[Snyk] Upgrade: bootstrap-vue, cookie-universal-nuxt, graphql, nuxt, nuxt-i18n

[ashu1409]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

bootstrap-vue
from 2.21.2 to 2.23.1 | 3 versions ahead of your current version | 2 years ago
on 2022-10-26
cookie-universal-nuxt
from 2.1.4 to 2.2.2 | 4 versions ahead of your current version | 2 years ago
on 2022-08-05
graphql
from 16.2.0 to 16.9.0 | 67 versions ahead of your current version | 3 months ago
on 2024-06-21
nuxt
from 2.15.8 to 2.18.1 | 11 versions ahead of your current version | 3 months ago
on 2024-06-28
nuxt-i18n
from 6.20.1 to 6.28.1 | 21 versions ahead of your current version | 3 years ago
on 2021-08-03

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	751	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	751	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	751	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	751	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	751	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	751	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	751	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	751	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTMLMINIFIER-3091181	751	Proof of Concept
	Information Exposure SNYK-JS-NANOID-2332193	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	751	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	751	Proof of Concept
	Information Exposure SNYK-JS-PARSEURL-2935947	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	751	Proof of Concept
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	751	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	751	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	751	Proof of Concept
	Improper Input Validation SNYK-JS-PARSEURL-3024398	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	751	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	751	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	751	No Known Exploit

Release notes

Package name: bootstrap-vue

• 2.23.1 - 2022-10-26
  

  chore(release): v2.23.1

• 2.23.0 - 2022-10-25
  

  chore(release): v2.23.0

• 2.22.0 - 2022-04-17
  

  🚀 Features

  • b-link
    • #6811 Support exact-path and exact-path-active-class props for router link
  • b-form-tags
    • #6395 Adds focusin & focusout to wrapper and prevents firing multiple focus/blur events
    • #6347 Add feedback-aria-live prop
  • general
    • #6375 Add headerTag and footerTag props to all componets with header and footer
  • b-dropdown
    • #6339 Add toggle-attrs prop

  🐛 Bug Fixes

  • general
    • #6834 Replace sass division with multiplication
  • b-table
    • #6645 Selected table header text no longer prevents table row selection
    • #6606 Fix range selection of b-table
    • #6603 Set aria-sort when using sortKey and no-local-sorting
    • #6383 Default role to grid when selectable and table otherwise
    • #6382 Prefer user-provided role attribute
    • #6372 Add missing role="grid" when selectable
    • #6371 Header cell overflow for .sr-only sort label
    • #6355 Add missing sortKey field type and correct a typo
  • b-skeleton
    • #6858 Accepts custom attributes
  • nav-item-dropdown
    • 97bb97b Update dropdown to set correct aria-controls
  • b-dropdown
    • #6865 Set correct aria-haspopup attribute for the toggle button
    • #6367 Decrease delay when hiding inside a navbar on no-touch devices
  • utils/dom
    • #6508, #6511 Bind requestAF to window
  • docs
    • #6545 Use https:// urls in docs
  • b-form-group
    • #6346 Remove role="alert" from valid/invalid feedback
  • b-input-tags
    • #6389 Respect custom $input-color
  • b-link
    • #6374 Remove default values from vue-router pass-down props
  • b-img-lazy
    • #6349 Fix blank placeholder for Firefox
    • #6302 Fix blank-src not working
  • b-form-input/b-form-textarea
    • #6345 Legacy browser support

  🏡 Chore

  • tests
    • 8ce291b Refactor tests not to use $children
    • b16514b Remove useless localVue usage
    • ac8ebfe Replace find with findComponents
    • d113cc7 Remove createContainer helper
  • b-form-tags
    • #6752 Correct typo b-from-tags to b-form-tags
  • icons
    • #6611 Update Bootstrap Icons to v1.5.0
  • docs
    • #6466 Add new "Vuexy - Admin Dashboard" theme
    • #6368 Make sure the clicked anchor target is reflected in URL
  • ci
    • #6592 Update workflows to new Node.js versions
  • refactor
    • #6381 Move away from lifecycle hook listeners
    • #6356 Unify event variable names

  💖 Thanks to

  • Andrei Gheorghiu
  • Connor Forbes
  • Illya Klymov
  • JD
  • James Pickard
  • Jingsong Gao
  • John Franey
  • Jonathan Guberman
  • Joshua Wu
  • Konstantin
  • Lei Wang
  • Olena Horal
  • Pete Hegman
  • Rare Kang
  • Samuel Denis-D'Ortun
  • William
  • William Teixeira
  • magical-l
  • ochowei
  • xenolithviktor
• 2.21.2 - 2021-01-01
  

  🐛 Bug Fixes

  • b-dropdown
    • #6274 Only apply heading role to header when not a header tag
  • b-table
    • #6266 Allow responsive and stacked props together
    • #6251 Only set aria-describedby when caption really exists
  • general
    • #6265 Clean up props inheritance
    • #6226 Environment detection based on userAgent
  • b-form-datepicker/b-form-timepicker
    • #6249 Control size
  • b-sidebar
    • #6234 Make sure to not exceed 100% in height
  • b-icon
    • #6233 Title render handling

  🏡 Chore

  • docs
    • #6263 Correct typos and improve wording in theming section
    • #6244 Fix typos in <b-form-select> and <b-form-textarea> docs
    • d94edfe Fix typo on "Getting started" page
    • #6232 Remove label-for from <b-form-group>'s with <b-form-file> component
    • #6231 Fix typos in the Dropdown README
    • #6222 Improve Bootstrap/BootstrapVue style import guide in "Getting started" docs
  • icons
    • #6252 Update Bootstrap Icons to v1.2.2
  • general
    • #6227 Add Nuxt.js CodeSanbox CI template

  💖 Thanks to

  • Rich Klein
  • a-kriya
  • cvn
  • darrelfrancis

from bootstrap-vue GitHub release notes

Package name: cookie-universal-nuxt

• 2.2.2 - 2022-08-05
  

  v2.2.2

• 2.2.1 - 2022-05-31
  

  v2.2.1

• 2.2.0 - 2022-05-31
  

  v2.2.0

• 2.1.5 - 2021-06-10
  

  v2.1.5

• 2.1.4 - 2020-05-23
  

  v2.1.4

from cookie-universal-nuxt GitHub release notes

Package name: graphql

• 16.9.0 - 2024-06-21
• 16.9.0-canary.pr.4192.1813397076f44a55e5798478e7321db9877de97a - 2024-09-14
• 16.9.0-canary.pr.4159.0fa29326c53fcd63c6473c7357c28aa13fa0019d - 2024-08-13
• 16.8.2 - 2024-06-12
  

  v16.8.2 (2024-06-12)

  Bug Fix 🐞

  • #4022 fix: remove globalThis check and align with what bundlers can accept (@ JoviDeCroock)

  Internal 🏠

  • #4104 Fix publish scripts (@ benjie)

  Committers: 2

  • Benjie(@ benjie)
  • Jovi De Croock(@ JoviDeCroock)
• 16.8.1 - 2023-09-19
  

  v16.8.1 (2023-09-19)

  Bug Fix 🐞

  • #3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@ AaronMoat)

  Committers: 1

  • Aaron Moat(@ AaronMoat)
• 16.8.0 - 2023-08-14
  

  v16.8.0 (2023-08-14)

  New Feature 🚀

  • #3950 Support fourfold nested lists (@ gschulze)

  Committers: 1

  • Gunnar Schulze(@ gschulze)
• 16.7.1 - 2023-06-22
  

  v16.7.1 (2023-06-22)

  📢 Big shout out to @ phryneas, who managed to reproduce this issue and come up with this fix.

  Bug Fix 🐞

  • #3923 instanceOf: workaround bundler issue with process.env (@ IvanGoncharov)

  Committers: 1

  • Ivan Goncharov(@ IvanGoncharov)
• 16.7.0 - 2023-06-21
  

  v16.7.0 (2023-06-21)

  New Feature 🚀

  • #3887 check "globalThis.process" before accessing it (@ kettanaito)

  Bug Fix 🐞

  • #3707 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@ chrskrchr)
  • #3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@ stenreijers)

  Committers: 3

  • Artem Zakharchenko(@ kettanaito)
  • Chris Karcher(@ chrskrchr)
  • Sten Reijers(@ stenreijers)
• 16.6.0 - 2022-08-16
  

  v16.6.0 (2022-08-16)

  New Feature 🚀

  • #3645 createSourceEventStream: introduce named arguments and deprecate positional arguments (@ yaacovCR)
  • #3702 parser: limit maximum number of tokens (@ IvanGoncharov)

  Bug Fix 🐞

  • #3686 Workaround for codesandbox having bug with TS enums (@ IvanGoncharov)
  • #3701 Parser: allow 'options' to explicitly accept undefined (@ IvanGoncharov)

  Committers: 2

  • Ivan Goncharov(@ IvanGoncharov)
  • Yaacov Rydzinski (@ yaacovCR)
• 16.5.0 - 2022-05-09
  

  v16.5.0 (2022-05-09)

  New Feature 🚀

  • #3565 Expose GraphQLErrorOptions type (#3554) (@ IvanGoncharov)

  Committers: 1

  • Ivan Goncharov(@ IvanGoncharov)
• 16.5.0-canary.pr.3686.d9ad8e3fd58929d38deea522d794a6b22d3244b5 - 2022-08-02
• 16.4.0 - 2022-04-25
• 16.4.0-canary.pr.2839.e3a8069cfaa6406186314b62aced6487f417a2e6 - 2022-04-27
• 16.3.0 - 2022-01-26
• 16.3.0-canary.pr.3521.f50bec8fecfd5aaa7e74227c5a4b9056dae9e849 - 2022-03-26
• 16.3.0-canary.pr.3520.688c34204fb183f15a334882567d4d6d011cd234 - 2022-03-25
• 16.3.0-canary.pr.3518.3a63d81d7ad886f7edc3cab06fd2295b71c91bed - 2022-03-23
• 16.3.0-canary.pr.3514.a34e553c7cc83a21ffa73c7bf1a1932007a2606b - 2022-03-20
• 16.3.0-canary.pr.3512.a3b8b9e394ae4050a2100de2720f8b3ded0a3e41 - 2022-03-18
• 16.3.0-canary.pr.3510.942fbd8ea3d803e74908fabecbe03dfaefe3e5c8 - 2022-03-14
• 16.3.0-canary.pr.3510.5099f4491dc2a35a3e4a0270a55e2a228c15f13b - 2022-03-14
• 16.3.0-canary.pr.3506.be685b29062b443b0962af292fb5c9337331db70 - 2022-02-26
• 16.3.0-canary.pr.3505.b157d96d56ade071a24a1b0c71334efb9af57689 - 2022-02-21
• 16.3.0-canary.pr.3505.9190e5ce1cc557931a15ca1f7b15586f033c8a02 - 2022-02-20
• 16.3.0-canary.pr.3504.7c7b6ed1e17e6cf5e114f1a89a24d289fb969aff - 2022-02-18
• 16.3.0-canary.pr.3502.de9b8457d4a34eb544ff7b97ffacd641c913a2d1 - 2022-02-16
• 16.3.0-canary.pr.3501.1daccf7bfd7fe9ffeabb319f26aa1b9bf5133e4c - 2022-02-15
• 16.3.0-canary.pr.3499.ee62926bcf03d7d05ccb227cb7a67338ebab423d - 2022-02-14
• 16.3.0-canary.pr.3498.5fd2797529557639476d5aa24359f97653bcbf22 - 2022-02-12
• 16.3.0-canary.pr.3497.4a0bc98371a633cf49efc236c1011ca5a955e848 - 2022-02-12
• 16.3.0-canary.pr.3496.43a2529cfa6890f5a11867e62c7a817d7879235d - 2022-02-11
• 16.3.0-canary.pr.3494.612fd45b42a5e2aa26d9bd72e1c89d7219620dea - 2022-02-11
• 16.3.0-canary.pr.3494.25e1e8c8de6b13288ac61febf75d6f415f81a044 - 2022-02-17
• 16.3.0-canary.pr.3493.365426c363b5db8b3278d34deff0d790edcb6fdd - 2022-02-10
• 16.3.0-canary.pr.3489.568f3378cc3cf660e25d79253cc9a101ae9df4e0 - 2022-02-09
• 16.3.0-canary.pr.3488.9f7ad13c9ae7289c4d425698bd040d36978ff81a - 2022-02-09
• 16.3.0-canary.pr.3488.0d90f0c792c9d223b5505d3cc0d9a8519bb2883a - 2022-02-09
• 16.3.0-canary.pr.3487.a0dcf0130ae81994df47049c9233df11516abfcd - 2022-02-09
• 16.3.0-canary.pr.3487.8c9c7200bf3db49bf1c32055d60fdd5ea3089add - 2022-02-08
• 16.3.0-canary.pr.3486.c8ac9896696f401b9efffa1806443732cb0a010d - 2022-02-07
• 16.3.0-canary.pr.3485.d71879afe1f1411b80adcbfe33bd95ab57e7fc11 - 2022-02-07
• 16.3.0-canary.pr.3485.3c71ef7dd720383cba84a1637665fc18001c4f32 - 2022-02-07
• 16.3.0-canary.pr.3484.b6999ce061b975f1c6c99c790782323b91c5eb21 - 2022-02-05
• 16.3.0-canary.pr.3483.undefined - 2022-02-05
• 16.3.0-canary.pr.3482.undefined - 2022-02-05
• 16.3.0-canary.pr.3482.e5eb0dafc74d537a1e07c6a2cc15afdc1431537f - 2022-02-10
• 16.3.0-canary.pr.3482.7777ea054008ac921136cf694d64041494250def - 2022-02-11
• 16.3.0-canary.pr.3482.6f2ec221eab5916d6d7bbfc6167256477bd35c45 - 2022-02-12
• 16.3.0-canary.pr.3481.undefined - 2022-02-05
• 16.3.0-canary.pr.3480.undefined - 2022-02-04
• 16.3.0-canary.pr.3479.undefined - 2022-02-04
• 16.3.0-canary.pr.3469.bef54ca054e29cae26d2dd974eedf2c12bca7ef4 - 2022-02-02
• 16.3.0-canary.pr.3469.bc0462e3d100314d7aa00049d2c15cbb58d8b3d8 - 2022-02-02
• 16.3.0-canary.pr.3469.8212fa925aa1a32715752030913a6e296e8c0fd3 - 2022-02-02
• 16.3.0-canary.pr.3465.6c6701425310ce7f866ce71628bdf9443ae0f0af - 2022-03-23
• 16.3.0-canary.pr.3418.662180be9091ee1edf699b4cf4922bd5b7705297 - 2022-02-23
• 16.3.0-canary.pr.3418.64c65ba6a2e7e923ed9a476c945f3c72da7a6c7f - 2022-02-22
• 16.3.0-canary.pr.3134.aaacb12ce929a1f2899503018cc6d39a2f83ae28 - 2022-02-23
• 16.3.0-canary.pr.2839.f76ee8fd7af45d88a33dfc674f2a71d505d2d9b1 - 2022-02-23
• 16.3.0-canary.pr.2839.aab5478afb03155d26abbee8ad8fa34841ee3be3 - 2022-04-18
• 16.3.0-canary.pr.2839.9c3b21ca34d760070b76424327061e6b4ad26f05 - 2022-03-07
• 16.3.0-canary.pr.2839.7e65b1d8e7b5bf1ef1592babff40b9873198a741 - 2022-02-07
• 16.3.0-canary.pr.2839.5c5e3621fdc4e4ee4e7f781962fe4a99319d6ac0 - 2022-03-07
• 16.3.0-canary.pr.2839.3405bedecf6a15ea89f64d6a86d84234a3c0cf7b - 2022-02-23
• 16.3.0-canary.pr.2839.0f282a62cbd565b6e8682f6c1e8c49ac075ac257 - 2022-02-23
• 16.3.0-canary.pr.2839.09322403ecf6640bfc695dab3ffe5e98f611911d - 2022-04-22
• 16.3.0-canary.pr.2757.7e793c133f5b9c47a1b12e98ea3a35b1b1471dc4 - 2022-02-23
• 16.2.0 - 2021-12-17

from graphql GitHub release notes

Package name: nuxt

• 2.18.1 - 2024-06-28
  

  👉 Changelog

  compare changes

  🩹 Fixes

  • webpack: Depend on earlier version of mkdirp (f67056b9e)

  ❤️ Contributors

  • Daniel Roe (@ danielroe)
• 2.18.0 - 2024-06-27
  

  👉 Changelog

  compare changes

  🚀 Enhancements

  • webpack: Migrate to memfs (#27652)

  🩹 Fixes

  • vue-app: Don't throw if we can't read sessionStorage (#27662)
  • config: Add back md4 monkey-patch for wider ecosystem (#27865)

  🏡 Chore

  • Bump internal versions (9e829b59a)
  • Add non-applicable advisory GHSA-3h5v-q93c-6h6q (5ef7311f0)

  ❤️ Contributors

  • Daniel Roe (@ danielroe)
• 2.17.4 - 2024-06-14
  

  👉 Changelog

  compare changes

  🩹 Fixes

  • types: Bump serve-static types to v1.15.7 (1c44c376d)
  • generator: Use maintained html-minifier-terser (#26914)
  • vue-app: Prevent double page mount (#10874)
  • core: Don't skip loading runtime modules if one is improperly resolved (#10193)
  • vue-app: Prevent error page mounting twice (#27484)

  🏡 Chore

  • Update repository field for @ nuxt/config (c283cc039)
  • Mark GHSA-2p57-rm9w-gvfp as not applicable (4782e3c90)
  • Update repository urls (07668eafb)
  • Mark GHSA-grv7-fg5c-xmjg as not applicable (eeb6207c9)
  • Refresh yarn lockfile (#27612)

  ✅ Tests

  • Properly close page in e2e tests (1700aa131)
  • Wait for navigation in redirect test (e74715606)
  • Don't register promise in external nav (#27468)

  🤖 CI

  • Add label PR workflow (#25580)
  • Make edge releases on commit basis (1eb08d1ba)
  • Remove ref for release workflows (06f91349f)
  • Don't skip tests from branch named dev (2a5d05257)
  • Update test conditions (940fc7dcb)

  ❤️ Contributors

  • Dmitriy (@ Kolobok12309)
  • Ivan Ehreshi (@ IvanEh)
  • Daniel Roe (@ danielroe)
  • Damian Głowala (@ DamianGlowala)
• 2.17.3 - 2024-01-12
• 2.17.2 - 2023-10-24
• 2.17.1 - 2023-07-14
• 2.17.0 - 2023-06-09
• 2.16.3 - 2023-03-17
• 2.16.2 - 2023-03-01
• 2.16.1 - 2023-02-13
• 2.16.0 - 2023-02-03
• 2.15.8 - 2021-08-11

from nuxt GitHub release notes

Package name: nuxt-i18n

• 6.28.1 - 2021-08-03
• 6.28.0 - 2021-07-25
• 6.27.3 - 2021-07-09
• 6.27.2 - 2021-06-23
• 6.27.1 - 2021-06-15
• 6.27.0 - 2021-05-07
• 6.26.0 - 2021-04-20
• 6.25.0 - 2021-04-13
• 6.24.0 - 2021-04-09
• 6.23.0 - 2021-04-07
• 6.22.3 - 2021-03-30
• 6.22.2 - 2021-03-26
• 6.22.1 - 2021-03-25
• 6.22.0 - 2021-03-24
• 6.21.1 - 2021-03-15
• 6.21.0 - 2021-03-10
• 6.20.6 - 2021-03-08
• 6.20.5 - 2021-03-08
• 6.20.4 - 2021-03-01
• 6.20.3 - 2021-02-24
• 6.20.2 - 2021-02-19
• 6.20.1 - 2021-02-15

from nuxt-i18n GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"bootstrap-vue","from":"2.21.2","to":"2.23.1"},{"name":"cookie-universal-nuxt","from":"2.1.4","to":"2.2.2"},{"name":"graphql","from":"16.2.0","to":"16.9.0"},{"name":"nuxt","from":"2.15.8","to":"2.18.1"},{"name":"nuxt-i18n","from":"6.20.1","to":"6.28.1"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-IP-6240864","issue_id":"SNYK-JS-IP-6240864","priority_score":751,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.6","score":430},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-2936249","issue_id":"SNYK-JS-PARSEURL-2936249","priority_score":791,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"9.4","score":470},{"type":"scoreVersion","label":"v1","score":1}],"severity":"critical","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","issue_id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":691,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.4","score":370},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WS-7266574","issue_id":"SNYK-JS-WS-7266574","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-NTHCHECK-1586032","issue_id":"SNYK-JS-NTHCHECK-1586032","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEPATH-2936439","issue_id":"SNYK-JS-PARSEPATH-2936439","priority_score":686,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.3","score":365},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Authorization Bypass Through User-Controlled Key"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-SHELLQUOTE-1766506","issue_id":"SNYK-JS-SHELLQUOTE-1766506","priority_score":619,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"8.1","score":405},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-ANSIHTML-1296849","issue_id":"SNYK-JS-ANSIHTML-1296849","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SEMVER-3247795","issue_id":"SNYK-JS-SEMVER-3247795","priority_score":696,"priority_score_factors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"7.5","score":375},{"type":"scoreVersion","label":"v1","score":1}],"severity":"high","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-PARSEURL-2942134","issue_id":"SNYK-JS-PARSEURL-2942134","priority_score":...