Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade del from 3.0.0 to 8.0.0 #179

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & package-lock.json to reduce vulnerabilities

292b2ca
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade del from 3.0.0 to 8.0.0 #179

fix: package.json & package-lock.json to reduce vulnerabilities
292b2ca
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Oct 9, 2024 in 2m 38s

Security Report

You have successfully remediated 12 vulnerabilities, but introduced 7 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2020-36327

Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem

Dependency Hierarchy:

-> ❌ bundler-2.0.1.gem (Vulnerable Library)

High 8.8 bundler-2.0.1.gem Upgrade to version: bundler - 2.2.10 None
CVE-2019-3881

Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem

Dependency Hierarchy:

-> ❌ bundler-2.0.1.gem (Vulnerable Library)

High 7.8 bundler-2.0.1.gem Upgrade to version: v2.1.0.pre.3 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> browser-sync-2.26.4.tgz (Root Library)

   -> chokidar-2.1.2.tgz

     -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2021-43809

Path to vulnerable library: /vendor/bundle/ruby/3.2.0/cache/bundler-2.0.1.gem

Dependency Hierarchy:

-> ❌ bundler-2.0.1.gem (Vulnerable Library)

Medium 6.7 bundler-2.0.1.gem Upgrade to version: bundler - 2.2.33 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> screenshot-util-1.1.13.tgz (Root Library)

   -> express-4.16.4.tgz

     -> ❌ cookie-0.3.1.tgz (Vulnerable Library)

Medium 5.3 cookie-0.3.1.tgz Upgrade to version: cookie - 0.7.0 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> browser-sync-2.26.4.tgz (Root Library)

   -> chokidar-2.1.2.tgz

     -> anymatch-2.0.0.tgz

       -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> language-2.1.0.tgz (Root Library)

   -> google-gax-0.25.6.tgz

     -> ❌ semver-6.0.0.tgz (Vulnerable Library)

Medium 5.3 semver-6.0.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #162

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2023-33953 grpc-v1.19.0
WS-2020-0368 node-v7.6.0
CVE-2024-7246 grpc-v1.19.0
CVE-2018-17567 jekyll-v3.7.1
CVE-2023-45853 node-v7.6.0
CVE-2021-32740 addressable-addressable-2.6.0
CVE-2020-1971 ring-fips-20180730
CVE-2023-32732 grpc-v1.19.0
CVE-2018-7159 io.js
CVE-2018-25032 node-v7.6.0
CVE-2022-37434 node-v7.6.0
CVE-2020-14001 kramdown-REL_1_17_0

Base branch total remaining vulnerabilities: 125
Base branch commit: null


Total libraries scanned: 756

Scan token: 98e9687d4c2445bf8fa06f9fd65c0820

View more details on Mend Bolt for GitHub