Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade gatsby from 2.3.14 to 2.32.8 #395

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & package-lock.json to reduce vulnerabilities

9b6263f
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade gatsby from 2.3.14 to 2.32.8 #395

fix: package.json & package-lock.json to reduce vulnerabilities
9b6263f
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 17, 2024 in 8m 45s

Security Report

You have successfully remediated 121 vulnerabilities, but introduced 45 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2020-7768

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grpc/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> ❌ grpc-1.19.0.tgz (Vulnerable Library)

Critical 9.8 grpc-1.19.0.tgz Upgrade to version: grpc 1.24.4, grpc-js 1.1.8 #319
CVE-2020-7768

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@grpc/grpc-js/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> ❌ grpc-js-0.3.6.tgz (Vulnerable Library)

Critical 9.8 grpc-js-0.3.6.tgz Upgrade to version: grpc 1.24.4, grpc-js 1.1.8 #319
CVE-2024-29415

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ip/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> ❌ ip-1.1.9.tgz (Vulnerable Library)

Critical 9.1 ip-1.1.9.tgz None
CVE-2022-2900

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/parse-url/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> gatsby-telemetry-1.10.2.tgz

     -> git-up-4.0.5.tgz

       -> ❌ parse-url-6.0.5.tgz (Vulnerable Library)

Critical 9.1 parse-url-6.0.5.tgz Upgrade to version: parse-url - 8.0.0 None
CVE-2019-10744

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/lodash.merge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> ❌ lodash.merge-4.6.1.tgz (Vulnerable Library)

Critical 9.1 lodash.merge-4.6.1.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #244
CVE-2022-23539

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ jsonwebtoken-8.1.0.tgz (Vulnerable Library)

High 8.1 jsonwebtoken-8.1.0.tgz Upgrade to version: jsonwebtoken - 9.0.0 #233
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> storage-1.7.0.tgz

     -> ❌ async-2.6.1.tgz (Vulnerable Library)

High 7.8 async-2.6.1.tgz Upgrade to version: async - 2.6.4,3.2.2 #273
CVE-2022-23540

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ jsonwebtoken-8.1.0.tgz (Vulnerable Library)

High 7.6 jsonwebtoken-8.1.0.tgz Upgrade to version: jsonwebtoken - 9.0.0 #257
WS-2022-0238

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/parse-url/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> gatsby-telemetry-1.10.2.tgz

     -> git-up-4.0.5.tgz

       -> ❌ parse-url-6.0.5.tgz (Vulnerable Library)

High 7.5 parse-url-6.0.5.tgz Upgrade to version: parse-url - 8.0.0 None
WS-2022-0237

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/parse-url/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> gatsby-telemetry-1.10.2.tgz

     -> git-up-4.0.5.tgz

       -> ❌ parse-url-6.0.5.tgz (Vulnerable Library)

High 7.5 parse-url-6.0.5.tgz Upgrade to version: parse-url - 8.0.0 None
WS-2019-0310

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/https-proxy-agent/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> google-auth-library-2.0.2.tgz

         -> ❌ https-proxy-agent-2.2.1.tgz (Vulnerable Library)

High 7.5 https-proxy-agent-2.2.1.tgz Upgrade to version: https-proxy-agent - 2.2.3 #91
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/braces/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> chokidar-2.1.8.tgz

       -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2023-32695

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/socket.io-parser/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> socket.io-3.1.1.tgz

     -> ❌ socket.io-parser-4.0.5.tgz (Vulnerable Library)

High 7.5 socket.io-parser-4.0.5.tgz Upgrade to version: socket.io-parser - 3.4.3,4.2.3 None
CVE-2022-25878

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/protobufjs/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> ❌ protobufjs-6.8.8.tgz (Vulnerable Library)

High 7.5 protobufjs-6.8.8.tgz Upgrade to version: protobufjs - 6.10.3,6.11.3 #239
CVE-2022-24772

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/node-forge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ node-forge-0.7.4.tgz (Vulnerable Library)

High 7.5 node-forge-0.7.4.tgz Upgrade to version: node-forge - 1.3.0 #289
CVE-2022-24772

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/selfsigned/node_modules/node-forge/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #289
CVE-2022-24771

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/node-forge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ node-forge-0.7.4.tgz (Vulnerable Library)

High 7.5 node-forge-0.7.4.tgz Upgrade to version: node-forge - 1.3.0 #290
CVE-2022-24771

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/selfsigned/node_modules/node-forge/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #290
CVE-2021-3749

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/axios/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> google-auth-library-2.0.2.tgz

         -> ❌ axios-0.18.0.tgz (Vulnerable Library)

High 7.5 axios-0.18.0.tgz Upgrade to version: axios - 0.21.2 None
CVE-2020-7662

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/websocket-extensions/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> database-0.3.17.tgz

     -> faye-websocket-0.11.1.tgz

       -> websocket-driver-0.7.4.tgz

         -> ❌ websocket-extensions-0.1.3.tgz (Vulnerable Library)

High 7.5 websocket-extensions-0.1.3.tgz Upgrade to version: websocket-extensions - 0.1.4 #274
CVE-2019-10742

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/axios/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> google-auth-library-2.0.2.tgz

         -> ❌ axios-0.18.0.tgz (Vulnerable Library)

High 7.5 axios-0.18.0.tgz Upgrade to version: axios - 0.18.1 #59
CVE-2024-29180

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/webpack-dev-middleware/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> ❌ webpack-dev-middleware-3.7.3.tgz (Vulnerable Library)

High 7.4 webpack-dev-middleware-3.7.3.tgz Upgrade to version: webpack-dev-middleware - 5.3.4,6.1.2,7.1.0 None
CVE-2022-0624

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/parse-path/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> gatsby-telemetry-1.10.2.tgz

     -> git-up-4.0.5.tgz

       -> parse-url-6.0.5.tgz

         -> ❌ parse-path-4.0.4.tgz (Vulnerable Library)

High 7.3 parse-path-4.0.4.tgz Upgrade to version: parse-path - 5.0.0 None
CVE-2020-7720

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/node-forge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ node-forge-0.7.4.tgz (Vulnerable Library)

High 7.3 node-forge-0.7.4.tgz Upgrade to version: node-forge - 0.10.0 #324
WS-2022-0008

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/node-forge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ node-forge-0.7.4.tgz (Vulnerable Library)

Medium 6.6 node-forge-0.7.4.tgz Upgrade to version: node-forge - 1.0.0 #253
WS-2022-0008

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/selfsigned/node_modules/node-forge/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.6 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #253
CVE-2023-45857

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/axios/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> google-auth-library-2.0.2.tgz

         -> ❌ axios-0.18.0.tgz (Vulnerable Library)

Medium 6.5 axios-0.18.0.tgz Upgrade to version: axios - 1.6.0 None
CVE-2023-45857

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/gatsby/node_modules/axios/package.json,/node_modules/contentful-management/node_modules/axios/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> ❌ axios-0.21.4.tgz (Vulnerable Library)

Medium 6.5 axios-0.21.4.tgz Upgrade to version: axios - 1.6.0 None
CVE-2022-41940

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/engine.io/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> socket.io-3.1.1.tgz

     -> ❌ engine.io-4.1.2.tgz (Vulnerable Library)

Medium 6.5 engine.io-4.1.2.tgz Upgrade to version: engine.io - 3.6.1,6.2.1 #279
CVE-2022-23541

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ jsonwebtoken-8.1.0.tgz (Vulnerable Library)

Medium 6.3 jsonwebtoken-8.1.0.tgz Upgrade to version: jsonwebtoken - 9.0.0 #258
WS-2022-0239

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/parse-url/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> gatsby-telemetry-1.10.2.tgz

     -> git-up-4.0.5.tgz

       -> ❌ parse-url-6.0.5.tgz (Vulnerable Library)

Medium 6.1 parse-url-6.0.5.tgz Upgrade to version: parse-url - 8.0.0 None
CVE-2022-3224

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/parse-url/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> gatsby-telemetry-1.10.2.tgz

     -> git-up-4.0.5.tgz

       -> ❌ parse-url-6.0.5.tgz (Vulnerable Library)

Medium 6.1 parse-url-6.0.5.tgz Upgrade to version: parse-url - 8.1.0 None
CVE-2022-0235

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/cross-fetch/node_modules/node-fetch/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> eslint-plugin-graphql-4.0.0.tgz

     -> graphql-config-3.4.1.tgz

       -> url-loader-6.10.1.tgz

         -> cross-fetch-3.1.4.tgz

           -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library)

Medium 6.1 node-fetch-2.6.1.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 #245
CVE-2022-0122

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/node-forge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ node-forge-0.7.4.tgz (Vulnerable Library)

Medium 6.1 node-forge-0.7.4.tgz Upgrade to version: node-forge - 1.0.0 #298
CVE-2022-0122

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/selfsigned/node_modules/node-forge/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.1 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #298
CVE-2020-28168

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/axios/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> google-auth-library-2.0.2.tgz

         -> ❌ axios-0.18.0.tgz (Vulnerable Library)

Medium 5.9 axios-0.18.0.tgz Upgrade to version: axios - 0.21.1 #81
CVE-2021-24033

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/react-dev-utils/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> ❌ react-dev-utils-4.2.3.tgz (Vulnerable Library)

Medium 5.6 react-dev-utils-4.2.3.tgz Upgrade to version: react-dev-utils-11.0.4 #105
CVE-2023-6460

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@google-cloud/firestore/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ firestore-0.19.0.tgz (Vulnerable Library)

Medium 5.5 firestore-0.19.0.tgz Upgrade to version: @google-cloud/firestore - 6.1.0 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/micromatch/package.json

Dependency Hierarchy:

-> gatsby-plugin-sharp-2.0.32.tgz (Root Library)

   -> imagemin-6.1.0.tgz

     -> globby-8.0.2.tgz

       -> fast-glob-2.2.6.tgz

         -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.6 None
CVE-2024-37168

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@grpc/grpc-js/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> firestore-0.19.0.tgz

     -> google-gax-0.22.1.tgz

       -> ❌ grpc-js-0.3.6.tgz (Vulnerable Library)

Medium 5.3 grpc-js-0.3.6.tgz Upgrade to version: @grpc/grpc-js - 1.8.22,1.9.15,1.10.9 None
CVE-2023-34238

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/gatsby/package.json

Dependency Hierarchy:

-> ❌ gatsby-2.32.8.tgz (Vulnerable Library)

Medium 5.3 gatsby-2.32.8.tgz Upgrade to version: gatsby - 4.25.7,5.9.1 #335
CVE-2022-33987

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/gatsby-cli/node_modules/got/package.json,/node_modules/gatsby/node_modules/package-json/node_modules/got/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> latest-version-5.1.0.tgz

     -> package-json-6.5.0.tgz

       -> ❌ got-9.6.0.tgz (Vulnerable Library)

Medium 5.3 got-9.6.0.tgz Upgrade to version: got - 11.8.5,12.1.0 #307
CVE-2022-24773

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/firebase-admin/node_modules/node-forge/package.json

Dependency Hierarchy:

-> firebase-admin-6.5.1.tgz (Root Library)

   -> ❌ node-forge-0.7.4.tgz (Vulnerable Library)

Medium 5.3 node-forge-0.7.4.tgz Upgrade to version: node-forge - 1.3.0 #288
CVE-2022-24773

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/selfsigned/node_modules/node-forge/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> webpack-dev-server-3.11.3.tgz

     -> selfsigned-1.10.14.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 5.3 node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #288
CVE-2021-32640

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@graphql-tools/url-loader/node_modules/ws/package.json

Dependency Hierarchy:

-> gatsby-2.32.8.tgz (Root Library)

   -> eslint-plugin-graphql-4.0.0.tgz

     -> graphql-config-3.4.1.tgz

       -> url-loader-6.10.1.tgz

         -> ❌ ws-7.4.5.tgz (Vulnerable Library)

Medium 5.3 ws-7.4.5.tgz Upgrade to version: 5.2.3,6.2.2,7.4.6 #122

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
WS-2019-0252 googleapis-23.0.2.tgz
CVE-2019-10744 lodash-4.17.11.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2022-1365 cross-fetch-2.2.2.tgz
CVE-2024-4128 firebase-tools-6.5.3.tgz
CVE-2023-52426 cpython-v2.7.16
CVE-2022-31129 moment-2.24.0.tgz
CVE-2020-7693 sockjs-0.3.19.tgz
CVE-2020-28481 socket.io-2.2.0.tgz
CVE-2020-8124 url-parse-1.4.4.tgz
CVE-2020-7793 ua-parser-js-0.7.18.tgz
CVE-2021-27292 ua-parser-js-0.7.18.tgz
CVE-2021-33502 normalize-url-3.3.0.tgz
CVE-2018-16487 lodash-4.17.5.tgz
CVE-2020-7660 serialize-javascript-1.6.1.tgz
CVE-2021-3820 i-0.3.6.tgz
CVE-2022-41940 engine.io-3.3.2.tgz
CVE-2020-15168 node-fetch-2.3.0.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2022-33987 got-6.7.1.tgz
CVE-2020-7608 yargs-parser-11.1.1.tgz
CVE-2021-23337 lodash-4.17.11.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2022-2421 socket.io-parser-3.3.0.tgz
CVE-2020-36048 engine.io-3.3.2.tgz
CVE-2023-45311 fsevents-1.2.7.tgz
CVE-2020-36049 socket.io-parser-3.3.0.tgz
CVE-2023-26159 follow-redirects-1.5.8.tgz
CVE-2020-7608 yargs-parser-10.1.0.tgz
CVE-2020-8203 lodash-4.17.11.tgz
CVE-2020-7733 ua-parser-js-0.7.18.tgz
CVE-2019-10744 lodash-3.10.1.tgz
WS-2020-0443 socket.io-2.2.0.tgz
CVE-2021-3807 ansi-regex-4.0.0.tgz
CVE-2020-28500 lodash-4.17.11.tgz
CVE-2020-7707 property-expr-1.5.1.tgz
CVE-2021-27290 ssri-6.0.1.tgz
CVE-2019-1010266 lodash-4.17.5.tgz
CVE-2021-23364 browserslist-4.5.4.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.5.tgz
CVE-2019-16769 serialize-javascript-1.6.1.tgz
CVE-2023-34238 gatsby-2.3.14.tgz
CVE-2023-32732 grpc-v1.20.0-pre3
CVE-2021-29059 is-svg-3.0.0.tgz
WS-2018-0148 utile-0.3.0.tgz
CVE-2020-15168 node-fetch-2.1.2.tgz
CVE-2023-45853 node-v11.9.0
CVE-2020-28498 elliptic-6.4.1.tgz
WS-2020-0368 node-v11.9.0
CVE-2018-16487 lodash-3.10.1.tgz
CVE-2020-13822 elliptic-6.4.1.tgz
CVE-2020-28500 lodash-4.17.5.tgz
CVE-2022-0512 url-parse-1.4.4.tgz
CVE-2017-16137 debug-4.1.1.tgz
WS-2020-0091 http-proxy-1.16.2.tgz
WS-2020-0042 acorn-5.7.3.tgz
CVE-2022-37434 node-v11.9.0
CVE-2021-3805 object-path-0.11.4.tgz
CVE-2022-0686 url-parse-1.4.4.tgz
CVE-2022-24999 qs-6.4.0.tgz
CVE-2024-29415 ip-1.1.5.tgz
CVE-2017-16137 debug-3.2.6.tgz
CVE-2020-4038 graphql-playground-html-1.6.12.tgz
CVE-2020-7608 yargs-parser-7.0.0.tgz
CVE-2018-3721 lodash-3.10.1.tgz
CVE-2022-25883 semver-5.5.1.tgz
CVE-2021-23368 postcss-7.0.14.tgz
CVE-2020-15256 object-path-0.11.4.tgz
CVE-2022-0235 node-fetch-2.1.2.tgz
CVE-2020-1971 grpc-swift-0.8.1
CVE-2022-24999 qs-6.5.1.tgz
WS-2019-0424 elliptic-6.4.1.tgz
CVE-2022-46175 json5-2.1.0.tgz
CVE-2022-24785 moment-2.24.0.tgz
CVE-2024-28849 follow-redirects-1.5.8.tgz
CVE-2022-1650 eventsource-1.0.7.tgz
MSC-2023-16598 fsevents-1.2.7.tgz
CVE-2020-28500 lodash-3.10.1.tgz
CVE-2021-27515 url-parse-1.4.4.tgz
CVE-2022-0691 url-parse-1.4.4.tgz
CVE-2020-8203 lodash-4.17.5.tgz
CVE-2020-36632 flat-4.1.0.tgz
CVE-2022-0536 follow-redirects-1.5.8.tgz
CVE-2022-0639 url-parse-1.4.4.tgz
CVE-2022-0235 node-fetch-2.3.0.tgz
CVE-2022-25912 simple-git-1.110.0.tgz
CVE-2021-28092 is-svg-3.0.0.tgz
CVE-2018-25032 node-v11.9.0
CVE-2021-3664 url-parse-1.4.4.tgz
CVE-2019-1010266 lodash-3.10.1.tgz
WS-2020-0042 acorn-6.1.1.tgz
CVE-2020-7608 yargs-parser-9.0.2.tgz
CVE-2023-32731 grpc-v1.20.0-pre3
CVE-2021-23337 lodash-3.10.1.tgz
CVE-2024-27088 es5-ext-0.10.49.tgz
CVE-2022-25883 semver-5.5.0.tgz
WS-2019-0427 elliptic-6.4.1.tgz
CVE-2022-24433 simple-git-1.110.0.tgz
CVE-2019-10744 lodash-4.17.5.tgz
CVE-2021-23337 lodash-4.17.5.tgz
CVE-2022-25858 terser-3.17.0.tgz
CVE-2022-37603 loader-utils-1.2.3.tgz
CVE-2022-0155 follow-redirects-1.5.8.tgz
CVE-2020-4038 graphql-playground-middleware-express-1.7.12.tgz
CVE-2021-32640 ws-6.1.4.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.5.tgz
CVE-2021-23382 postcss-7.0.14.tgz
CVE-2021-23434 object-path-0.11.4.tgz
WS-2019-0307 mem-1.1.0.tgz
CVE-2023-45133 traverse-7.1.0.tgz
CVE-2023-46234 browserify-sign-4.0.4.tgz
CVE-2019-15657 eslint-utils-1.3.1.tgz
WS-2020-0091 http-proxy-1.17.0.tgz
CVE-2023-52425 cpython-v2.7.16
CVE-2022-25883 semver-5.7.0.tgz
CVE-2022-24066 simple-git-1.110.0.tgz
CVE-2022-37601 loader-utils-1.2.3.tgz
CVE-2020-7662 websocket-extensions-0.1.1.tgz
CVE-2020-8203 lodash-3.10.1.tgz
CVE-2023-33953 grpc-v1.20.0-pre3
CVE-2023-42282 ip-1.1.5.tgz

Base branch total remaining vulnerabilities: 197
Base branch commit: null


Total libraries scanned: 2131

Scan token: f045ccf5663b4fc1872a3d9999b257a5

View more details on Mend Bolt for GitHub