vulnerabilities in npm dependencies

ugh, npm.

There are 92 npm security advisories affecting our repositories.

Severity: critical

Prototype Pollution in property-expr
advisory

Severity: critical

flat vulnerable to Prototype Pollution
advisory

Severity: critical

ejs template injection vulnerability
advisory

Severity: critical

Prototype Pollution in immer
advisory

Severity: critical

xmldom allows multiple root nodes in a DOM
advisory

Severity: critical

Remote code execution in simple-git
advisory

Severity: critical

Prototype Pollution in minimist
advisory

Severity: critical

Prototype Pollution in minimist
advisory

Severity: critical

Prototype pollution in webpack loader-utils
advisory

Severity: critical

Prototype pollution in webpack loader-utils
advisory

Severity: critical

Insufficient validation when decoding a Socket.IO packet
advisory

Severity: critical

Improper Neutralization of Special Elements used in a Command in Shell-quote
advisory

Severity: critical

Arbitrary Code Execution in underscore
advisory

Severity: critical

json-schema is vulnerable to Prototype Pollution
advisory

Severity: high

Regular Expression Denial of Service (ReDoS)
advisory

Severity: high

Cross-Site Scripting in Prism
advisory

Severity: high

Prototype Pollution in async
advisory

Severity: high

ReDoS Vulnerability in ua-parser-js version
advisory

Severity: high

ReDoS Vulnerability in ua-parser-js version
advisory

Severity: high

Command injection in simple-git
advisory

Severity: high

Infinite loop in jpeg-js
advisory

Severity: high

Prototype Pollution in immer
advisory

Severity: high

TaffyDB can allow access to any data items in the DB
advisory

Severity: high

Inefficient Regular Expression Complexity in marked
advisory

Severity: high

Inefficient Regular Expression Complexity in marked
advisory

Severity: high

Command injection in simple-git
advisory

Severity: high

simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
advisory

Severity: high

Race Condition in Grunt
advisory

Severity: high

GraphiQL introspection schema template injection attack
advisory

Severity: high

Regular Expression Denial of Service (ReDOS)
advisory

Severity: high

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
advisory

Severity: high

Regular Expression Denial of Service (ReDoS) in Prism
advisory

Severity: high

Regular Expression Denial of Service in trim
advisory

Severity: high

Denial of service in prismjs
advisory

Severity: high

Prototype Pollution in immer
advisory

Severity: high

qs vulnerable to Prototype Pollution
advisory

Severity: high

qs vulnerable to Prototype Pollution
advisory

Severity: high

qs vulnerable to Prototype Pollution
advisory

Severity: high

Cross-site Scripting in Prism
advisory

Severity: high

Exposure of Sensitive Information in simple-get
advisory

Severity: high

http-cache-semantics vulnerable to Regular Expression Denial of Service
advisory

Severity: high

Prototype Pollution in JSON5 via Parse Method
advisory

Severity: high

Prototype Pollution in JSON5 via Parse Method
advisory

Severity: high

minimatch ReDoS vulnerability
advisory

Severity: high

glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex
advisory

Severity: high

Inefficient Regular Expression Complexity in chalk/ansi-regex
advisory

Severity: high

Inefficient Regular Expression Complexity in chalk/ansi-regex
advisory

Severity: high

Inefficient Regular Expression Complexity in nth-check
advisory

Severity: high

Exposure of sensitive information in follow-redirects
advisory

Severity: high

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
advisory

Severity: high

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
advisory

Severity: high

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
advisory

Severity: high

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
advisory

Severity: high

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
advisory

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
advisory

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
advisory

Severity: high

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
advisory

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
advisory

Severity: high

Terser insecure use of regular expressions leads to ReDoS
advisory

Severity: high

Uncontrolled Resource Consumption in trim-newlines
advisory

Severity: high

Regular expression denial of service in scss-tokenizer
advisory

Severity: high

Improper Privilege Management in shelljs
advisory

Severity: moderate

ReDOS vulnerabities: multiple grammars
advisory

Severity: moderate

Uncontrolled resource consumption in jpeg-js
advisory

Severity: moderate

Improper Privilege Management in shelljs
advisory

Severity: moderate

Inefficient Regular Expression Complexity in Validator.js
advisory

Severity: moderate

cookiejar Regular Expression Denial of Service via Cookie.parse function
advisory

Severity: moderate

Incorrect Authorization in cross-fetch
advisory

Severity: moderate

Path Traversal in Grunt
advisory

Severity: moderate

Got allows a redirect to a UNIX socket
advisory

Severity: moderate

Exposure of Sensitive Information to an Unauthorized Actor in nanoid
advisory

Severity: moderate

Prototype Pollution in Ajv
advisory

Severity: moderate

react-dev-utils OS Command Injection in function `getProcessForPort`
advisory

Severity: moderate

Potential XSS vulnerability in jQuery
advisory

Severity: moderate

Potential XSS vulnerability in jQuery
advisory

Severity: moderate

Insufficient Granularity of Access Control in JSDom
advisory

Severity: moderate

prismjs Regular Expression Denial of Service vulnerability
advisory

Severity: moderate

Uncaught exception in engine.io
advisory

Severity: moderate

Regular Expression Denial of Service in postcss
advisory

Severity: moderate

Improper Certificate Validation in node-sass
advisory

Severity: moderate

Inefficient Regular Expression Complexity in validator.js
advisory

Severity: moderate

Regular Expression Denial of Service in browserslist
advisory

Severity: moderate

Prototype Pollution in highlight.js
advisory

Severity: moderate

Prototype Pollution in minimist
advisory

Severity: moderate

Open redirect in karma
advisory

Severity: moderate

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
advisory

Severity: moderate

Cross-site Scripting in karma
advisory

Severity: moderate

Uncontrolled Resource Consumption in markdown-it
advisory

Severity: moderate

Server-Side Request Forgery in Request
advisory

Severity: low

The `size` option isn't honored after following a redirect in node-fetch
advisory

Severity: low

decode-uri-component vulnerable to Denial of Service (DoS)
advisory

Severity: low

Regular expression denial of service in semver-regex
advisory

Source code is licensed under the AGPL.

vulnerabilities in npm dependencies

#1089042: property-expr

Affected repositories (1)

#1089152: flat

Affected repositories (3)

#1089270: ejs

Affected repositories (6)

#1089656: immer

Affected repositories (3)

#1090178: @xmldom/xmldom

Affected repositories (1)

#1090484: simple-git

Affected repositories (1)

#1091172: minimist

Affected repositories (1)

#1091173: minimist

Affected repositories (7)

#1091186: loader-utils

Affected repositories (3)

#1091187: loader-utils

Affected repositories (1)

#1091364: socket.io-parser

Affected repositories (1)

#1091418: shell-quote

Affected repositories (3)

#1091470: underscore

Affected repositories (1)

#1091472: json-schema

Affected repositories (3)

#1085700: diff

Affected repositories (1)

#1087445: prismjs

Affected repositories (2)

#1088667: async

Affected repositories (4)

#1088696: ua-parser-js

Affected repositories (11)

#1088697: ua-parser-js

Affected repositories (6)

#1088761: simple-git

Affected repositories (1)

#1088964: jpeg-js

Affected repositories (2)

#1089281: immer

Affected repositories (3)

#1089386: taffydb

Affected repositories (10)

#1089485: marked

Affected repositories (1)

#1089486: marked

Affected repositories (1)

#1089511: simple-git

Affected repositories (1)

#1089524: simple-git

Affected repositories (1)

#1089539: grunt

Affected repositories (57)

#1089589: graphiql

Affected repositories (1)

#1089649: semver-regex

Affected repositories (1)

#1089685: tar

Affected repositories (1)

#1089716: prismjs

Affected repositories (2)

#1089867: trim

Affected repositories (2)

#1090014: prismjs

Affected repositories (2)

#1090038: immer

Affected repositories (2)

#1090135: qs

Affected repositories (6)

#1090137: qs

Affected repositories (3)

#1090140: qs

Affected repositories (2)

#1090424: prismjs

Affected repositories (4)

#1090445: simple-get