fixed packages vulnerability from backend #463
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it: update the vulnerable packages from backend explorer
Which issue(s) this PR fixes: packages vulnerabilities from backend application
Fixes #458
Special notes for your reviewer:
Does this PR introduce a user-facing change: None
Additional documentation, usage docs, etc.:
NOTE: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
ref url: GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
ref url: GHSA-qwph-4952-7xr6
busboy(Depends on vulnerable versions of dicer),
multer(Depends on vulnerable versions of busboy)
NOTE- busboy---> dependency package of multer
dicer----> dependency package of busboy
NOTE: Passport vulnerable to session regeneration when a users logs in or out - GHSA-v923-w3x8-wh69
"sequelize": "^6.12.2", ------> "^6.33.0",
"mocha": "^8.2.1", ----> "^10.2.0", ----> mocha v5.1.0 - v9.2.1 Depends on vulnerable versions of "minimatch" and "nanoid"
[minimatch <3.0.5 Severity: high]
[nanoid 3.0.0 - 3.1.30 Severity: moderate]