[Snyk] Fix for 65 vulnerabilities by khadija-nur · Pull Request #91 · fac20/sp-bghm

khadija-nur · 2026-01-16T15:52:23Z

Snyk has created this PR to fix 65 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

package.json
package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	828
	Symlink Attack SNYK-JS-TARFS-9535930	821
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	791
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	786
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	756
	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	756
	Prototype Pollution SNYK-JS-LODASH-567746	731
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12704893	716
	Server-side Request Forgery (SSRF) SNYK-JS-IP-12761655	716
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	696
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	696
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	696
	Denial of Service (DoS) SNYK-JS-WS-7266574	696
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	691
	Prototype Pollution SNYK-JS-MERGE-1042987	686
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	686
	Code Injection SNYK-JS-LODASH-1040724	681
	Code Injection SNYK-JS-LODASHTEMPLATE-1088054	681
	Interpretation Conflict SNYK-JS-NODEFORGE-14114940	679
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	666
	Symlink Attack SNYK-JS-TMP-11501554	661
	Uncontrolled Recursion SNYK-JS-NODEFORGE-14125745	649
	Improper Link Resolution Before File Access ('Link Following') SNYK-JS-TARFS-10293725	649
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	646
	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	646
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	646
	Prototype Pollution SNYK-JS-JSON5-3182856	641
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631
	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	626
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	619
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	616
	Prototype Pollution SNYK-JS-OBJECTPATH-1569453	601
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	601
	Prototype Pollution SNYK-JS-OBJECTPATH-1585658	590
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	589
	Prototype Pollution SNYK-JS-MERGE-1040469	589
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	589
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	586
	Open Redirect SNYK-JS-NODEFORGE-2330875	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	586
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	586
	Insufficiently Protected Credentials SNYK-JS-AIRTABLE-3150819	579
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	579
	Prototype Pollution SNYK-JS-JSYAML-13961110	559
	Integer Overflow or Wraparound SNYK-JS-NODEFORGE-14125097	529
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	529
	Prototype Pollution SNYK-JS-MINIMIST-2429795	506
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	506
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	494
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	494
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	479
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	479
	Improper Input Validation SNYK-JS-POSTCSS-5926692	479
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	479
	Symlink Following SNYK-JS-TARFS-13045213	469
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	436
	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	429

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Predictable Value Range from Previous Values
🦉 Server-side Request Forgery (SSRF)
🦉 More lessons are available in Snyk Learn

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 65 vulnerabilities#91

[Snyk] Fix for 65 vulnerabilities#91
khadija-nur wants to merge 1 commit intomasterfrom
snyk-fix-ea46269aef473941047f760bf6efe8e8

khadija-nur commented Jan 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

khadija-nur commented Jan 16, 2026

Snyk has created this PR to fix 65 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants