Conversation
Snyk has created this PR to upgrade:
- @hapi/boom from 9.1.0 to 9.1.4.
See this package in npm: https://www.npmjs.com/package/@hapi/boom
- @sentry/tracing from 5.27.6 to 5.30.0.
See this package in npm: https://www.npmjs.com/package/@sentry/tracing
- debug from 4.3.1 to 4.3.6.
See this package in npm: https://www.npmjs.com/package/debug
- @sentry/node from 5.27.6 to 5.30.0.
See this package in npm: https://www.npmjs.com/package/@sentry/node
- bcrypt from 5.0.0 to 5.1.1.
See this package in npm: https://www.npmjs.com/package/bcrypt
- body-parser from 1.19.0 to 1.20.2.
See this package in npm: https://www.npmjs.com/package/body-parser
- dotenv from 8.2.0 to 8.6.0.
See this package in npm: https://www.npmjs.com/package/dotenv
- helmet from 4.2.0 to 4.6.0.
See this package in npm: https://www.npmjs.com/package/helmet
- joi from 17.3.0 to 17.13.3.
See this package in npm: https://www.npmjs.com/package/joi
- mongodb from 3.6.3 to 3.7.4.
See this package in npm: https://www.npmjs.com/package/mongodb
- passport from 0.4.1 to 0.7.0.
See this package in npm: https://www.npmjs.com/package/passport
- passport-jwt from 4.0.0 to 4.0.1.
See this package in npm: https://www.npmjs.com/package/passport-jwt
See this project in Snyk:
https://app.snyk.io/org/rodcko2417/project/bb099a96-9b58-4afd-86a4-fa7239baf3b9?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@hapi/boom
from 9.1.0 to 9.1.4 | 4 versions ahead of your current version | 3 years ago
on 2021-08-20
@sentry/tracing
from 5.27.6 to 5.30.0 | 6 versions ahead of your current version | 4 years ago
on 2021-01-13
debug
from 4.3.1 to 4.3.6 | 5 versions ahead of your current version | a month ago
on 2024-07-27
@sentry/node
from 5.27.6 to 5.30.0 | 6 versions ahead of your current version | 4 years ago
on 2021-01-13
bcrypt
from 5.0.0 to 5.1.1 | 3 versions ahead of your current version | a year ago
on 2023-08-16
body-parser
from 1.19.0 to 1.20.2 | 5 versions ahead of your current version | 2 years ago
on 2023-02-22
dotenv
from 8.2.0 to 8.6.0 | 5 versions ahead of your current version | 3 years ago
on 2021-05-05
helmet
from 4.2.0 to 4.6.0 | 7 versions ahead of your current version | 3 years ago
on 2021-05-02
joi
from 17.3.0 to 17.13.3 | 33 versions ahead of your current version | 3 months ago
on 2024-06-19
mongodb
from 3.6.3 to 3.7.4 | 14 versions ahead of your current version | a year ago
on 2023-06-21
passport
from 0.4.1 to 0.7.0 | 6 versions ahead of your current version | 9 months ago
on 2023-11-27
passport-jwt
from 4.0.0 to 4.0.1 | 1 version ahead of your current version | 2 years ago
on 2022-12-24
Issues fixed by the recommended upgrade:
SNYK-JS-TAR-1536528
SNYK-JS-TAR-1536531
SNYK-JS-TAR-1579147
SNYK-JS-TAR-1579152
SNYK-JS-TAR-1579155
SNYK-JS-QS-3153490
SNYK-JS-SIDEWAYFORMULA-3317169
SNYK-JS-TAR-6476909
SNYK-JS-MONGODB-5871303
SNYK-JS-PASSPORT-2840631
SNYK-JS-TAR-1536758
SNYK-JS-MINIMIST-2429795
Release notes
Package name: @hapi/boom
-
9.1.4 - 2021-08-20
-
9.1.3 - 2021-07-02
-
9.1.2 - 2021-03-16
-
9.1.1 - 2020-12-16
- Clean up typings comments (#278)
- Allow custom properties on error payload property in typings (#279)
- Make isBoom type definition laxer (#275)
- Upgrade lab dependency to v24 and devDependency of typescript (#273)
-
9.1.0 - 2020-03-12
from @hapi/boom GitHub release notes9.1.4
9.1.3
9.1.2
9.1.0
Package name: @sentry/tracing
-
5.30.0 - 2021-01-13
-
5.29.2 - 2020-12-17
-
5.29.1 - 2020-12-16
-
5.29.0 - 2020-12-07
-
5.28.0 - 2020-12-01
-
5.27.7-beta.0 - 2020-12-01
-
5.27.6 - 2020-11-23
from @sentry/tracing GitHub release notesPackage name: debug
-
4.3.6 - 2024-07-27
- Avoid using deprecated RegExp.$1 by @ bluwy in #969
- @ bluwy made their first contribution in #969
-
4.3.5 - 2024-05-31
- cac39b1 Fix/debug depth (#926)
-
4.3.4 - 2022-03-17
- Add section about configuring JS console to show debug messages by @ gitname in #866
- Replace deprecated String.prototype.substr() by @ CommanderRoot in #876
- @ gitname made their first contribution in #866
- @ CommanderRoot made their first contribution in #876
-
4.3.3 - 2021-11-27
- Migrates repository from https://github.com/visionmedia/debug to https://github.com/debug-js/debug. Please see notes below as to why this change was made.
- Updates repository maintainership information
- Updates the copyright (no license terms change has been made)
- Removes accidental epizeuxis (#828)
- Adds README section regarding usage in child procs (#850)
- The old organization was defunct and abandoned.
- I was not an owner of the old organization and thus could not ban the non-trivial amount of spam users or the few truly abusive users from the org. This hindered my ability to properly maintain this package.
- The
- The old org has way, way too many approved members with push access, for which there was nothing I could do. This presented a pretty sizable security risk given that many packages in recent years have fallen victim to backdoors and the like due to lax security access.
-
4.3.2 - 2020-12-09
- Caches enabled statuses on a per-logger basis to speed up
-
4.3.1 - 2020-11-19
- Fixes a ReDOS regression (#458) - see #797 for details.
from debug GitHub release notesWhat's Changed
New Contributors
Full Changelog: 4.3.5...4.3.6
Patch
Thank you @ calvintwr for the fix.
What's Changed
New Contributors
Full Changelog: 4.3.3...4.3.4
Patch Release 4.3.3
This is a documentation-only release. Further, the repository was transferred. Please see notes below.
Thank you to @ taylor1791 and @ kristofkalocsai for their contributions.
Repository Migration Information
I've formatted this as a FAQ, please feel free to open an issue for any additional question and I'll add the response here.
Q: What impact will this have on me?
In most cases, you shouldn't notice any change.
The only exception I can think of is if you pull code directly from https://github.com/visionmedia/debug, e.g. via a
"debug": "visionmedia/debug"-type version entry in your package.json - in which case, you should still be fine due to the automatic redirection Github sets up, but you should also update any references as soon as possible.Q: What are the security implications of this change?
If you pull code directly from the old URL, you should update the URL to https://github.com/debug-js/debug as soon as possible. The old organization has many approved owners and thus a new repository could (in theory) be created at the old URL, circumventing Github's automatic redirect that is in place now and serving malicious code. I (@ Qix-) also wouldn't have access to that repository, so while I don't think it would happen, it's still something to consider.
Even in such a case, however, the officially released package on npm (
debug) would not be affected. That package is still very much under control (even more than it used to be).Q: What should I do if I encounter an issue related to the migration?
Search the issues first to see if someone has already reported it, and then open a new issue if someone has not.
Q: Why was this done as a 'patch' release? Isn't this breaking?
No, it shouldn't be breaking. The package on npm shouldn't be affected (aside from this patch release) and any references to the old repository should automatically redirect.
Thus, according to all of the "APIs" (loosely put) involved, nothing should have broken.
I understand there are a lot of edge cases so please open issues as needed so I can assist in any way necessary.
Q: Why was the repository transferred?
I'll just list them off in no particular order.
debugecosystem intends to grow beyond a single package, and since new packages could not be created in the old org (nor did it make sense for them to live there), a new org made the most sense - especially from a security point of view.Q: Was this approved?
Yes.[archive]
Q: Do I need to worry about another migration sometime in the future?
No.
Patch release 4.3.2
.enabledchecks (#799)Thank you @ omg!
Patch release 4.3.1
Package name: @sentry/node
-
5.30.0 - 2021-01-13
-
5.29.2 - 2020-12-17
-
5.29.1 - 2020-12-16
-
5.29.0 - 2020-12-07
-
5.28.0 - 2020-12-01
-
5.27.7-beta.0 - 2020-12-01
-
5.27.6 - 2020-11-23
from @sentry/node GitHub release notesPackage name: bcrypt
-
5.1.1 - 2023-08-16
- Refactored example with async await by @ lpizzinidev in #894
- Fixed z/OS build issue by @ laijonathan in #968
- Update dependencies by @ recrsn in #993
- @ lpizzinidev made their first contribution in #894
- @ laijonathan made their first contribution in #968
-
5.1.0 - 2022-10-06
- Update node-pre-gyp to 1.0.2 by @ feuxfollets1013 in #865
- Update README for inclusion of musl by @ arbourd in #883
- Version bump, security updates to sub dep npmlog by @ adaniels-parabol in #905
- document ESM usage (#892) by @ mariusa in #899
- fix: update travis CI Docker image repository by @ cokia in #930
- Update node versions in appveyor test matrix by @ p-kuen in #936
- chore(appveyor): not use latest npm by @ cokia in #932
- chore: update Appveyor readme badge by @ cokia in #933
- Use Github actions for CI by @ recrsn in #858
- Update dependencies by @ recrsn in #953
- Migrate tests to use Jest by @ recrsn in #958
- Pin NAPI to v3 by @ recrsn in #959
- @ feuxfollets1013 made their first contribution in #865
- @ arbourd made their first contribution in #883
- @ adaniels-parabol made their first contribution in #905
- @ mariusa made their first contribution in #899
- @ cokia made their first contribution in #930
- @ p-kuen made their first contribution in #936
-
5.0.1 - 2021-02-26
-
5.0.0 - 2020-06-08
- Fix the bcrypt "wrap-around" bug. It affects passwords with lengths >= 255.
- Experimental support for z/OS
- Fix a bug related to NUL in password input
- Update
from bcrypt GitHub release notesWhat's Changed
New Contributors
Full Changelog: v5.1.0...v5.1.1
What's Changed
New Contributors
Full Changelog: v5.0.1...v5.1.0
Update
node-pre-gypto 1.0.0It is uncommon but it's a bug nevertheless. Previous attempts to fix the bug
was unsuccessful.
node-pre-gypto 0.15.0Package name: body-parser
-
1.20.2 - 2023-02-22
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- perf: skip value escaping when unnecessary
- deps: raw-body@2.5.2
-
1.20.1 - 2022-10-06
- deps: qs@6.11.0
- perf: remove unnecessary object clone
-
1.20.0 - 2022-04-03
- Fix error message for json parse whitespace in
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: depd@2.0.0
- Replace internal
- Use instance methods on
- deps: http-errors@2.0.0
- deps: depd@2.0.0
- deps: statuses@2.0.1
- deps: on-finished@2.4.1
- deps: qs@6.10.3
- deps: raw-body@2.5.1
- deps: http-errors@2.0.0
-
1.19.2 - 2022-02-16
- deps: bytes@3.1.2
- deps: qs@6.9.7
- Fix handling of
- deps: raw-body@2.4.3
- deps: bytes@3.1.2
-
1.19.1 - 2021-12-10
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: inherits@2.0.4
- deps: toidentifier@1.0.1
- deps: setprototypeof@1.2.0
- deps: qs@6.9.6
- deps: raw-body@2.4.2
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
- deps: safe-buffer@5.2.1
- deps: type-is@~1.6.18
-
1.19.0 - 2019-04-26
- deps: bytes@3.1.0
- Add petabyte (
- deps: http-errors@1.7.2
- Set constructor name when possible
- deps: setprototypeof@1.1.1
- deps: statuses@'>= 1.5.0 < 2'
- deps: iconv-lite@0.4.24
- Added encoding MIK
- deps: qs@6.7.0
- Fix parsing array brackets after index
- deps: raw-body@2.4.0
- deps: bytes@3.1.0
- deps: http-errors@1.7.2
- deps: iconv-lite@0.4.24
- deps: type-is@~1.6.17
- deps: mime-types@~2.1.24
- perf: prevent internal
from body-parser GitHub release notesstrictevalusage withFunctionconstructorprocessto check for listeners__proto__keyspb) supportthrowon invalid typePackage name: dotenv
-
8.6.0 - 2021-05-05
-
8.5.1 - 2021-05-05
-
8.5.0 - 2021-05-05
-
8.4.0 - 2021-05-05
-
8.3.0 - 2021-05-05
-
8.2.0 - 2019-10-16
from dotenv GitHub release notesShow as 'added' in changelog
Bump version 8.5.1
Bump version 8.5.0
Point to types file for VS Code. Bump 8.4.0
Drop node 8 support
chore(release): 8.2.0
Package name: helmet
-
4.6.0 - 2021-05-02
-
4.5.0 - 2021-04-17
-
4.5.0-rc.1 - 2021-04-04
-
4.4.1 - 2021-01-18
-
4.4.0 - 2021-01-18
-
4.3.1 - 2020-12-27
-
4.3.0 - 2020-12-27
-
4.2.0 - 2020-11-01
from helmet GitHub release notes4.6.0
4.5.0
v4.5.0-rc.1
4.4.1
4.4.0
4.3.1
4.3.0
4.2.0
Package name: joi
-
17.13.3 - 2024-06-19
-
17.13.2 - 2024-06-19
-
17.13.1 - 2024-05-02
-
17.13.0 - 2024-04-23
-
17.12.3 - 2024-04-03
-
17.12.2 - 2024-02-21
-
17.12.1 - 2024-01-29
-
17.12.0 - 2024-01-17
-
17.11.1 - 2024-01-15
-
17.11.0 - 2023-10-04
-
17.10.2 - 2023-09-17
-
17.10.1 - 2023-08-31
-
17.10.0 - 2023-08-27
-
17.9.2 - 2023-04-24
-
17.9.1 - 2023-03-21
-
17.9.0 - 2023-03-20
-
17.8.4 - 2023-03-14
-
17.8.3 - 2023-02-21
-
17.8.2 - 2023-02-21
-
17.8.1 - 2023-02-19
-
17.8.0 - 2023-02-19
-
17.7.1 - 2023-02-10
-
17.7.0 - 2022-11-01
-
17.6.4 - 2022-10-22
-
17.6.3 - 2022-10-11
-
17.6.2 - 2022-09-29
-
17.6.1 - 2022-09-22
-
17.6.0 - 2022-01-26
-
17.5.0 - 2021-12-02
-
17.4.3 - 2021-12-01
-
17.4.2 - 2021-08-01
-
17.4.1 - 2021-07-11
-
17.4.0 - 2021-02-08
-
17.3.0 - 2020-10-24
from joi GitHub release notes17.13.3
17.13.2
17.13.1
17.13.0
17.12.3
17.12.2
17.12.1
17.12.0
17.11.1
Package name: mongodb
-
3.7.4 - 2023-06-21
- NODE-3711: retry txn end on retryable write (#3047) (1595140)
- NODE-5355: prevent error when saslprep is not a function (#3733) (152425a)
- Reference
- API
- Changelog
-
3.7.3 - 2021-10-20
-
3.7.2 - 2021-10-05
-
3.7.1 - 2021-09-14
-
3.7.0 - 2021-08-31
-
3.6.12 - 2021-08-30
-
3.6.11 - 2021-08-05
-
3.6.10 - 2021-07-06
-
3.6.9 - 2021-05-26
-
3.6.8 - 2021-05-21
-
3.6.7 - 2021-05-18
-
3.6.6 - 2021-04-06
-
3.6.5 - 2021-03-16
-
3.6.4 - 2021-02-02
-
3.6.3 - 2020-11-06
from mongodb GitHub release notesThe MongoDB Node.js team is pleased to announce version 3.7.4 of the
mongodbpackage!Release Highlights
This release fixes a bug that throws a type error when SCRAM-SHA-256 is used with saslprep in a webpacked environment.
3.7.4 (2023-06-21)
Bug Fixes
Documentation
We invite you to try the
mongodblibrary immediately, and report any issues to the NODE project.Package name: passport
-
0.7.0 - 2023-11-27
-
0.6.0 - 2022-05-20
-
0.5.3 - 2022-05-16
-
0.5.2 - 2021-12-16
-
0.5.1 - 2021-12-15
-
0.5.0 - 2021-09-23
-
0.4.1 - 2019-12-09
from passport GitHub release notes0.7.0
0.6.0
0.5.3
0.5.2
0.5.1
0.5.0
0.4.1
Package name: passport-jwt
-
4.0.1 - 2022-12-24
- Updates jsonwebtoken dependency to ^9.0.0 to address high severity
- Updates a number of other dependencies
- Fixes a number of typos
- Updates CI to use github actions
-
4.0.0 - 2018-03-13
from passport-jwt GitHub release notesvulnerability CVE-2022-3517
[Developer facing]
Fixes #147 - Vulnerability due to dependency on jsonwebtoken 7.x.x
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"hapi/boom","to":"hapi/boom"},{"name":"","from":"sentry/tracing","to":"sentry/tracing"},{"name":"debug","from":"4.3.1","to":"4.3.6"},{"name":"","from":"sentry/node","to":"sentry/node"},{"name":"bcrypt","from":"5.0.0","to":"5.1.1"},{"name":"body-parser","from":"1.19.0","to":"1.20.2"},{"name":"dotenv","from":"8.2.0","to":"8.6.0"},{"name":"helmet","from":"4.2.0","to":"4.6.0"},{"name":"joi","from":"17.3.0","to":"17.13.3"},{"name":"mongodb","from":"3.6.3","to":"3.7.4"},{"name":"passport","from":"0.4.1","to":"0.7.0"},{"name":"passport-jwt","from":"4.0.0","to":"4.0.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536528","issue_id":"SNYK-JS-TAR-1536528","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536531","issue_id":"SNYK-JS-TAR-1536531","priority_score":624,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.2","score":410},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Overwrite"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579147","issue_id":"SNYK-JS-TAR-1579147","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579152","issue_id":"SNYK-JS-TAR-1579152","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1579155","issue_id":"SNYK-JS-TAR-1579155","priority_score":639,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.5","score":425},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Arbitrary File Write"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-QS-3153490","issue_id":"SNYK-JS-QS-3153490","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Prototype Poisoning"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SIDEWAYFORMULA-3317169","issue_id":"SNYK-JS-SIDEWAYFORMULA-3317169","priority_score":489,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.5","score":275},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":646,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"6.5","score":325},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MONGODB-5871303","issue_id":"SNYK-JS-MONGODB-5871303","priority_score":424,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-PASSPORT-2840631","issue_id":"SNYK-JS-PASSPORT-2840631","priority_score":454,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.8","score":240},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Session Fixation"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-TAR-1536758","issue_id":"SNYK-JS-TAR-1536758","priority_score":410,"priority_score_factors":[{"type":"exploit","label":"Unproven","score":11},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-MINIMIST-2429795","issue_id":"SNYK-JS-MINIMIST-2429795","priority_score":506,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"3.7","score":185},{"type":"scoreVersion","label":"v1","score":1}],"severity":"low","title":"Prototype Pollution"}],"prId":"f970c963-5a9e-4630-9c54-60aa5409aec8","prPublicId":"f970c963-5a9e-4630-9c54-60aa5409aec8","packageManager":"npm","priorityScoreList":[624,624,639,639,639,696,489,646,424,454,410,506],"projectPublicId":"bb099a96-9b58-4afd-86a4-fa7239baf3b9","projectUrl":"https://app.snyk.io/org/rodcko2417/project/bb099a96-9b58-4afd-86a4-fa7239baf3b9?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-QS-3153490","SNYK-JS-SIDEWAYFORMULA-3317169","SNYK-JS-TAR-6476909","SNYK-JS-MONGODB-5871303","SNYK-JS-PASSPORT-2840631","SNYK-JS-TAR-1536758","SNYK-JS-MINIMIST-2429795"],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2021-08-20T12:28:53.048Z"},"vulns":["SNYK-JS-TAR-1536528","SNYK-JS-TAR-1536531","SNYK-JS-TAR-1579147","SNYK-JS-TAR-1579152","SNYK-JS-TAR-1579155","SNYK-JS-QS-3153490","SNYK-JS-SIDEWAYFORMULA-3317169","SNYK-JS-TAR-6476909","SNYK-JS-MONGODB-5871303","SNYK-JS-PASSPORT-2840631","SNYK-JS-TAR-1536758","SNYK-JS-MINIMIST-2429795"]}'