[Snyk] Fix for 55 vulnerabilities

[crew-security]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json
  • package-lock.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Information Exposure SNYK-JS-AUTH0-596476	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-AWSSDK-1059424	No	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-AXIOS-174505	No	Proof of Concept
	526/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.1	Arbitrary Code Injection SNYK-JS-EJS-1049328	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-EJS-2803307	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	Yes	Proof of Concept
	541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-NCONF-2395478	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Overwrite SNYK-JS-NPM-537603	Yes	Proof of Concept
	451/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 2.6	Unauthorized File Access SNYK-JS-NPM-537604	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary File Write SNYK-JS-NPM-537606	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Insertion of Sensitive Information into Log File SNYK-JS-NPM-575435	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NPMUSERVALIDATE-1019352	Yes	No Known Exploit
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-PUGCODEGEN-1082232	No	Proof of Concept
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
	624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
	410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
	639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090599	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090600	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090601	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-VALIDATOR-1090602	No	Proof of Concept
	434/1000 Why? Has a fix available, CVSS 4.4	Time of Check Time of Use (TOCTOU) npm:chownr:20180731	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:clean-css:20180306	No	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Access Restriction Bypass npm:npm:20180222	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Denial of Service (DoS) npm:superagent:20170807	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Information Exposure npm:superagent:20181108	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: auth0-extension-tools

The new version differs by 20 commits.

• 3ee9a4f Merge pull request Import export #19 from auth0-extensions/version-bump
• 5ba28bc add defaults to circle-ci yaml config
• bb0e04e add deploy step and test_and_deploy workflow to circle config
• d705af6 change circle-ci config to use npm instead of yarn.
• 0ac6628 Merge pull request Config fix #18 from auth0-extensions/version-bump
• c5f23ad bump package.json version
• 0e81ea0 Merge pull request Update redux form #17 from gkwang/update-dependencies
• f9e0206 Update dependencies
• 140cc2a 1.4.1
• 1eadbc8 Merge pull request Import/export endpoints #16 from chrisscott/update_node_auth0
• 2e47408 Update node-auth version to latest, 2.18.0
• 8a7c701 Merge pull request Bring fixes to dev branch #15 from auth0-extensions/node-auth0-bump
• b2015ad yarn.lock update
• 8f966bf bump node-auth0 version to latest
• 90c347d [Automated Script] Add stale config.
• 16b5d45 [Automated Script] Added PR Template
• 591750e 1.3.3
• e0b6aa4 Merge pull request Handlers cleanup #14 from zxan1285/no-access-token
• fb91228 no access token option
• 5be377c optional response_type

See the full diff

Package name: aws-sdk

The new version differs by 250 commits.

• 8875a35 Updates SDK to v2.814.0
• dd83d67 throw at invalid profile name in shared ini file (#3585)
• ee0c5a3 Updates SDK to v2.813.0
• 468d15b Updates SDK to v2.812.0
• c50132f Update README.md with references to JS SDK V3 (#3582)
• 3e19b08 Updates SDK to v2.811.0
• f26c00d Updates SDK to v2.810.0
• b393a6e Adds automatic PreSignedUrl generation to RDS.StartDBInstanceAutomatedBackupsReplication (#3566)
• fa57967 Updates SDK to v2.809.0
• 9a52018 Updates SDK to v2.808.0
• 1958076 Updates SDK to v2.807.0
• ffcad20 Updates SDK to v2.806.0
• 2f37893 chore: remove cognitoidentity customizations to disable auth (#3543)
• c6fe3c0 Updates SDK to v2.805.0
• 71d6fa9 Fix dual-callback case (#3537)
• b981971 Updates SDK to v2.804.0
• 332573f Updates SDK to v2.803.0
• deb7bc7 Updates SDK to v2.802.0
• b6401d0 Remove incorrectly named service named 'Profile' (#3562)
• 3364d4b Updates SDK to v2.801.0
• d400577 Updates SDK to v2.800.0
• 21c7dc0 Updates SDK to v2.799.0
• d2b8964 Updates SDK to v2.798.0
• 44ded82 fix: test IAM.getUser instead of listUsers (#3542)

See the full diff

Package name: axios

The new version differs by 250 commits.

• e367be5 [Releasing] 0.21.3
• 83ae383 Correctly add response interceptors to interceptor chain (#4013)
• c0c8761 [Updating] changelog to include links to issues and contributors
• 619bb46 [Releasing] v0.21.2
• 82c9455 Create SECURITY.md (#3981)
• 5b45711 Security fix for ReDoS (#3980)
• 5bc9ea2 Update ECOSYSTEM.md (#3817)
• e72813a Fixing README.md (#3818)
• e10a027 Fix README typo under Request Config (#3825)
• e091491 Update README.md (#3936)
• b42fbad Removed un-needed bracket
• 520c8dc Updating CI status badge (#3953)
• 4fbeecb Adding CI on Github Actions. (#3938)
• e9965bf Fixing the sauce labs tests (#3813)
• dbc634c Remove charset in tests (#3807)
• 3958e9f Add explanation of cancel token (#3803)
• 69949a6 Adding custom return type support to interceptor (#3783)
• 49509f6 Create FUNDING.yml (#3796)
• 199c8aa Adding parseInt to config.timeout (#3781)
• 94fc4ea Adding isAxiosError typeguard documentation (#3767)
• 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
• a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
• 59fa614 [Updated] follow-redirects to the latest version (#3771)
• 7821ed2 Feat/json improvements (#3763)

See the full diff

Package name: blipp

The new version differs by 15 commits.

• 2327ecc 3.0.0
• da0f587 Merge pull request users multiselect #29 from Y-LyN-10/master
• 0a37298 Update node.js versions for Travis CI
• 9a32e0d Merge branch 'master' of github.com:Y-LyN-10/blipp
• 8c4b863 Updated dev dependencies for Hapi v17
• 842ae6d Updated example for Hapi v17
• c67c665 Fixed lib and tests for default strategy
• eb77487 Linted tests
• 241dae5 Updated dependencies, tests are re-written with lab v15 and hapi v17
• 0143f72 Breaking changes: modified to work with Hapi v17
• 91db5cc updates travis and dependencies versions
• 014d160 Update dependencies version
• 53ec665 Merge pull request Deep linking #21 from johnbrett/patch-1
• 502451d Fixing brackets in the readme
• 3cff28c style

See the full diff

Package name: good

The new version differs by 25 commits.

• f0b562e version 7.1.0
• 45606c7 Restored wreck logging. Closes #469. (#514)
• 6584880 Upgrade async. Fixes #515. (#538)
• 265a5ca Update deps. Closes #515
• f957062 Don't create a reporter if no streams were provided. Addresses #534 (#535)
• 9d198f8 update stream example in docs and other minors (#536)
• dfe7912 non breaking change adds responseSentTime. Closes #530 (#533)
• 3bd61be current version shield links to good @ npmjs (#521)
• ae1778b Support functions as modules (#517)
• b8f923e Add request route tags to response event (#516)
• 7a78ec8 Fix previous hapi versions
• 77bae30 Fix hapi v15.0.2 timing errors in tests
• 4a22673 hapi 15. Closes #509
• 2d510b1 handle missing coverage on hapi < 15
• 3f9a36a hapi 15 tests
• 51e8ec5 hapi 15
• 502b961 hapi 15
• 673af3e Changed keys used to identify reporters in example (#508)
• cf9f3fb Update CONTRIBUTING.md
• 65730b1 correct and improve documentation (#505)
• a55e808 Not enough feedback when error. Closes #498 (#499)
• 8561ecc Added .npmignore file. Closes #485 (#496)
• 0c93720 Update LICENSE
• 0434d88 Closes #491. Update tests to code3.

See the full diff

Package name: hapi-swagger

The new version differs by 96 commits.

• 34ed162 v7.9.0
• ccf47a7 Merge pull request #455 from rokoroku/patch-1
• ce1014f Merge pull request #456 from ramimoshe/master
• e4f569d Link issue in docs
• 5844e3e Merge pull request #468 from rapilabs/patch-3
• bfe9195 Merge pull request #459 from sovietspaceship/patch-1
• d710828 Linting issue
• a047c66 Fix for basic example
• cb0dbbe Corrected error in example for JWT and Joi.extend()
• d575939 Merge pull request #453 from pdanpdan/patch-1
• 04bf8cd Added new disableDropdown to usgae guide
• 4b1a7c9 Merge pull request feat(node22): replace aws-sdk with @aws-sdk/s3, remove npm dependency #402 from robertpallas/master
• e9e889e Merge pull request [Snyk] Security upgrade npm from 10.4.0 to 10.9.2 #397 from richardlay/master
• 3822495 Corrected anchor for "Grouping endpoints by path or tags"
• 4dbe097 fix 'vaildation' typoes
• 690b10b remove undefined item from Joi.try() alternatives structures
• 22f646d Fix auth for swaggerUI files
• b634ede Set auth also for swaggerUI paths
• c379231 Dependencies update
• 5d8770e Merge pull request #451 from robmcguinness/master
• 11113ea Merge pull request Bump shell-quote from 1.8.2 to 1.8.4 #446 from tepez/master
• f06c5e1 Fixes #450: hasFileType fails with circular dependency error
• 47169bd Move "lab" from dependencies to devDependencies
• eb3f832 Coverage issue

See the full diff

Package name: jsonwebtoken

The new version differs by 10 commits.

• f313850 8.0.0
• f38bd8e updated changelog
• 2ec3263 Merge pull request [Snyk] Security upgrade hapi-auth-jwt2 from 10.5.1 to 10.7.0 #393 from ziluvatar/migration-notes-to-readme
• 12cd8f7 docs: readme, migration notes
• cfc04a9 Merge pull request [Snyk] Fix for 1 vulnerabilities #349 from ziluvatar/fix-max-age-number-and-seconds
• 3305cf0 verify: remove process.nextTick (Bump y18n from 3.2.1 to 3.2.2 #302)
• 0be5409 Reduce size of NPM package ([Snyk] Fix for 4 vulnerabilities #347)
• 2e7e68d Remove joi to shrink module size ([Snyk] Security upgrade hapi-auth-jwt2 from 7.0.1 to 10.4.0 #348)
• 66a4f8b maxAge: Add validation to timespan result
• b61cc34 maxAge: Fix logic with number + use seconds instead of ms

See the full diff

Package name: lru-memoizer

The new version differs by 11 commits.

• 188771d 1.11.2
• 54c5074 Merge pull request Is there API support for this extension? #4 from coreylight/master
• e559da5 use most recent non-breaking 4.X lodash
• b068d9a 1.11.1
• 93916f8 avoid deoptimization converting args to array
• 0e46f30 1.11.0
• cb77088 add an option for cloning the object
• f447a3c 1.10.1
• 369d4f8 Merge branch 'elbuo8-own-freeze'
• 7f4545c improve test
• 277694d Bring freeze to lib

See the full diff

Package name: ms

The new version differs by 19 commits.

• 9b88d15 2.0.0
• 94b995c Invalidated cache for slack badge
• bcf5715 Bumped dependencies to the latest version
• b1eaab7 Ignored logs coming from npm
• caae298 Limit str to 100 to avoid ReDoS of 0.3s (Create an API Explorer for the API Endpoints #89)
• b83b36d chore(package): update eslint to version 3.19.0 (Support federated users #88)
• 3f2a4d7 chore(package): update husky to version 0.13.3 (The on-delete hook should remove the rule, the client and the resource server #86)
• 7daf984 1.0.0
• ee91f30 More suitable name for file containing tests
• e818c35 Removed browser testing
• c9b1fd3 Test on LTS version of Node
• 389840b Badge for XO removed
• 1fbbe97 Removed component specification
• 57b3ef8 Use `prettier` and `eslint`
• 94068ea Removed XO
• 4b7f48f chore(package): update serve to version 5.0.4 (Updated tests #85)
• bd49cec chore(package): update xo to version 0.18.0 (API config page route fixed #84)
• d4a94b1 chore(package): update serve to version 5.0.3 (groupPicker reducer fixed #83)
• 923eee1 chore(package): update serve to version 5.0.2 (fix groups, roles, permissions fetch #82)

See the full diff

Package name: nconf

The new version differs by 37 commits.

• f25feb2 0.11.4
• 2e9e453 chore: disable package-lock, since this is a lib
• 7aa9402 chore: update node version test matrix
• feaba56 fix(security): prevent prototype pollution in memory store ([Snyk] Security upgrade npm from 10.4.0 to 10.9.2 #397)
• 218059e 0.11.3
• dc8c3d6 Handle case where parsed config object hasn't prototype ([Snyk] Fix for 1 vulnerabilities #365)
• b1914ae 0.11.2
• 54bd403 chore: upgrade deps to fix security vulns
• e6dfa5d 0.11.1
• 709cc60 Bump node-notifier from 8.0.0 to 8.0.1 ([Snyk] Security upgrade aws-sdk from 2.5.3 to 2.1354.0 #355)
• eca2bf3 Bump ini from 1.3.5 to 1.3.6 (Bump hawk and npm #353)
• 85229df chore: enable circleci
• 91e9106 chore: update changelog
• 4122731 0.11.0
• 56794d1 chore: upgrade deps to fix security vulns
• 1392ac4 0.10.0
• 01f25fa Regex as env separator (Fix linter #288)
• 16667be Argv store separator (User search #291)
• bac910a 0.9.1
• 2bdf7e1 Clean Argv Store options (Cli upgrade #290)
• b9321b2 transformer can now return an undefined key (Cli upgrade #289)
• 81ce0be Update changelog
• b1ee63c fix error in transform function when dealing with dropped entries (Minor version bump #287)
• 9f70ba1 [doc] Update changelog

See the full diff

Package name: npm

The new version differs by 250 commits.

• 30a9844 7.21.0
• 0b2cd9d update AUTHORS
• 06461ec docs: changelog for v7.21.0
• 771a1cb chore(tests): fix snapshots
• 71cdfd8 spdx-license-ids@3.0.10
• 94f92de make-fetch-happen@9.0.5
• 7ac621c smart-buffer@4.2.0
• 218caca is-core-module@2.6.0
• ff6626a fix(docs): update npm-publish access flag info
• b6f40b5 tar@6.1.10
• e9e5ee5 @ npmcli/arborist@2.8.2
• 991a3bd read-package-json@4.0.0
• f077724 init-package-json@2.0.4
• 68a19bb fix(error-message): look for er.path not er.file
• ff34d6c feat(cache): initial implementation of ls and rm
• 8183976 normalize-package-data@3.0.3
• df57f0d @ npmcli/run-script@1.8.6
• 487731c fix(logging): sanitize logged argv
• 7a58264 chore(ci): check that docs are up to date in ci
• 22f3bbb chore(docs): add more 'autogenerated' comments
• 4314490 fix(docs): revert auto-generated portion of docs
• 32e88c9 fix(did-you-mean): switch levenshtein libraries
• 59b9851 7.20.6
• 2591e67 update AUTHORS

See the full diff

Package name: superagent

The new version differs by 250 commits.

• 3571754 v3.8.1
• 34b69c8 Bump
• 087edaf Clear auth on redirect
• 4108c34 npm@5
• 064b8b0 3.8.0
• b2708db Retry callback
• 383b308 Refactor shouldRetry
• 6bd9b31 indentation to match
• bba9773 log and test style
• bac9933 fn as optional param
• ff607e2 Add optional callback to retry
• 9b0d98d Changelog
• c808dd0 3.8.0-alpha.1
• 87516fc Also support events in global-ish agent
• 66aed34 Default settings for all agent requests
• 05d6c88 Authenticate request using username and password
• 06d7865 Extract common node/browser auth into request-base
• 104ccba Unify auth args handling in node/browser
• be5ab92 Handle errors in zlib pipe
• ef0a35b Merge pull request #1301 from visionmedia/es6
• 0dff890 Prettier
• d669860 ES6ify
• e8463f0 ES6ify Node tests
• cf98d3b Rephrase new documentation about error responses

See the full diff

Package name: webtask-tools

The new version differs by 2 commits.

• 4806a34 Version bump package-lock.json
• e79adb1 Bump pug (You cannot edit permissions when adding/updating a Role #34)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:moment:20161019	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
	646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2...

[crew-security]

✅ This PR has been automatically closed

The security issues addressed by this pull request are no longer present in the latest project scan. All vulnerabilities this PR was created to fix have been resolved through other means (e.g., dependency updates, direct fixes, or changes in vulnerability data).

Resolved Issues

• npm:tough-cookie:20170905
• npm:superagent:20181108
• npm:superagent:20170807
• npm:stringstream:20180511
• npm:ms:20170412
• npm:mime:20170907
• npm:hoek:20180212
• npm:extend:20180424
• npm:clean-css:20180306
• npm:chownr:20180731
• SNYK-JS-VALIDATOR-1090602
• SNYK-JS-VALIDATOR-1090601
• SNYK-JS-VALIDATOR-1090600
• SNYK-JS-VALIDATOR-1090599
• SNYK-JS-TAR-1579155
• SNYK-JS-TAR-1579152
• SNYK-JS-TAR-1579147
• SNYK-JS-TAR-1536758
• SNYK-JS-TAR-1536531
• SNYK-JS-TAR-1536528
• ... and 35 more

What should I do?

No action is required. If you believe this PR was closed in error, you can reopen it and contact Snyk support.

---

This action was performed automatically by Snyk.