[Snyk] Fix for 8 vulnerabilities #30

snyk-bot · 2022-10-04T15:25:08Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-JSONBIGINT-608659	Yes	Proof of Concept
671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-MONGOOSE-2961688	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Improper Input Validation SNYK-JS-SYSTEMINFORMATION-1244526	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongoose

The new version differs by 14 commits.

ca7996b chore: release 5.13.15
e75732a Merge pull request #12307 from Automattic/vkarpov15/fix-5x-build
a1144dc test: run node 7 tests with upgraded npm re: #12297
dfc4ad7 test: try upgrading npm for node v4 tests re: #12297
b9e985c test: more strict @ types/node version
4d813fa test: fix @ types/node version in tests re: #12297
99b4189 Merge pull request #12297 from shubanker/issue/prototype-pollution-5.x-patch
5eb11dd made function non async
6a19731 fix(schema): disallow setting __proto__ when creating schema with dotted properties
a2ec28d Merge pull request #11366 from laissonsilveira/5.x
05ce577 Fix broken link from findandmodify method deprecation
d2b846f chore: release 5.13.14
69c1f6c docs(models): fix up nModified example for 5.x
4cfc4d6 fix(timestamps): avoid setting `createdAt` on documents that already exist but dont have createdAt

Package name: systeminformation

The new version differs by 22 commits.

350fa16 5.6.11
8bb7559 updated docs
97196b1 versions() parameter sanitation
45c08f1 Merge pull request #518 from 418sec/6-npm-systeminformation
434fb0e Merge pull request Bump tar from 4.4.13 to 4.4.19 #9 from EffectRenan/master
572d76e Fix Improper Input Validation
8537f4c Merge pull request Bump lodash from 4.17.20 to 4.17.21 #3 from sebhildebrandt/master
87e7b0c updated docs
a8bafe9 5.6.10
7d62cd2 vboxInfo() fixed windows bug
9cef0f7 5.6.9
ded8621 graphics() fixed nvidia-smi compare bug
16eae0c Merge pull request Bump systeminformation from 4.32.0 to 5.6.4 #2 from sebhildebrandt/master
b36d252 5.6.8
3d15d8e typescript definitions fix wifiInterfces, wifiConnections
8e2f9e0 docs: updated
d09531b 5.6.7
1ff9005 inetLatency() ineChecksite() schema validation
5a6e509 5.6.6
2c54d64 code refactoring
cc15927 5.6.5
0c700f6 cpuTemperature() fix (linux)