[Snyk] Fix for 73 vulnerabilities

[Seanland]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • SCA/JS_2/package.json
  • SCA/JS_2/package-lock.json
  • SCA/JS_2/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	584/1000 Why? Has a fix available, CVSS 7.4	Directory Traversal SNYK-JS-ADMZIP-1065796	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-INI-1048974	Yes	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-JQUERY-174006	Yes	Proof of Concept
	701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	Yes	Mature
	711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	Yes	Mature
	591/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-KARMA-2395349	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-KARMA-2396325	Yes	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	DLL Injection SNYK-JS-KERBEROS-568900	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	489/1000 Why? Has a fix available, CVSS 5.5	Information Exposure SNYK-JS-LOG4JS-2348757	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-174116	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342073	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-2342082	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-451540	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKED-584281	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-MONGODB-473855	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MONGOOSE-1086688	Yes	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-MONGOOSE-2961688	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-MONGOOSE-472486	No	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MPATH-1577289	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MQUERY-1050858	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MQUERY-1089718	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Insecure Defaults SNYK-JS-SOCKETIO-1024859	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	Yes	Proof of Concept
	495/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1056408	No	No Known Exploit
	424/1000 Why? Has a fix available, CVSS 4.2	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1298037	No	No Known Exploit
	519/1000 Why? Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1766967	No	No Known Exploit
	519/1000 Why? Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-1910225	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-543825	No	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-568922	No	Proof of Concept
	694/1000 Why? Has a fix available, CVSS 9.6	Cross-site Scripting (XSS) SNYK-JS-TINYMCE-598223	No	No Known Exploit
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-TOTAL4-1130527	No	Proof of Concept
	811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-TOTALJS-1088607	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	899/1000 Why? Mature exploit, Has a fix available, CVSS 9.4	Arbitrary File Write via Archive Extraction (Zip Slip) npm:adm-zip:20180415	No	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) npm:jquery:20150627	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	654/1000 Why? Has a fix available, CVSS 8.8	Cross-site Scripting (XSS) npm:marked:20150520	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170112	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Cross-site Scripting (XSS) npm:marked:20170815	No	No Known Exploit
	454/1000 Why? Has a fix available, CVSS 4.8	Cross-site Scripting (XSS) npm:marked:20170815-1	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20170907	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:marked:20180225	No	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	Yes	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
	641/1000 Why? Mature exploit, Has a fix available, CVSS 5.1	Remote Memory Exposure npm:mongoose:20160116	No	Mature
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:negotiator:20160616	Yes	No Known Exploit
	756/1000 Why? Mature exploit, Has a fix available, CVSS 7.4	Uninitialized Memory Exposure npm:npmconf:20180512	Yes	Mature
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:semver:20150403	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Directory Traversal npm:st:20140206	No	Proof of Concept
	644/1000 Why? Mature exploit, Has a fix available, CVSS 4.3	Open Redirect npm:st:20171013	Yes	Mature
	761/1000 Why? Mature exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) npm:ws:20171108	Yes	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: adm-zip

The new version differs by 134 commits.

• c5aeed4 Incremented version number
• 119dcad Fixed path traversal issue GHSL-2020-198
• 1d22ff6 Merge pull request [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#341 from 5saviahv/history
• 492d148 added changelog
• dd415ae Incremented version
• 0f011a3 Fixed outFileName
• bc19fee Added extra parameter to extractEntryTo so target filename can be renamed
• 92e9836 Updated dev dependency
• 2b8d9ab Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#315 from enecciari/work_in_browser
• 4fe58d1 Merge pull request [Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#322 from cthackers/dependabot/npm_and_yarn/lodash-4.17.19
• 49218a4 Merge pull request [Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#327 from kosuke-suzuki/multibyte-comment
• a7e8932 Merge pull request [Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#331 from 5saviahv/master
• 7db0eda modified addLocalFolder method
• e114929 typo
• dc81063 modified addLocalFile method
• bc0f594 Deflate needs min V2.0
• dde4f51 Node v6
• 003d4cf Added ZipCrypto decrypting ability
• 63ed6e2 Detect and throw error with encrypted files
• c64ac14 LICENSE filename in package.json
• 1a334b2 add multibyte-encoded comment with byte length instead of character length
• 96d492a Bump lodash from 4.17.15 to 4.17.19
• b77f380 now it works in browser
• 218feee Merge remote-tracking branch 'upstream/master'

See the full diff

Package name: body-parser

The new version differs by 221 commits.

• 0f1bed0 1.17.1
• 0532096 lint: remove unreachable code branches
• b34aab5 build: eslint-config-standard@7.0.0
• 77b1ca1 build: eslint-plugin-markdown@1.0.0-beta.4
• e51dbc5 deps: qs@6.4.0
• 79bc939 1.17.0
• e6140e1 build: Node.js@7.7
• 42f467d deps: qs@6.3.1
• 4954aec build: test against Node.js 8.x nightly
• e2050df build: Node.js@7.6
• 2f941c4 build: Node.js@6.10
• 6549617 build: Node.js@4.8
• d1c2c7f deps: http-errors@~1.6.1
• e7b86ba build: eslint@3.16.1
• 7b630f7 1.16.1
• de574bf build: eslint@3.15.0
• 889bcc9 build: Node.js@7.5
• dba8ac4 deps: debug@2.6.1
• 95a3ebb docs: fix history file with incorrect qs version
• c5a73d5 1.16.0
• 9744dda deps: qs@6.3.0
• 7807757 deps: debug@2.6.0
• 0e44768 lint: use standard style in the README
• 14952be build: eslint-config-standard@6.2.1

See the full diff

Package name: karma

The new version differs by 250 commits.

• ab4b328 chore(release): 6.3.16 [skip ci]
• ff7edbb fix(security): mitigate the "Open Redirect Vulnerability"
• c1befa0 chore(release): 6.3.15 [skip ci]
• d9dade2 fix(helper): make mkdirIfNotExists helper resilient to concurrent calls
• 653c762 ci: prevent duplicate CI tasks on creating a PR
• c97e562 chore(release): 6.3.14 [skip ci]
• 91d5acd fix: remove string template from client code
• 69cfc76 fix: warn when `singleRun` and `autoWatch` are `false`
• 839578c fix(security): remove XSS vulnerability in `returnUrl` query param
• db53785 chore(release): 6.3.13 [skip ci]
• 5bf2df3 fix(deps): bump log4js to resolve security issue
• 36ad678 chore(release): 6.3.12 [skip ci]
• 41bed33 fix: remove depreciation warning from log4js
• c985155 docs: create security.md
• c96f0c5 chore(release): 6.3.11 [skip ci]
• a5219c5 fix(deps): pin colors package to 1.4.0 due to security vulnerability
• de0df2f test: fix version regex in the CLI test case
• eddb2e8 chore(release): 6.3.10 [skip ci]
• 0d24bd9 fix(logger): create parent folders if they are missing
• b8eafe9 chore(release): 6.3.9 [skip ci]
• cf318e5 test: add test case for restarting test run on file change
• 92ffe60 fix: restartOnFileChange option not restarting the test run
• b153355 style: fix grammar error in browser capture log message
• 8f798d5 chore(release): 6.3.8 [skip ci]

See the full diff

Package name: marked

The new version differs by 250 commits.

• ae01170 chore(release): 4.0.10 [skip ci]
• fceda57 🗜️ build [skip ci]
• 8f80657 fix(security): fix redos vulnerabilities
• c4a3ccd Merge pull request from GHSA-rrrm-qjm4-v8hf
• d7212a6 chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 ([Snyk(Unlimited)] Upgrade dustjs-helpers from 1.5.0 to 1.7.4 snyk-matt/goof-platform#2352)
• 5a84db5 chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.5.5 snyk-matt/goof-platform#2350)
• 2bc67a5 chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 ([Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#2351)
• 98996b8 chore(deps-dev): Bump @ babel/preset-env from 7.16.5 to 7.16.7 ([Snyk(Unlimited)] Upgrade cookie-parser from 1.3.3 to 1.4.5 snyk-matt/goof-platform#2353)
• ebc2c95 chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 ([Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.16.0 snyk-matt/goof-platform#2354)
• e5171a9 chore(release): 4.0.9 [skip ci]
• 41990a5 🗜️ build [skip ci]
• a9696e2 fix: retain line breaks in tokens properly ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.5.5 snyk-matt/goof-platform#2341)
• 6aacd13 chore(deps-dev): Bump jasmine from 3.10.0 to 4.0.0 ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#2343)
• 55e5df9 chore(deps-dev): Bump @ babel/core from 7.16.5 to 7.16.7 ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#2344)
• 4f4cab4 chore(deps-dev): Bump eslint-plugin-import from 2.25.3 to 2.25.4 ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#2345)
• 97ea9f2 chore(deps-dev): Bump eslint from 8.5.0 to 8.6.0 ([Snyk(Unlimited)] Upgrade express from 4.12.4 to 4.17.1 snyk-matt/goof-platform#2346)
• 4c3b853 chore(deps-dev): Bump rollup-plugin-license from 2.6.0 to 2.6.1 ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#2347)
• 9396896 chore(deps-dev): Bump rollup from 2.61.1 to 2.62.0 ([Snyk(Unlimited)] Upgrade npmconf from 0.0.24 to 0.2.0 snyk-matt/goof-platform#2338)
• 103a56c chore(deps-dev): Bump @ babel/preset-env from 7.16.4 to 7.16.5 ([Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 snyk-matt/goof-platform#2333)
• be771c9 chore(deps-dev): Bump eslint from 8.4.1 to 8.5.0 ([Snyk(Unlimited)] Upgrade body-parser from 1.9.0 to 1.19.0 snyk-matt/goof-platform#2334)
• 67d5a65 chore(deps-dev): Bump @ babel/core from 7.16.0 to 7.16.5 ([Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.1 snyk-matt/goof-platform#2335)
• 991493a chore(deps-dev): Bump eslint-plugin-promise from 5.2.0 to 6.0.0 ([Snyk(Unlimited)] Upgrade marked from 0.3.5 to 0.8.2 snyk-matt/goof-platform#2336)
• 59375fb chore(release): 4.0.8 [skip ci]
• 4734c82 🗜️ build [skip ci]

See the full diff

Package name: mongoose

The new version differs by 250 commits.

• ca7996b chore: release 5.13.15
• e75732a Merge pull request [Snyk(Unlimited)] Upgrade express-fileupload from 0.0.5 to 0.4.0 snyk-matt/goof-platform#12307 from Automattic/vkarpov15/fix-5x-build
• a1144dc test: run node 7 tests with upgraded npm re: [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.4 snyk-matt/goof-platform#12297
• dfc4ad7 test: try upgrading npm for node v4 tests re: [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.4 snyk-matt/goof-platform#12297
• b9e985c test: more strict @ types/node version
• 4d813fa test: fix @ types/node version in tests re: [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.4 snyk-matt/goof-platform#12297
• 99b4189 Merge pull request [Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.4 snyk-matt/goof-platform#12297 from shubanker/issue/prototype-pollution-5.x-patch
• 5eb11dd made function non async
• 6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
• a2ec28d Merge pull request [Snyk(Unlimited)] Upgrade tinymce from 4.1.0 to 4.9.11 snyk-matt/goof-platform#11366 from laissonsilveira/5.x
• 05ce577 Fix broken link from findandmodify method deprecation
• d2b846f chore: release 5.13.14
• 69c1f6c docs(models): fix up nModified example for 5.x
• 4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt
• a738440 chore: release 5.13.13
• 4d12a62 Merge pull request [Snyk(Unlimited)] Upgrade marked from 0.3.18 to 0.8.2 snyk-matt/goof-platform#10942 from jneal-afs/fix-query-set-ts-type
• c3463c4 Merge pull request [Snyk(Unlimited)] Upgrade consolidate from 0.14.5 to 0.16.0 snyk-matt/goof-platform#10916 from iovanom/[Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.3 snyk-matt/goof-platform#10902-v5
• ff5ddb5 fix: hardcode base 10 for nodeMajorVersion parseInt() call
• d205c4d make value optional
• c6fd7f7 Fix ts types for query set
• 22e9b3b [[Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.3 snyk-matt/goof-platform#10902 v5] Add node major version to utils
• 5468642 [[Snyk(Unlimited)] Upgrade moment from 2.15.1 to 2.29.3 snyk-matt/goof-platform#10902 v5] Emit end event in before close
• 271bc60 Merge pull request [Snyk(Unlimited)] Upgrade mongodb from 3.6.3 to 3.7.3 snyk-matt/goof-platform#10910 from lorand-horvath/patch-2
• b7ebeec Update mongodb driver to 3.7.3

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s ([Snyk] Security upgrade urllib3 from 1.21.1 to 1.26.5 #89)
• b83b36d chore(package): update eslint to version 3.19.0 ([Snyk] Security upgrade lxml from 4.5.0 to 4.9.1 #88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 ([Snyk] Security upgrade karma from 1.7.1 to 5.0.8 #86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 ([Snyk] Fix for 5 vulnerabilities #85)
• bd49cec chore(package): update xo to version 0.18.0 ([Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 #84)
• d4a94b1 chore(package): update serve to version 5.0.3 ([Snyk] Security upgrade karma from 1.7.1 to 5.0.8 #83)
• 923eee1 chore(package): update serve to version 5.0.2 ([Snyk] Security upgrade lxml from 4.5.0 to 4.9.1 #82)

See the full diff

Package name: tap

The new version differs by 250 commits.

• bc49fb7 15.0.0
• 4378608 remove publishConfig beta tag
• 2c2e75f provide mkdirRecursive polyfill for old node versions
• 8f4c855 correctly specify 10.0.x versions
• 5e61672 update deps
• c44c418 Support 10.0 and test in CI
• dc5c841 tcompare@5.0.4
• 385b6d2 Add .taprc.yml/yaml handling to change log
• 4f87466 just run regular test script as snap script
• 315a921 delete FORCE_COLOR/NO_COLOR rather than setting to '0'
• 564e96f Add detection for .yaml and .yml
• 75bae93 update cli doc
• c1289bf 15.0.0-3
• d6fe32f Do not CI on node 10
• d2e0428 do not use equals() alias in self-test
• 3f787c4 tell npm to be colorful in CI
• 1512818 run tests with color on github actions
• 4626fa1 Docs: update documentation for tap v15
• 02d536b libtap@1.0.1
• f7c7c58 update cli doc
• 2aa497c 15.0.0-2
• 8d7f62e Add support for overriding libtap's internal settings
• 29eed63 new snapshot folder layout
• 3a28d4d update libtap git ref to isaacs/tap-v15-prep branch

See the full diff

Package name: total.js

The new version differs by 5 commits.

• 887b0fa Fixed security issue in `U.set()` and `U.get()`.
• 2fe92a6 Updated changelog.
• 84e6d02 Fixed security issue when parsing query arguments.
• 7004957 Added `insecure` flags to the `U.request()` method.
• 398b691 Added HTML escaping for meta tags.

See the full diff

Package name: total4

The new version differs by 15 commits.

• 4e01001 Updated version.
• 853f482 Updated `LOADCONFIG()` by adding support for encoding.
• a2cb2a3 Improved code.
• b3eacd6 Added additional variables.
• 1dd8472 Added missing variable.
• 3c594b6 Improved code.
• 3c24772 Improved error handling.
• 545fbd4 Updated `flowstream.trigger()` for sync. functionality.
• 7577212 Improved `flowmessage.variables()`.
• 20ddfe8 Added `flowstream.variables()` method.
• 508648f Added missing method.
• 8a72d8c Removed useless methods.
• 9163b92 Updated `flowinstance.newmessage()` by adding support for existing Message instance.
• 2c24ce5 Updated changelog.
• 99330c8 Updated code.

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) npm:ms:20151024	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"7ef261e0-447b-4cb3-b1e9-4f460259b7fc","prPublicId":"7ef261e0-447b-4cb3-b1e9-4f460259b7fc","dependencies":[{"name":"adm-zip","from":"0.4.7","to":"0.5.2"},{"name":"body-parser","from":"1.9.0","to":"1.17.1"},{"name":"jquery","from":"2.2.4","to":"3.5.0"},{"name":"karma","from":"1.7.1","to":"6.3.16"},{"name":"lodash","from":"4.17.4","to":"4.17.21"},{"name":"marked","from":"0.3.5","to":"4.0.10"},{"name":"moment","from":"2.15.1","to":"2.29.2"},{"name":"mongoose","from":"4.2.4","to":"5.13.15"},{"name":"ms","from":"0.7.3","to":"2.0.0"},{"name":"npmconf","from":"0.0.24","to":"2.1.3"},{"name":"st","from":"0.2.4","to":"1.2.2"},{"name":"tap","from":"11.1.5","to":"15.0.0"},{"name":"tinymce","from":"5.1.0","to":"5.10.0"},{"name":"total.js","from":"3.4.8","to":"3.4.9"},{"name":"total4","from":"0.0.42","to":"0.0.43"}],"packageManager":"npm","projectPublicId":"f86272bc-d9f0-4028-85a3-e9b1884c3b49","projectUrl":"https://app.snyk.io/org/sean.clarke-bcf/project/f86272bc-d9f0-4028-85a3-e9b1884c3b49?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746","npm:debug:20170905","npm:ms:20151024","npm:ms:20170412"],"vulns":["npm:st:20171013","npm:st:20140206","npm:semver:20150403","npm:qs:20170213","npm:npmconf:20180512","npm:negotiator:20160616","npm:ms:20170412","npm:ms:20151024","npm:mime:20170907","npm:mem:20180117","npm:debug:20170905","npm:braces:20180219","SNYK-JS-YARGSPARSER-560381","SNYK-JS-XMLHTTPREQUESTSSL-1255647","SNYK-JS-XMLHTTPREQUESTSSL-1082936","npm:ws:20171108","SNYK-JS-WS-1296835","SNYK-JS-TOTALJS-1088607","SNYK-JS-TOTAL4-1130527","SNYK-JS-TINYMCE-598223","SNYK-JS-TINYMCE-568922","SNYK-JS-TINYMCE-543825","SNYK-JS-TINYMCE-1910225","SNYK-JS-TINYMCE-1766967","SNYK-JS-TINYMCE-1298037","SNYK-JS-TINYMCE-1056408","SNYK-JS-SOCKETIOPARSER-1056752","SNYK-JS-SOCKETIO-1024859","SNYK-JS-MQUERY-1089718","SNYK-JS-MQUERY-1050858","SNYK-JS-MPATH-1577289","npm:mongoose:20160116","SNYK-JS-MONGOOSE-472486","SNYK-JS-MONGOOSE-2961688","SNYK-JS-MONGOOSE-1086688","SNYK-JS-MONGODB-473855","npm:moment:20170905","npm:moment:20161019","SNYK-JS-MOMENT-2440688","npm:marked:20180225","npm:marked:20170907","npm:marked:20170815-1","npm:marked:20170815","npm:marked:20170112","npm:marked:20150520","SNYK-JS-MARKED-584281","SNYK-JS-MARKED-451540","SNYK-JS-MARKED-2342082","SNYK-JS-MARKED-2342073","SNYK-JS-MARKED-174116","SNYK-JS-LOG4JS-2348757","SNYK-JS-LODASH-567746","npm:lodash:20180130","SNYK-JS-LODASH-73639","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-1018905","SNYK-JS-KERBEROS-568900","SNYK-JS-KARMA-2396325","SNYK-JS-KARMA-2395349","npm:jquery:20150627","SNYK-JS-JQUERY-567880","SNYK-JS-JQUERY-565129","SNYK-JS-JQUERY-174006","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-INI-1048974","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-ENGINEIO-1056749","SNYK-JS-ANSIREGEX-1583908","npm:adm-zip:20180415","SNYK-JS-ADMZIP-1065796"],"upgrade":["SNYK-JS-ADMZIP-1065796","SNYK-JS-ANSIREGEX-1583908","SNYK-JS-ENGINEIO-1056749","SNYK-JS-GLOBPARENT-1016905","SNYK-JS-INI-1048974","SNYK-JS-ISTANBULREPORTS-2328088","SNYK-JS-JQUERY-174006","SNYK-JS-JQUERY-565129","SNYK-JS-JQUERY-567880","SNYK-JS-KARMA-2395349","SNYK-JS-KARMA-2396325","SNYK-JS-KERBEROS-568900","SNYK-JS-LODASH-1018905","SNYK-JS-LODASH-1040724","SNYK-JS-LODASH-450202","SNYK-JS-LODASH-567746","SNYK-JS-LODASH-608086","SNYK-JS-LODASH-73638","SNYK-JS-LODASH-73639","SNYK-JS-LOG4JS-2348757","SNYK-JS-MARKED-174116","SNYK-JS-MARKED-2342073","SNYK-JS-MARKED-2342082","SNYK-JS-MARKED-451540","SNYK-JS-MARKED-584281","SNYK-JS-MOMENT-2440688","SNYK-JS-MONGODB-473855","SNYK-JS-MONGOOSE-1086688","SNYK-JS-MONGOOSE-2961688","SNYK-JS-MONGOOSE-472486","SNYK-JS-MPATH-1577289","SNYK-JS-MQUERY-1050858...