chore(deps): update mend: high confidence minor and patch dependency updates #3
Security Report
| CVE | Severity |  CVSS Score |
Exploit Maturity | EPSS | Vulnerable Library | Suggested Fix | Issue | Reachability |
|---|---|---|---|---|---|---|---|---|
CVE-2023-37903Path to dependency file: /package.json Path to vulnerable library: /node_modules/vm2/package.json Dependency Hierarchy: -> cli-1.16.0.tgz (Root Library) -> ❌ vm2-3.9.19.tgz (Vulnerable Library) |
 Critical |
9.8 | Not Defined | 0.5% | vm2-3.9.19.tgz | #5 |
|
|
CVE-2023-37466Path to dependency file: /package.json Path to vulnerable library: /node_modules/vm2/package.json Dependency Hierarchy: -> cli-1.16.0.tgz (Root Library) -> ❌ vm2-3.9.19.tgz (Vulnerable Library) |
Critical |
9.8 | Not Defined | 1.2% | vm2-3.9.19.tgz | #5 |
|
|
WS-2023-0439Path to dependency file: /package.json Path to vulnerable library: /node_modules/posthog-node/node_modules/axios/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> posthog-node-2.6.0.tgz -> ❌ axios-0.27.2.tgz (Vulnerable Library) |
 High |
7.5 | Not Defined | axios-0.27.2.tgz | Upgrade to version: axios - 1.6.3,0.20.0 | #6 |
|
|
CVE-2023-45857Path to dependency file: /package.json Path to vulnerable library: /node_modules/posthog-node/node_modules/axios/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> posthog-node-2.6.0.tgz -> ❌ axios-0.27.2.tgz (Vulnerable Library) |
 Medium |
6.5 | Not Defined | 0.1% | axios-0.27.2.tgz | Upgrade to version: axios - 1.6.0 | #6 |
|
CVE-2024-47831Path to dependency file: /package.json Path to vulnerable library: /node_modules/next/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> ❌ next-12.3.4.tgz (Vulnerable Library) |
Medium |
5.9 | Not Defined | 0.0% | next-12.3.4.tgz | Upgrade to version: next - 14.2.7 | #6 |
|
CVE-2023-0842Path to dependency file: /package.json Path to vulnerable library: /node_modules/express-xml-bodyparser/node_modules/xml2js/package.json Dependency Hierarchy: -> @usebruno/tests-0.0.1.tgz (Root Library) -> express-xml-bodyparser-0.3.0.tgz -> ❌ xml2js-0.4.23.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | xml2js-0.4.23.tgz | Upgrade to version: xml2js - 0.5.0 | #7 |
|
CVE-2024-21534Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsonpath-plus/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> ❌ jsonpath-plus-7.2.0.tgz (Vulnerable Library) |
Critical |
9.8 | Proof of concept | 0.0% | jsonpath-plus-7.2.0.tgz | Upgrade to version: jsonpath-plus - 10.0.0 | #6 |
|
CVE-2023-44270Path to dependency file: /package.json Path to vulnerable library: /node_modules/next/node_modules/postcss/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> next-12.3.4.tgz -> ❌ postcss-8.4.14.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.1% | postcss-8.4.14.tgz | Upgrade to version: postcss - 8.4.31 | #6 |
|
CVE-2021-23358Path to dependency file: /package.json Path to vulnerable library: /node_modules/underscore/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> jsonlint-1.6.3.tgz -> nomnom-1.8.1.tgz -> ❌ underscore-1.6.0.tgz (Vulnerable Library) |
 Low |
3.3 | Proof of concept | 1.5% | underscore-1.6.0.tgz | Upgrade to version: underscore - 1.12.1,1.13.0-2 | #6 |
|
CVE-2024-4367Path to dependency file: /package.json Path to vulnerable library: /node_modules/pdfjs-dist/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> ❌ pdfjs-dist-3.11.174.tgz (Vulnerable Library) |
High |
8.8 | Not Defined | 0.0% | pdfjs-dist-3.11.174.tgz | Upgrade to version: pdfjs-dist - 4.2.67 | #6 | |
CVE-2024-21529Path to dependency file: /package.json Path to vulnerable library: /node_modules/dset/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> codemirror-graphql-1.2.5.tgz -> graphql-language-service-3.2.5.tgz -> graphql-language-service-types-1.8.7.tgz -> graphql-config-4.5.0.tgz -> url-loader-7.17.18.tgz -> executor-http-0.1.10.tgz -> ❌ dset-3.1.3.tgz (Vulnerable Library) |
High |
8.2 | Proof of concept | 0.0% | dset-3.1.3.tgz | Upgrade to version: dset - 3.1.4 | #6 | |
CVE-2024-41818Path to dependency file: /package.json Path to vulnerable library: /node_modules/fast-xml-parser/package.json Dependency Hierarchy: -> cli-1.16.0.tgz (Root Library) -> credential-providers-3.525.0.tgz -> client-sts-3.525.0.tgz -> ❌ fast-xml-parser-4.2.5.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.1% | fast-xml-parser-4.2.5.tgz | Upgrade to version: fast-xml-parser - 4.4.1 | #5 | |
CVE-2024-4068Path to dependency file: /package.json Path to vulnerable library: /node_modules/braces/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> codemirror-graphql-1.2.5.tgz -> graphql-language-service-3.2.5.tgz -> graphql-language-service-types-1.8.7.tgz -> graphql-config-4.5.0.tgz -> json-file-loader-7.4.18.tgz -> globby-11.1.0.tgz -> fast-glob-3.3.2.tgz -> micromatch-4.0.5.tgz -> ❌ braces-3.0.2.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.0% | braces-3.0.2.tgz | Upgrade to version: braces - 3.0.3 | #6 | |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/@graphql-tools/executor-graphql-ws/node_modules/ws/package.json,/node_modules/@graphql-tools/executor-legacy-ws/node_modules/ws/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> codemirror-graphql-1.2.5.tgz -> graphql-language-service-3.2.5.tgz -> graphql-language-service-types-1.8.7.tgz -> graphql-config-4.5.0.tgz -> url-loader-7.17.18.tgz -> executor-graphql-ws-0.0.14.tgz -> ❌ ws-8.13.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.0% | ws-8.13.0.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #6 | |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/ws/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> codemirror-graphql-1.2.5.tgz -> graphql-language-service-3.2.5.tgz -> graphql-language-service-types-1.8.7.tgz -> graphql-config-4.5.0.tgz -> url-loader-7.17.18.tgz -> ❌ ws-8.16.0.tgz (Vulnerable Library) |
High |
7.5 | Not Defined | 0.0% | ws-8.16.0.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | #6 | |
CVE-2024-28863Path to dependency file: /package.json Path to vulnerable library: /node_modules/tar/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> pdfjs-dist-3.11.174.tgz -> canvas-2.11.2.tgz -> node-pre-gyp-1.0.11.tgz -> ❌ tar-6.2.0.tgz (Vulnerable Library) |
Medium |
6.5 | Not Defined | 0.0% | tar-6.2.0.tgz | Upgrade to version: tar - 6.2.1 | #6 | |
CVE-2024-47764Path to dependency file: /package.json Path to vulnerable library: /node_modules/cookie-parser/node_modules/cookie/package.json Dependency Hierarchy: -> @usebruno/tests-0.0.1.tgz (Root Library) -> cookie-parser-1.4.6.tgz -> ❌ cookie-0.4.1.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.0% | cookie-0.4.1.tgz | Upgrade to version: cookie - 0.7.0 | #7 | |
CVE-2024-47764Path to dependency file: /package.json Path to vulnerable library: /node_modules/cookie/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> ❌ cookie-0.6.0.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.0% | cookie-0.6.0.tgz | Upgrade to version: cookie - 0.7.0 | #6 | |
CVE-2024-4067Path to dependency file: /package.json Path to vulnerable library: /node_modules/micromatch/package.json Dependency Hierarchy: -> @usebruno/app-0.3.0.tgz (Root Library) -> codemirror-graphql-1.2.5.tgz -> graphql-language-service-3.2.5.tgz -> graphql-language-service-types-1.8.7.tgz -> graphql-config-4.5.0.tgz -> json-file-loader-7.4.18.tgz -> globby-11.1.0.tgz -> fast-glob-3.3.2.tgz -> ❌ micromatch-4.0.5.tgz (Vulnerable Library) |
Medium |
5.3 | Not Defined | 0.0% | micromatch-4.0.5.tgz | Upgrade to version: micromatch - 4.0.8 | #6 |
Total libraries scanned: 863
Scan token: fb73c23416b649f694bb6389fe2e91bd