alpersonalwebsite / node-express-mongo-db Goto Github PK
View Code? Open in Web Editor NEWNode, Express and MongoDB
License: MIT License
Node, Express and MongoDB
License: MIT License
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/node-express-mongo-db/package.json
Path to vulnerable library: /tmp/ws-scm/node-express-mongo-db/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 4b8dd50f850e5d2609d5a75954d88ba2f20bc34e
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.2
Step up your Open Source Security Game with WhiteSource here
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/table/node_modules/ansi-regex/package.json,/node_modules/eslint/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/eslint-friendly-formatter/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/@jest/core/node_modules/ansi-regex/package.json,/node_modules/cliui/node_modules/ansi-regex/package.json,/node_modules/pretty-format/node_modules/ansi-regex/package.json,/node_modules/string-width/node_modules/ansi-regex/package.json,/node_modules/string-length/node_modules/ansi-regex/package.json,/node_modules/wrap-ansi/node_modules/ansi-regex/package.json,/node_modules/inquirer/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 60afc75e9041891586eda98105e15ee24d5f37d8
Found in base branch: master
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution (ansi-regex): 4.1.1
Direct dependency fix Resolution (eslint): 7.16.0
Fix Resolution (ansi-regex): 5.0.1
Direct dependency fix Resolution (eslint): 7.0.0
Step up your Open Source Security Game with Mend here
5.6.3
to 5.6.4
.This version is covered by your current version range and after updating it in your project the build failed.
mongoose is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
Severity | CVE | GitHub Issue | |
---|---|---|---|
7.4 | CVE-2019-10744 | #3 |
The new version differs by 17 commits.
a2aba34
chore: release 5.6.4
880836e
docs(connection): add section on connection handling
d627073
fix(schema): support pre(Array, Function) and post(Array, Function)
82442da
test(schema): repro #7803
9651ba7
refactor(model): use 'MongooseError' instead of 'Error' because 'Error' conflicts with global.Error
701c0ec
fix(document): load docs with a once
property successfully
36cb96e
test(document): repro #7958
67ddf3b
docs(tutorials): add virtual tutorial
e96b6bd
refactor(populate): move getModelsMapForPopulate()
into separate function
2b7622b
fix(update): fix error when update property gets casted to null
5393bb1
fix(queryhelpers): ensure parent select
overwrites child path select
if parent is nested
cee8bc8
test(queryhelpers): repro #7945
736fcdb
refactor: use ./error/index
rather than ./error
to avoid potential issues with imports
cbc81c8
fix(schema): make clone()
correctly copy array embedded discriminators
9db74dc
test(schema): repro #7954
There are 17 commits in total.
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
7.14.0
to 7.14.1
.This version is covered by your current version range and after updating it in your project the build failed.
eslint-plugin-react is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 3 commits.
62255af
Update CHANGELOG and bump version
655eb01
Merge pull request #2320 from golopot/issue-2319
9639d82
[Fix] prop-types
: fix crash on multiple destructuring
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
☝️ Important announcement: Greenkeeper will be saying goodbye 👋 and passing the torch to Snyk on June 3rd, 2020! Find out how to migrate to Snyk and more at greenkeeper.io
2.20.1
to 2.20.2
.This version is covered by your current version range and after updating it in your project the build failed.
eslint-plugin-import is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
Severity | CVE | GitHub Issue | |
---|---|---|---|
7.5 | CVE-2020-8116 | #14 |
The new version differs by 14 commits.
71ca88f
Bump to v2.20.2
a618f88
[Tests] pin esquery, due to breaking change in a minor version
9c5899e
utils: v2.6.0
efb5f07
[Tests] use babel instead of NODE_PATH
1a3a128
[Fix] first
: Add a way to disable absolute-first
explicitly
efd6be1
[Fix] no-unused-modules
: handle export { default } from
syntax
adbced7
utils: [New] Print more helpful info if parsing fails
b6242b0
[fix] no-duplicates
: fix fixer on cases with default import
41aaa18
resolvers/node
: [New] add .node
extension
12971f5
[Fix] order
: recognize ".." as a "parent" path
47f912e
[Fix] order
: fix isExternalModule
detection on windows
8905007
[Tests] appveyor: on node 8-12, use npm 6.10.3
2beec94
[meta] use in-publish
in prepublish
1fbef73
[meta] fix changelog link
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
8.1.0
to 8.2.0
.This version is covered by your current version range and after updating it in your project the build failed.
dotenv is a direct dependency of this project, and it is very likely causing it to break. If other packages depend on yours, this update is probably also breaking those in turn.
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Get, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/node-express-mongo-db/package.json
Path to vulnerable library: /tmp/ws-scm/node-express-mongo-db/node_modules/dot-prop/package.json
Dependency Hierarchy:
Found in HEAD commit: 59d32132e292a6bbd9e7ac22eaf45e29f8729765
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /node-express-mongo-db/package.json
Path to vulnerable library: /tmp/git/node-express-mongo-db/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 65f4456a16d9e469dba488366d733d11d7ec198a
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Step up your Open Source Security Game with WhiteSource here
🚨 Reminder! Less than one month left to migrate your repositories over to Snyk before Greenkeeper says goodbye on June 3rd! 💜 🚚💨 💚
Find out how to migrate to Snyk at greenkeeper.io
2.0.3
to 2.0.4
.This version is covered by your current version range and after updating it in your project the build failed.
nodemon is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
Severity | CVE | GitHub Issue | |
---|---|---|---|
8.1 | WS-2020-0070 | #18 |
The new version differs by 3 commits.
a74f5dc
fix: add funding in package
43def51
docs: Fix run-on sentence (#1704)
f18286e
docs: update issue templates
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
9.1.0
to 9.2.0
.This version is covered by your current version range and after updating it in your project the build failed.
eslint-plugin-node is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 9 commits.
9fbdaec
🔖 9.2.0
c1d5dbf
✨ add no-callback-literal rule (#179)
72de3a3
🐛 vulnerability fix: update eslint-utils to ^1.4.2 & eslint-plugin-es to ^1.4.1 (fixes #180) (#183)
cfc6352
🎨 fix typos in function names (#177)
b757c3e
⚒ improve azure-pipelines.yml (#173)
a85d541
⚒ trivial fix
88829af
⚒ Update azure-pipelines.yml for codecov (#170)
5b3f815
🐛 fix for ESLint 6 (#169)
fe73872
⚒ Switch to Azure Pipelines (#168)
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: node-express-mongo-db/package.json
Path to vulnerable library: node-express-mongo-db/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: e32bb10be69e73fc736bda954ec45c3707df7d1d
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash-4.17.21
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: node-express-mongo-db/package.json
Path to vulnerable library: node-express-mongo-db/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: e32bb10be69e73fc736bda954ec45c3707df7d1d
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/node-express-mongo-db/package.json
Path to vulnerable library: /tmp/ws-scm/node-express-mongo-db/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 1774a027c719f93ef73209dde141fe893040cd25
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: c3a8894a15bbc202f62ea88ff1de25ecef5b2210
Found in base branch: master
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/issues/164
Release Date: 2022-03-17
Fix Resolution: minimist - 1.2.6
Step up your Open Source Security Game with WhiteSource here
6.2.1
to 6.2.2
.This version is covered by your current version range and after updating it in your project the build failed.
eslint is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.
The new version differs by 6 commits.
ca658fb
6.2.2
3ed9f76
Build: changelog update for 6.2.2
0e0b784
Upgrade: espree@^6.1.1 (#12158)
04e859f
Sponsors: Sync README with website
34783d1
Sponsors: Sync README with website
b809e72
Docs: Update README team and sponsors
See the full diff
There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.
Your Greenkeeper Bot 🌴
JavaScript micro templates.
Library home page: https://registry.npmjs.org/tmpl/-/tmpl-1.0.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/tmpl/package.json
Dependency Hierarchy:
Found in HEAD commit: 60afc75e9041891586eda98105e15ee24d5f37d8
Found in base branch: master
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-15
URL: CVE-2021-3777
Base Score Metrics:
Type: Upgrade version
Release Date: 2021-09-15
Fix Resolution (tmpl): 1.0.5
Direct dependency fix Resolution (babel-jest): 27.0.0
Step up your Open Source Security Game with Mend here
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.13.14.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mongoose/package.json
Dependency Hierarchy:
Found in base branch: master
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.
Publish Date: 2022-07-28
URL: CVE-2022-2564
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2564
Release Date: 2022-07-28
Fix Resolution: 5.13.15
Step up your Open Source Security Game with Mend here
Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz
Path to dependency file: node-express-mongo-db/package.json
Path to vulnerable library: node-express-mongo-db/node_modules/hosted-git-info/package.json
Dependency Hierarchy:
Found in HEAD commit: 395519f333141056d325368644db515d29b9e0cb
Found in base branch: master
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Publish Date: 2021-03-23
URL: CVE-2021-23362
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8
Release Date: 2021-03-23
Fix Resolution: hosted-git-info - 3.0.8
Step up your Open Source Security Game with WhiteSource here
{G,S}et object values using MongoDB-like path notation
Library home page: https://registry.npmjs.org/mpath/-/mpath-0.8.3.tgz
Path to dependency file: node-express-mongo-db/package.json
Path to vulnerable library: node-express-mongo-db/node_modules/mpath/package.json
Dependency Hierarchy:
Found in base branch: master
This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['proto']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input.
Publish Date: 2021-09-01
URL: CVE-2021-23438
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23438
Release Date: 2021-09-01
Fix Resolution: mpath - 0.8.4
Step up your Open Source Security Game with WhiteSource here
Simplified HTTP requests
Library home page: https://registry.npmjs.org/got/-/got-9.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/got/package.json
Dependency Hierarchy:
Found in base branch: master
The got package before 12.1.0 for Node.js allows a redirect to a UNIX socket.
Publish Date: 2022-06-18
URL: CVE-2022-33987
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33987
Release Date: 2022-06-18
Fix Resolution: got - 11.8.5,12.1.0
Step up your Open Source Security Game with Mend here
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in base branch: master
The package glob-parent from 6.0.0 and before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-cj88-88mr-972w
Release Date: 2021-06-22
Fix Resolution: glob-parent - 6.0.1
Step up your Open Source Security Game with Mend here
Mongoose MongoDB ODM
Library home page: https://registry.npmjs.org/mongoose/-/mongoose-5.13.14.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mongoose/package.json
Dependency Hierarchy:
Found in base branch: master
Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.
Publish Date: 2022-08-25
URL: CVE-2022-24304
Base Score Metrics:
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.