vulnerabilities in npm dependencies

ugh, npm.

There are 121 npm security advisories affecting our repositories.

#1067342: minimist

Severity: critical

Prototype Pollution in minimist
Affected repositories (142)

#1067720: immer

Severity: critical

Prototype Pollution in immer
Affected repositories (4)

#1067912: handlebars

Severity: critical

Prototype Pollution in handlebars
Affected repositories (2)

#1067983: property-expr

Severity: critical

Prototype Pollution in property-expr
Affected repositories (1)

#1068088: netmask

Severity: critical

Improper parsing of octal bytes in netmask
Affected repositories (1)

#1069469: handlebars

Severity: critical

Prototype Pollution in handlebars
Affected repositories (1)

#1069477: lodash

Severity: critical

Prototype Pollution in lodash
Affected repositories (1)

#1069553: lodash.template

Severity: critical

Prototype Pollution in lodash
Affected repositories (3)

#1069854: cryptiles

Severity: critical

Insufficient Entropy in cryptiles
Affected repositories (2)

#1067329: glob-parent

Severity: high

Regular expression denial of service in glob-parent
Affected repositories (15)

#1067371: simple-git

Severity: high

Command injection in simple-git
Affected repositories (1)

#1067395: requestretry

Severity: high

Cookie exposure in requestretry
Affected repositories (18)

#1067401: prismjs

Severity: high

Cross-site Scripting in Prism
Affected repositories (6)

#1067413: express-handlebars

Severity: high

Insecure template handling in Express-handlebars
Affected repositories (1)

#1067428: simple-get

Severity: high

Exposure of Sensitive Information in simple-get
Affected repositories (3)

#1067444: shelljs

Severity: high

Improper Privilege Management in shelljs
Affected repositories (1)

#1067459: follow-redirects

Severity: high

Exposure of sensitive information in follow-redirects
Affected repositories (4)

#1067493: is-svg

Severity: high

ReDOS in IS-SVG
Affected repositories (2)

#1067751: pac-resolver

Severity: high

Code Injection in pac-resolver
Affected repositories (1)

#1067813: normalize-url

Severity: high

ReDoS in normalize-url
Affected repositories (1)

#1067816: prismjs

Severity: high

Regular Expression Denial of Service (ReDoS) in Prism
Affected repositories (2)

#1068026: handlebars

Severity: high

Arbitrary Code Execution in Handlebars
Affected repositories (1)

#1068028: handlebars

Severity: high

Regular Expression Denial of Service in Handlebars
Affected repositories (1)

#1068083: chrono-node

Severity: high

Denial of service in chrono-node
Affected repositories (1)

#1068134: underscore

Severity: high

Arbitrary Code Execution in underscore
Affected repositories (7)

#1068168: copy-props

Severity: high

Prototype Pollution in copy-props
Affected repositories (1)

#1068190: merge

Severity: high

Prototype Pollution in merge
Affected repositories (3)

#1068202: is-svg

Severity: high

Regular Expression Denial of Service (ReDoS)
Affected repositories (2)

#1068235: prismjs

Severity: high

Denial of service in prismjs
Affected repositories (2)

#1068264: immer

Severity: high

Prototype Pollution in immer
Affected repositories (2)

#1068298: ini

Severity: high

Prototype Pollution
Affected repositories (13)

#1068522: handlebars

Severity: high

Arbitrary Code Execution in handlebars
Affected repositories (1)

#1069572: diff

Severity: high

Regular Expression Denial of Service (ReDoS)
Affected repositories (1)

#1069597: handlebars

Severity: high

Prototype Pollution in handlebars
Affected repositories (1)

#1069604: js-yaml

Severity: high

Code Injection in js-yaml
Affected repositories (1)

#1069995: pathval

Severity: high

Prototype pollution in pathval
Affected repositories (2)

#1070006: ansi-html

Severity: high

Uncontrolled Resource Consumption in ansi-html
Affected repositories (1)

#1070022: node-fetch

Severity: high

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Affected repositories (8)

#1070025: marked

Severity: high

Inefficient Regular Expression Complexity in marked
Affected repositories (3)

#1070026: marked

Severity: high

Inefficient Regular Expression Complexity in marked
Affected repositories (2)

#1070055: graphiql

Severity: high

GraphiQL introspection schema template injection attack
Affected repositories (1)

#1070117: lodash

Severity: high

Command Injection in lodash
Affected repositories (5)

#1070166: prismjs

Severity: high

Cross-Site Scripting in Prism
Affected repositories (2)

#1070206: async

Severity: high

Prototype Pollution in async
Affected repositories (36)

#1070207: async

Severity: high

Prototype Pollution in async
Affected repositories (116)

#1070209: y18n

Severity: high

Prototype Pollution in y18n
Affected repositories (3)

#1070245: moment

Severity: high

Path Traversal: 'dir/../../filename' in moment.locale
Affected repositories (17)

#1070247: lodash

Severity: high

Prototype Pollution in lodash
Affected repositories (2)

#1070256: ejs

Severity: high

Template injection in ejs
Affected repositories (10)

#1070259: trim

Severity: high

Regular Expression Denial of Service in trim
Affected repositories (3)

#1070273: ansi-regex

Severity: high

Inefficient Regular Expression Complexity in chalk/ansi-regex
Affected repositories (16)

#1070274: ansi-regex

Severity: high

Inefficient Regular Expression Complexity in chalk/ansi-regex
Affected repositories (22)

#1070275: ansi-regex

Severity: high

Inefficient Regular Expression Complexity in chalk/ansi-regex
Affected repositories (19)

#1070290: simple-git

Severity: high

Command injection in simple-git
Affected repositories (1)

#1070310: libxmljs

Severity: high

Denial of service vulnerability exists in libxmljs
Affected repositories (1)

#1070315: axios

Severity: high

Incorrect Comparison in axios
Affected repositories (2)

#1070326: tmpl

Severity: high

Regular Expression Denial of Service in tmpl
Affected repositories (2)

#1070356: node-forge

Severity: high

Improper Verification of Cryptographic Signature in node-forge
Affected repositories (1)

#1070363: tar

Severity: high

Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Affected repositories (15)

#1070364: tar

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Affected repositories (1)

#1070367: tar

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Affected repositories (1)

#1070369: tar

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Affected repositories (15)

#1070370: tar

Severity: high

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Affected repositories (1)

#1070372: tar

Severity: high

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Affected repositories (14)

#1070373: tar

Severity: high

Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Affected repositories (2)

#1070374: tar

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Affected repositories (1)

#1070376: tar

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Affected repositories (14)

#1070377: tar

Severity: high

Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Affected repositories (2)

#1070385: hawk

Severity: high

Uncontrolled Resource Consumption in Hawk
Affected repositories (2)

#1070391: trim-newlines

Severity: high

Uncontrolled Resource Consumption in trim-newlines
Affected repositories (6)

#1067367: nanoid

Severity: moderate

Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Affected repositories (126)

#1067394: karma

Severity: moderate

Open redirect in karma
Affected repositories (2)

#1067407: follow-redirects

Severity: moderate

Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
Affected repositories (4)

#1067417: node-sass

Severity: moderate

Improper Certificate Validation in node-sass
Affected repositories (1)

#1067422: karma

Severity: moderate

Cross-site Scripting in karma
Affected repositories (1)

#1067447: trim-off-newlines

Severity: moderate

Uncontrolled Resource Consumption in trim-off-newlines
Affected repositories (1)

#1067451: shelljs

Severity: moderate

Improper Privilege Management in shelljs
Affected repositories (1)

#1067452: node-forge

Severity: moderate

Open Redirect in node-forge
Affected repositories (2)

#1067480: xmldom

Severity: moderate

Misinterpretation of malicious XML input
Affected repositories (2)

#1067524: json-schema

Severity: moderate

json-schema is vulnerable to Prototype Pollution
Affected repositories (18)

#1067536: json-pointer

Severity: moderate

Prototype Pollution in json-pointer
Affected repositories (1)

#1067560: validator

Severity: moderate

Inefficient Regular Expression Complexity in validator.js
Affected repositories (2)

#1067654: nth-check

Severity: moderate

Inefficient Regular Expression Complexity in nth-check
Affected repositories (7)

#1067696: semver-regex

Severity: moderate

Regular Expression Denial of Service (ReDOS)
Affected repositories (2)

#1067761: path-parse

Severity: moderate

Regular Expression Denial of Service in path-parse
Affected repositories (7)

#1067818: color-string

Severity: moderate

Regular Expression Denial of Service (ReDOS)
Affected repositories (2)

#1067832: postcss

Severity: moderate

Regular Expression Denial of Service in postcss
Affected repositories (2)

#1067902: browserslist

Severity: moderate

Regular Expression Denial of Service in browserslist
Affected repositories (8)

#1067946: ajv

Severity: moderate

Prototype Pollution in Ajv
Affected repositories (9)

#1067956: hosted-git-info

Severity: moderate

Regular Expression Denial of Service in hosted-git-info
Affected repositories (4)

#1068163: netmask

Severity: moderate

netmask npm package vulnerable to octal input data
Affected repositories (1)

#1068216: react-dev-utils

Severity: moderate

Improper Neutralization of Special Elements used in an OS Command.
Affected repositories (2)

#1068287: node-notifier

Severity: moderate

OS Command Injection in node-notifier
Affected repositories (1)

#1068310: yargs-parser

Severity: moderate

Prototype Pollution in yargs-parser
Affected repositories (4)

#1069337: jpeg-js

Severity: moderate

Uncontrolled resource consumption in jpeg-js
Affected repositories (1)

#1069557: mem

Severity: moderate

Denial of Service in mem
Affected repositories (1)

#1069598: js-yaml

Severity: moderate

Denial of Service in js-yaml
Affected repositories (1)

#1069621: tunnel-agent

Severity: moderate

Memory Exposure in tunnel-agent
Affected repositories (1)

#1069910: hoek

Severity: moderate

Prototype Pollution in hoek
Affected repositories (1)

#1069994: swagger-ui-dist

Severity: moderate

Spoofing attack in swagger-ui-dist
Affected repositories (16)

#1070012: postcss

Severity: moderate

Regular Expression Denial of Service in postcss
Affected repositories (3)

#1070030: markdown-it

Severity: moderate

Uncontrolled Resource Consumption in markdown-it
Affected repositories (5)

#1070050: validator

Severity: moderate

Inefficient Regular Expression Complexity in Validator.js
Affected repositories (2)

#1070098: striptags

Severity: moderate

Passing in a non-string 'html' argument can lead to unsanitized output
Affected repositories (2)

#1070101: ws

Severity: moderate

ReDoS in Sec-Websocket-Protocol header
Affected repositories (1)

#1070126: msgpack5

Severity: moderate

Prototype poisoning
Affected repositories (4)

#1070235: jquery

Severity: moderate

Potential XSS vulnerability in jQuery
Affected repositories (1)

#1070236: jquery

Severity: moderate

Potential XSS vulnerability in jQuery
Affected repositories (1)

#1070249: grunt

Severity: moderate

Path Traversal in Grunt
Affected repositories (122)

#1070254: minimist

Severity: moderate

Prototype Pollution in minimist
Affected repositories (13)

#1070255: minimist

Severity: moderate

Prototype Pollution in minimist
Affected repositories (18)

#1070286: highlight.js

Severity: moderate

ReDOS vulnerabities: multiple grammars
Affected repositories (2)

#1070287: cross-fetch

Severity: moderate

Incorrect Authorization in cross-fetch
Affected repositories (1)

#1070329: prismjs

Severity: moderate

Regular Expression Denial of Service in prismjs
Affected repositories (3)

#1070354: node-forge

Severity: moderate

Improper Verification of Cryptographic Signature in `node-forge`
Affected repositories (2)

#1067472: node-forge

Severity: low

Prototype Pollution in node-forge util.setPath API
Affected repositories (2)

#1068137: braces

Severity: low

Regular Expression Denial of Service (ReDoS) in braces
Affected repositories (2)

#1070113: redis

Severity: low

Potential exponential regex in monitor mode
Affected repositories (1)

#1070127: xmldom

Severity: low

Misinterpretation of malicious XML input
Affected repositories (2)

#1070149: highlight.js

Severity: low

Prototype Pollution in highlight.js
Affected repositories (2)

#1070162: node-fetch

Severity: low

The `size` option isn't honored after following a redirect in node-fetch
Affected repositories (1)
Source code is licensed under the AGPL.