-08-05
-
2.11.0-tezos.2 - 2020-06-10
-
2.11.0-tezos.1 - 2020-05-29
-
2.11.0-tezos.0 - 2020-05-28
-
2.11.0-beta.0 - 2020-06-24
-
2.10.2 - 2020-02-13
from ganache-core GitHub release notesHighlightsHow to UpgradeChangelogRelated ReleasesWe're moving to a
beta›latestrelease pipeline, where all non-hotfix changes are first released in a beta before being promoted to a stable release.We'd love it if you'd start using the latest betas and let us know early and often if you find any bugs or regressions!
Highlights
v2.13.2 – Taco Tuesday 🌮
It's Tuesday. And you know what that means, don't you? Tacos! And tacos are delicious. And do you know what else is delicious? This release! It's got a couple of new bug fixes you'll want to check out, especially if you use the forking feature.
Bon appetit!
How to Upgrade
Upgrade to the latest version of ganache-core by running:
npm
yarn
Changelog
Fixes:
removedfield to Log JSON (#651)net_versionwhen forking (#676)Chores:
Related Releases
💖 The Truffle Team
HighlightsHow to UpgradeChangelogRelated ReleasesWe're moving to a
beta›latestrelease pipeline, where all non-hotfix changes are first released in a beta before being promoted to a stable release.We'd love it if you'd start using the latest betas and let us know early and often if you find any bugs or regressions!
Highlights
v2.13.1 – Johnnycake Cobblers 2 🎂
This release is exactly like the last one, but it works around an npm bug that causes installations to sometimes fail in Node v12 with npm v6. The rest of these notes are the same as the last release's.
Johnnycake Cobblers: another dessert with a weird name. Someone really should cook up all the release names we've used for us Trufflers to try one day! 😋
This release brings Node v14 compatibility and a new feature!
How to Upgrade
Upgrade to the latest version of ganache-core by running:
npm
yarn
Changelog
Features:
Fixes:
Misc:
prune --productionandshrinkwrapwithout creating an invalid shrinkwrap file (4b3f588)Related Releases
💖 The Truffle Team
2.13.1-beta.1
2.13.1-beta.0
2.13.1-alpha.4
2.13.1-alpha.2
2.13.1-alpha.1
2.13.1-alpha.0
2.12.0-tezos.0
Package name: sha3
-
1.2.6 - 2019-12-05
-
1.2.5 - 2019-12-05
- 🐛 Fix compatibility with gcc 4.8 (the default version provided with Ubuntu Trusty LTS).
-
1.2.4 - 2019-12-01
- 🐛 Fix compatibility with Node.js 13.x.
-
1.2.3 - 2019-05-08
-
1.2.2 - 2018-04-30
from sha3 GitHub release notesThis administrative release is identical to v1.2.5.
When v1.2.5 was published, the
nativetag was not set. Due to package version immutability in npm registry, applying this tag required a version increment.This is a bugfix release for older Linux versions.
This is a maintenance release, to address compatibility issues with Node.js 12.x, which removed some deprecated functions from the V8 add-on API used by the 1.x branch of this library. No functional changes are included in this release.
Package name: webpack
-
4.47.0 - 2023-09-06
- [Security] - Add support for md4 in Node >=18. by @ iclanton in #17628
- @ iclanton made their first contribution in #17628
-
4.46.0 - 2021-01-11
-
4.45.0 - 2021-01-08
-
4.44.2 - 2020-09-17
-
4.44.1 - 2020-07-30
-
4.44.0 - 2020-07-24
-
4.43.0 - 2020-04-21
-
4.42.1 - 2020-03-24
-
4.42.0 - 2020-03-02
-
4.41.6 - 2020-02-11
-
4.41.5 - 2019-12-27
-
4.41.4 - 2019-12-19
-
4.41.3 - 2019-12-16
-
4.41.2 - 2019-10-15
-
4.41.1 - 2019-10-11
-
4.41.0 - 2019-09-24
-
4.40.3 - 2019-09-24
-
4.40.2 - 2019-09-13
-
4.40.1 - 2019-09-13
-
4.40.0 - 2019-09-12
-
4.39.3 - 2019-08-27
-
4.39.2 - 2019-08-13
-
4.39.1 - 2019-08-02
-
4.39.0 - 2019-08-01
-
4.38.0 - 2019-07-26
-
4.37.0 - 2019-07-23
-
4.36.1 - 2019-07-17
-
4.36.0 - 2019-07-17
-
4.35.3 - 2019-07-08
from webpack GitHub release notesNew Features
New Contributors
Full Changelog: v4.46.0...v4.47.0
Package name: webpack-cli
-
3.3.12 - 2020-06-18
-
3.3.11 - 2020-02-11
-
3.3.10 - 2019-10-31
-
3.3.9 - 2019-09-17
-
3.3.8 - 2019-09-05
-
3.3.7 - 2019-08-18
-
3.3.6 - 2019-07-14
-
3.3.5 - 2019-06-23
-
3.3.4 - 2019-06-11
-
3.3.3 - 2019-06-07
-
3.3.2 - 2019-05-04
-
3.3.1 - 2019-04-21
-
3.3.0 - 2019-03-15
-
3.2.3 - 2019-02-05
-
3.2.2 - 2019-02-05
-
3.2.1 - 2019-01-07
-
3.2.0 - 2019-01-03
-
3.1.2 - 2018-09-29
-
3.1.1 - 2018-09-23
-
3.1.0 - 2018-07-18
from webpack-cli GitHub release noteschore(release): 3.3.12
Package name: yargs
-
13.3.2 - 2020-03-13
-
13.3.0 - 2019-06-10
- deps: yargs-parser update addressing several parsing bugs (#1357) (e230d5b)
- i18n: swap out os-locale dependency for simple inline implementation (#1356) (4dfa19b)
- support defaultDescription for positional arguments (812048c)
-
13.2.4 - 2019-05-13
from yargs GitHub release notesBug Fixes
Features
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"ethereumjs-util","from":"6.1.0","to":"6.2.1"},{"name":"source-map-support","from":"0.5.12","to":"0.5.21"},{"name":"ganache-core","from":"2.10.2","to":"2.13.2"},{"name":"sha3","from":"1.2.2","to":"1.2.6"},{"name":"webpack","from":"4.35.3","to":"4.47.0"},{"name":"webpack-cli","from":"3.1.0","to":"3.3.12"},{"name":"yargs","from":"13.2.4","to":"13.3.2"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-ACORN-559469","issue_id":"SNYK-JS-ACORN-559469","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":405,"priority_score_factors":[{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AJV-584908","issue_id":"SNYK-JS-AJV-584908","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-Y18N-1021887","issue_id":"SNYK-JS-Y18N-1021887","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-BROWSERIFYSIGN-6037026","issue_id":"SNYK-JS-BROWSERIFYSIGN-6037026","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Improper Verification of Cryptographic Signature"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COPYPROPS-1082870","issue_id":"SNYK-JS-COPYPROPS-1082870","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-DECODEURICOMPONENT-3149970","issue_id":"SNYK-JS-DECODEURICOMPONENT-3149970","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-570062","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary Code Injection"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-NORMALIZEURL-1296539","issue_id":"SNYK-JS-NORMALIZEURL-1296539","priority_score":375,"priority_score_factors":[{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":482,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-567746","issue_id":"SNYK-JS-LODASH-567746","priority_score":731,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-608086","issue_id":"SNYK-JS-LODASH-608086","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SIMPLEGET-2361683","issue_id":"SNYK-JS-SIMPLEGET-2361683","priority_score":761,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.8","score":440},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SSRI-1246392","issue_id":"SNYK-JS-SSRI-1246392","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-LODASH-6139239","issue_id":"SNYK-JS-LODASH-6139239","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BL-608877","issue_id":"SNYK-JS-BL-608877","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Memory Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ELLIPTIC-571484","issue_id":"SNYK-JS-ELLIPTIC-571484","priority_score":706,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.7","score":385},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Cryptographic Issues"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-INI-1048974","issue_id":"SNYK-JS-INI-1048974","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-JSONSCHEMA-1920922","issue_id":"SNYK-JS-JSONSCHEMA-1920922","priority_score":430,"priority_score_factors":[{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-LOADERUTILS-3043105","issue_id":"SNYK-JS-LOADERUTILS-3043105","priority_score":589,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ES5EXT-6095076","issue_id":"SNYK-JS-ES5EXT-6095076","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GLOBALMODULESPATH-3167973","issue_id":"SNYK-JS-GLOBALMODULESPATH-3167973","priority_score":691,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Command Injection"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-Y18N-1021887","issue_id":"SNYK-JS-Y18N-1021887","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HOSTEDGITINFO-1088355","issue_id":"SNYK-JS-HOSTEDGITINFO-1088355","priority_score":586,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","issue_id":"SNYK-JS-HTTPCACHESEMANTICS-3248783","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-COOKIEJAR-3149984","issue_id":"SNYK-JS-COOKIEJAR-3149984","priority_score":372,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"pr...