Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade vulnerable dependencies #26

Open
luisan00 opened this issue Jul 18, 2020 · 0 comments · May be fixed by #22, #24 or #28
Open

Upgrade vulnerable dependencies #26

luisan00 opened this issue Jul 18, 2020 · 0 comments · May be fixed by #22, #24 or #28
Labels
dependencies Pull requests that update a dependency file

Comments

@luisan00
Copy link
Member

luisan00 commented Jul 18, 2020
edited
Loading

Upgrade vulnerable libraries

Some libraries need to be upgraded

Library Severity Where Details
minimist moderate severity package-lock.json CVE-2020-7598
kind-of moderate severity package-lock.json CVE-2019-20149
mongoose moderate severity package-lock.json CVE-2019-17426
mixin-deep high severity package-lock.json CVE-2019-10746
set-value high severity package-lock.json CVE-2019-10747
lodash critical severity package-lock.json CVE-2019-10744
mpath low severity package-lock.json CVE-2018-16490

Related pull requests:
This was linked to pull requests Dec 19, 2020
Bump mixin-deep from 1.3.1 to 1.3.2 #22
Open
Bump mongoose from 5.2.7 to 5.7.5 #24
Open
Bump lodash from 4.17.10 to 4.17.19 #25
Closed
Bump node-fetch from 2.6.0 to 2.6.1 #27
Closed
Bump ini from 1.3.5 to 1.3.7 #28
Open
@luisan00 luisan00 added the dependencies Pull requests that update a dependency file label Dec 19, 2020
@luisan00 luisan00 changed the title Upgrade vulnerable libraries Upgrade vulnerable dependencies Dec 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
1 participant
@luisan00