[Snyk] Fix for 9 vulnerabilities #36

snyk-bot · 2022-01-17T15:37:15Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- server/package.json
- server/package-lock.json
- server/.snyk

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Command Injection SNYK-JS-AWSLAMBDA-540839	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775	Yes	Mature
751/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.6	Command Injection SNYK-JS-NODEMAILER-1038834	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	HTTP Header Injection SNYK-JS-NODEMAILER-1296415	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: graphql-yoga

The new version differs by 24 commits.

844bdfd fix: AWS dependencies
d4b532b Fix AWS dependencies
2e174cb feat(deps): Migrate to graphql-upload
c38f4ac fix(deps): migrate from apollo-upload-server to graphql-upload
854e774 Merge pull request #489 from prisma/renovate/graphql-playground-middleware-lambda-1.x
af39ec1 fix(deps): update dependency graphql-playground-middleware-lambda to v1.7.12
9a32068 Merge pull request #488 from prisma/renovate/graphql-playground-middleware-express-1.x
b77b070 fix(deps): update dependency graphql-playground-middleware-express to v1.7.11
bd0ecf5 Merge pull request #528 from prisma/renovate/graphql-middleware-3.x
268df28 fix(deps): update dependency graphql-middleware to v3.0.2
33987a0 Merge pull request #518 from prisma/renovate/graphql-middleware-3.x
051a501 fix(deps): update dependency graphql-middleware to v3.0.1
24ade17 Merge pull request #514 from prisma/nikolasburk-patch-1
b06acd1 Update README.md
29a5d22 Update README.md
c9f10c4 feat: Add support for defaultPlaygroundQuery
33bed88 Merge pull request #431 from prisma/renovate/apollo-upload-server-7.x
94e393a Merge pull request #506 from prisma/renovate/graphql-middleware-3.x
774021e Update stale.yml
364c941 fix(deps): update dependency graphql-middleware to v3
b387380 add stale bot
eda9ec3 Merge pull request #491 from coreyward/patch-1
ad5ff2e Correct plural form of “middleware”
3993cbf fix(deps): update dependency apollo-upload-server to v7

Package name: nodemailer

The new version differs by 93 commits.

Package name: nodemon

The new version differs by 50 commits.

ee92ee4 test: split require tests
33ae6da test: fix failing test when required
a4490e2 fix: package.json & package-lock.json to reduce vulnerabilities
9bd07eb docs: changed verbose logging and CLI documentation to reflect support single file watch functionality
c279760 test: make sigint test to actually check child pid (#1656)
cd45d74 test: fix fork test
496c335 chore: undo change to spawn code
47dfb8b fix: pipe stderr correctly
ed91703 fix: ubuntu loop waiting for sub processes
9a67f36 feat: update chokidar to v3
6781b40 docs: add license file
0e6ba3c fix: wait for all subprocesses to terminate (fixes issue #1476)
b58cf7d chore: Merge branch 'master'
95a4c09 docs: add to faq
3a2eaf7 choe: merge master
3d90879 chore: add logo to site
7d6c1a8 fix: Replace `jade` references by `pug`
74c8749 chore: test funding.yml change
c1a8b75 chore: update funding
d5b9891 test: ensure ignore relative paths
eead311 fix: to avoid confusion like in #1528, always report used extension
12b66cd fix: langauge around "watching" (#1591)
2e6e2c4 docs: README Grammar (#1601)
5124ae9 Merge branch 'master' of github.com:remy/nodemon

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

Provide feedback