Skip to content

Bump micromatch from 4.0.5 to 4.0.8 in /nightly-playground (#212)

Mend for GitHub.com / Mend Security Check failed Nov 12, 2024 in 4m 27s

Security Report

The Security Check found 4 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-21538

Path to dependency file: /nightly-playground/package.json

Path to vulnerable library: /nightly-playground/package.json,/keycloak/package.json

Dependency Hierarchy:

-> eslint-7.32.0.tgz (Root Library)

   -> ❌ cross-spawn-7.0.3.tgz (Vulnerable Library)

High 7.5 cross-spawn-7.0.3.tgz Upgrade to version: cross-spawn - 7.0.5 #213
CVE-2023-35165

Path to dependency file: /nightly-playground/package.json

Path to vulnerable library: /nightly-playground/package.json

Dependency Hierarchy:

-> ❌ aws-cdk-lib-2.45.0.tgz (Vulnerable Library)

Medium 6.6 aws-cdk-lib-2.45.0.tgz Upgrade to version: aws-cdk-lib - 2.80.0, @aws-cdk/aws-eks - 1.202.0 #138
CVE-2022-25883

Path to dependency file: /keycloak/package.json

Path to vulnerable library: /keycloak/package.json

Dependency Hierarchy:

-> assets-1.204.0.tgz (Root Library)

   -> cx-api-1.204.0.tgz

     -> ❌ semver-7.3.8.tgz (Vulnerable Library)

Medium 5.3 semver-7.3.8.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #193
CVE-2022-25883

Path to dependency file: /nightly-playground/package.json

Path to vulnerable library: /nightly-playground/package.json

Dependency Hierarchy:

-> aws-cdk-lib-2.45.0.tgz (Root Library)

   -> ❌ semver-7.3.7.tgz (Vulnerable Library)

Medium 5.3 semver-7.3.7.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #138

Total libraries scanned: 335
Scan token: 0ea55c32bd1040518d608c0f37302d37
View more details on Mend for GitHub.com