[Snyk] Fix for 8 vulnerabilities#2

Open

snyk-bot wants to merge 1 commit intomasterfrom

snyk-fix-701fb1a9740d13aba4ea280f008890ec

snyk-bot commented Dec 12, 2019

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With a Snyk patch:

Severity	Issue
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905
	Prototype Pollution npm:extend:20180424
	Prototype Pollution npm:hoek:20180212
	Regular Expression Denial of Service (ReDoS) npm:ms:20170412
	Prototype Override Protection Bypass npm:qs:20170213
	Uninitialized Memory Exposure npm:stringstream:20180511
	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905
	Uninitialized Memory Exposure npm:tunnel-agent:20170305

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: package.json & .snyk to reduce vulnerabilities

2c164a9

The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/npm:debug:20170905
- https://snyk.io/vuln/npm:extend:20180424
- https://snyk.io/vuln/npm:hoek:20180212
- https://snyk.io/vuln/npm:ms:20170412
- https://snyk.io/vuln/npm:qs:20170213
- https://snyk.io/vuln/npm:stringstream:20180511
- https://snyk.io/vuln/npm:tough-cookie:20170905
- https://snyk.io/vuln/npm:tunnel-agent:20170305

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet