[Snyk] Fix for 64 vulnerabilities

[karenyavine]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	155/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 659, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	155/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00069, Social Trends: No, Days since published: 452, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-ASYNC-2441827	Yes	Proof of Concept
	156/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00349, Social Trends: No, Days since published: 1196, Transitive dependency: Yes, Is Malicious: No	Internal Property Tampering SNYK-JS-BSON-561052	Yes	No Known Exploit
	159/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 894, Transitive dependency: No, Is Malicious: No	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	313/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.02537, Social Trends: No, Days since published: 433, Transitive dependency: No, Is Malicious: No	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	149/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1350, Transitive dependency: No, Is Malicious: No	Denial of Service (DoS) SNYK-JS-EXPRESSFILEUPLOAD-473997	Yes	No Known Exploit
	208/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0085, Social Trends: No, Days since published: 1068, Transitive dependency: No, Is Malicious: No	Prototype Pollution SNYK-JS-EXPRESSFILEUPLOAD-595969	Yes	Proof of Concept
	90/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Changed, Exploit Maturity, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00073, Social Trends: No, Days since published: 423, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	146/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00384, Social Trends: No, Days since published: 935, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	179/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.02159, Social Trends: No, Days since published: 1559, Transitive dependency: No, Is Malicious: No	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	233/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00572, Social Trends: No, Days since published: 1176, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Mature
	262/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0737, Social Trends: No, Days since published: 1160, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Mature
	97/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 1562, Transitive dependency: Yes, Is Malicious: No	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	158/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 1548, Transitive dependency: Yes, Is Malicious: No	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	61/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00182, Social Trends: No, Days since published: 868, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	230/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00606, Social Trends: No, Days since published: 868, Transitive dependency: Yes, Is Malicious: No	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	147/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01362, Social Trends: No, Days since published: 1462, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	183/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1161, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	147/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1046, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	146/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00117, Social Trends: No, Days since published: 1613, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
	126/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00317, Social Trends: No, Days since published: 1550, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
	59/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1548, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	81/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00084, Social Trends: No, Days since published: 533, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	81/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00112, Social Trends: No, Days since published: 533, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	59/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1460, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	129/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 1071, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	56/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0037, Social Trends: No, Days since published: 469, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	132/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1209, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	147/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00353, Social Trends: No, Days since published: 454, Transitive dependency: No, Is Malicious: No	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	112/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1354, Transitive dependency: Yes, Is Malicious: No	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	177/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 831, Transitive dependency: No, Is Malicious: No	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	264/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00132, Social Trends: No, Days since published: 340, Transitive dependency: No, Is Malicious: No	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	127/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00194, Social Trends: No, Days since published: 1362, Transitive dependency: No, Is Malicious: No	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	132/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00252, Social Trends: No, Days since published: 670, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	146/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00072, Social Trends: No, Days since published: 932, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	157/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 825, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	166/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00215, Social Trends: No, Days since published: 211, Transitive dependency: Yes, Is Malicious: No	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept
	66/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 13, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	132/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00044, Social Trends: No, Days since published: 1204, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	55/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00088, Social Trends: No, Days since published: 1960, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	56/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00225, Social Trends: No, Days since published: 2107, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	Proof of Concept
	212/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.0141, Social Trends: No, Days since published: 2408, Transitive dependency: No, Is Malicious: No	Arbitrary Code Execution npm:ejs:20161128	Yes	No Known Exploit
	127/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00058, Social Trends: No, Days since published: 2400, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) npm:ejs:20161130	Yes	No Known Exploit
	127/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00079, Social Trends: No, Days since published: 2400, Transitive dependency: No, Is Malicious: No	Denial of Service (DoS) npm:ejs:20161130-1	Yes	No Known Exploit
	110/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00103, Social Trends: No, Days since published: 2105, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:fresh:20170908	No	No Known Exploit
	136/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00782, Social Trends: No, Days since published: 1965, Transitive dependency: Yes, Is Malicious: No	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	76/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00289, Social Trends: No, Days since published: 2410, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	176/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.0017, Social Trends: No, Days since published: 2630, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit
	147/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00116, Social Trends: No, Days since published: 2345, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit
	149/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 2016, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	90/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: None, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 2016, Transitive dependency: No, Is Malicious: No	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	147/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00095, Social Trends: No, Days since published: 2111, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	209/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1952, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	38/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00101, Social Trends: No, Days since published: 2105, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	129/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, Social Trends: No, Days since published: 2443, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	50/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00234, Social Trends: No, Days since published: 2043, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	50/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00052, Social Trends: No, Days since published: 2240, Transitive dependency: No, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	110/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00103, Social Trends: No, Days since published: 2573, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit
	277/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Functional, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, Social Trends: No, Days since published: 1877, Transitive dependency: No, Is Malicious: No	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature
	110/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00126, Social Trends: No, Days since published: 2315, Transitive dependency: Yes, Is Malicious: No	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	44/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00242, Social Trends: No, Days since published: 3013, Transitive dependency: Yes, Is Malicious: No	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit
	82/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00672, Social Trends: No, Days since published: 3434, Transitive dependency: No, Is Malicious: No	Directory Traversal npm:st:20140206	No	Proof of Concept
	205/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: High, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 2087, Transitive dependency: No, Is Malicious: No	Open Redirect npm:st:20171013	Yes	Mature
	110/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Local, Social Trends: No, Days since published: 2189, Transitive dependency: Yes, Is Malicious: No	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 250 commits.

• 424dadd 1.19.2
• 11248a2 deps: [email protected]
• 7a088eb build: [email protected]
• ecedf31 build: [email protected]
• b6bfabd build: [email protected]
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: [email protected]
• 70560b1 build: [email protected]
• 548a06f build: [email protected]
• 3b00678 deps: [email protected]
• d5acb61 build: [email protected]
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: [email protected]
• c631b58 build: [email protected]
• c81a8e2 build: [email protected]
• 3c4dcb8 build: [email protected]
• d0a214b 1.19.1
• fb172d4 build: [email protected]
• c5e63cb build: [email protected]
• c6d43bd build: [email protected]
• 313ed6d build: [email protected]
• 8389b51 deps: [email protected]
• aae94b2 deps: [email protected]
• 7f84d4f deps: [email protected]

See the full diff

Package name: errorhandler

The new version differs by 85 commits.

• c41e9aa 1.4.3
• ffce329 build: [email protected]
• 90a8777 build: [email protected]
• 38b745b deps: accepts@~1.3.0
• 80aea51 deps: escape-html@~1.0.3
• b0be93a docs: fix typo in readme
• 2f688d0 build: support Node.js 5.x
• 1238ed4 build: [email protected]
• fdeb13c build: [email protected]
• cc6fd1f build: support Node.js 4.x
• 3a2117a build: support io.js 3.x
• 75b9ee1 build: reduce runtime versions to one per major
• 6797752 tests: add test for util.inspect in HTML response
• b6e53d7 docs: add more documentation regarding util.inspect
• 88b9a58 deps: accepts@~1.2.13
• ac75d3f build: [email protected]
• 5ee62b7 deps: [email protected]
• 1e89ae7 build: [email protected]
• ef1e8f1 build: [email protected]
• a7a6dce 1.4.2
• 692e2e7 deps: accepts@~1.2.12
• 6f2e8d2 build: [email protected]
• 564c117 build: fix running Node.js 0.8 tests on Travis CI
• 2dfd872 1.4.1

See the full diff

Package name: express

The new version differs by 250 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: [email protected]
• a007863 deps: [email protected]
• e98f584 Revert "build: use [email protected] for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use [email protected] for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: [email protected]
• 43cc56e build: clean up gitignore
• 1c7bbcc build: [email protected]
• 9cbbc8a deps: [email protected]
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Package name: express-fileupload

The new version differs by 250 commits.

• 9f22db7 version bump
• 9fca550 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#240 from AmazingMech2418/patch-1
• 1530cf5 Make Travis happy
• e43bfcf Fix typo
• 8bf7427 Update processNested.js
• fd40389 version bump
• 94c9cf9 prototype pollution fix [Snyk] Fix for 18 vulnerable dependency paths #2
• 829f395 version bump
• db49535 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#237 from richardgirges/fix-236-proto-pollution
• d81bee9 Upgrade latest packages; run npm audit fix; add logic to prevent prototype pollution in parseNested
• e9848fc Update package-lock.json
• d536cfb Update package.json
• c7a6b9c Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#233 from RomanBurunkov/master
• a53b93f Update tests to support empty files
• d8c00c5 Add empty files support for tempFileHandler
• b24233d Comment extra condition in fileFactory(issue [Snyk] Fix for 1 vulnerable dependency path #1), add more logging
• d57ee02 Formatting utilities
• b6097df Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#232 from RomanBurunkov/master
• 05004b7 Merge pull request [Snyk Update] New fixes for 1 vulnerable dependency path snyk-labs/nodejs-goof#230 from Code42Cate/readme-timeout
• 1afa527 Update dependencies
• 880c2b7 Improve timeout option documentation
• 3f130b0 Add timeout option to README.MD
• d55fa83 Merge pull request [Snyk Update] New fixes for 2 vulnerable dependency paths snyk-labs/nodejs-goof#222 from wbt/patch-1
• d61f02f Fix some small typos

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 (#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly (#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 (#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 (#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 (#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 (#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 (#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 (#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 (#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 (#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 (#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 (#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• ca7996b chore: release 5.13.15
• e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
• a1144dc test: run node 7 tests with upgraded npm re: #12297
• dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
• b9e985c test: more strict @ types/node version
• 4d813fa test: fix @ types/node version in tests re: #12297
• 99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
• 5eb11dd made function non async
• 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
• a2ec28d Merge pull request #11366 from laissonsilveira/5.x
• 05ce577 Fix broken link from findandmodify method deprecation
• d2b846f chore: release 5.13.14
• 69c1f6c docs(models): fix up nModified example for 5.x
• 4cfc4d6 fix(ti...