forked from snyk-labs/nodejs-goof
-
Notifications
You must be signed in to change notification settings - Fork 3
Pull requests: COG-GTM/nodejs-goof
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
fix: [marked] Upgrade marked from 0.3.5 to 0.3.6 to resolve CVE-2016-10531 (XSS)
#68
opened Jul 6, 2026 by
devin-ai-integration
Bot
Loading…
fix: [sha.js] Pin sha.js to 2.4.12 to resolve CVE-2025-9288 (missing input type check)
#67
opened Jul 6, 2026 by
devin-ai-integration
Bot
Loading…
fix: [form-data] Pin form-data to 2.5.4 to resolve CVE-2025-7783 (predictable boundary)
#66
opened Jul 6, 2026 by
devin-ai-integration
Bot
Loading…
fix: [handlebars] Upgrade hbs to 4.2.1 (handlebars 4.7.9) to resolve CVE-2026-33937 (Type Confusion)
#65
opened Jul 6, 2026 by
devin-ai-integration
Bot
Loading…
fix: [adm-zip] Upgrade adm-zip from 0.4.7 to 0.5.16 to resolve CVE-2018-1002204 (Zip Slip)
#64
opened Jul 6, 2026 by
devin-ai-integration
Bot
Loading…
Fix path traversal (SonarQube jssecurity:S2083) in routes/index.js
#63
opened Jul 3, 2026 by
devin-ai-integration
Bot
Loading…
Fix path traversal in save_account_details (SonarQube jssecurity:S2083)
#62
opened Jul 2, 2026 by
devin-ai-integration
Bot
Loading…
fix: [lodash] Upgrade lodash from 4.17.4 to 4.18.1 to resolve CVE-2026-4800 (Arbitrary Code Injection)
#61
opened Jun 29, 2026 by
devin-ai-integration
Bot
Loading…
fix: [validator] Upgrade validator from 13.5.2 to 13.15.x to resolve CVE-2025-12758
#60
opened Jun 29, 2026 by
devin-ai-integration
Bot
Loading…
fix: [marked] Upgrade marked from 0.3.5 to 4.x to resolve CVE-2016-10531 (Cross-site Scripting)
#59
opened Jun 29, 2026 by
devin-ai-integration
Bot
Loading…
fix: [handlebars] Upgrade handlebars from 4.0.14 to 4.7.9 (via hbs 4.0.x→4.2.1) to resolve SNYK-JS-HANDLEBARS-534988 (Prototype Pollution)
#58
opened Jun 29, 2026 by
devin-ai-integration
Bot
Loading…
fix: [adm-zip] Upgrade adm-zip from 0.4.7 to 0.5.16 to resolve CVE-2018-1002204 (Zip Slip)
#57
opened Jun 29, 2026 by
devin-ai-integration
Bot
Loading…
bug: remediate Snyk SCA dependency vulnerabilities (npm deps bucket)
#56
opened Jun 26, 2026 by
devin-ai-integration
Bot
Loading…
bug: remediate Snyk SAST findings in routes/index.js (NoSQL injection, open redirect, rate limiting)
#55
opened Jun 26, 2026 by
devin-ai-integration
Bot
Loading…
Harden app.js against Snyk SAST findings (secret, headers, cookie, HTTPS, CSRF)
#54
opened Jun 26, 2026 by
devin-ai-integration
Bot
Loading…
bug: bump Docker base image to node:18.20.8-bookworm-slim to remediate Snyk container findings
#53
opened Jun 26, 2026 by
devin-ai-integration
Bot
Loading…
Remove hardcoded passwords (Snyk NoHardcodedPasswords, CWE-798/259)
#52
opened Jun 26, 2026 by
devin-ai-integration
Bot
Loading…
Resolve high/critical Snyk SCA findings via dependency upgrades
#51
opened Jun 25, 2026 by
devin-ai-integration
Bot
Loading…
fix: [marked] Upgrade marked from 0.3.5 to 0.3.6 to resolve CVE-2016-10531 (ReDoS)
#50
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
fix: [sha.js] Upgrade sha.js from 2.4.11 to 2.4.12 to resolve CVE-2025-9288 (Missing Type Checks)
#49
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
fix: [form-data] Upgrade form-data from 2.3.3 to 2.5.6 to resolve CVE-2025-7783 (Predictable Boundary)
#48
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
fix: [adm-zip] Upgrade adm-zip from 0.4.7 to 0.4.11 to resolve CVE-2018-1002204 (Zip Slip)
#47
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
fix: [handlebars] Upgrade handlebars from 4.0.14 to 4.7.9 (via hbs ^4.2.1) to resolve CVE prototype pollution (SNYK-JS-HANDLEBARS-534988)
#46
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
fix: Remediate CVE-2024-4068 — override braces to 3.0.3
#45
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
fix: Remediate CVE-2024-33883 — upgrade ejs to 3.1.10
#44
opened Jun 24, 2026 by
devin-ai-integration
Bot
Loading…
Previous Next
ProTip!
Type g i on any issue or pull request to go back to the issue listing page.