Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #297

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & package-lock.json to reduce vulnerabilities

777ae68
Select commit
Failed to load commit list.
Open

[Snyk] Fix for 1 vulnerabilities #297

fix: package.json & package-lock.json to reduce vulnerabilities
777ae68
Select commit
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 27, 2023 in 2h 1m 6s

Security Report

You have successfully remediated 67 vulnerabilities, but introduced 25 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2021-0153

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> webpack-cli-4.0.0.tgz (Root Library)

   -> init-1.1.3.tgz

     -> generators-1.3.1.tgz

       -> yeoman-environment-2.10.3.tgz

         -> mem-fs-editor-6.0.0.tgz

           -> ❌ ejs-2.7.4.tgz (Vulnerable Library)

Critical 9.8 ejs-2.7.4.tgz Upgrade to version: ejs - 3.1.6 #245
CVE-2022-29078

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> webpack-cli-4.0.0.tgz (Root Library)

   -> init-1.1.3.tgz

     -> generators-1.3.1.tgz

       -> yeoman-environment-2.10.3.tgz

         -> mem-fs-editor-6.0.0.tgz

           -> ❌ ejs-2.7.4.tgz (Vulnerable Library)

Critical 9.8 ejs-2.7.4.tgz Upgrade to version: ejs - v3.1.7 None
CVE-2020-7774

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/cacache/node_modules/y18n/package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> uglifyjs-webpack-plugin-1.3.0.tgz

     -> cacache-10.0.4.tgz

       -> ❌ y18n-4.0.0.tgz (Vulnerable Library)

Critical 9.8 y18n-4.0.0.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 #166
CVE-2020-13822

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> node-libs-browser-2.1.0.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.0.4.tgz

         -> ❌ elliptic-6.4.1.tgz (Vulnerable Library)

High 7.7 elliptic-6.4.1.tgz Upgrade to version: v6.5.3 #131
WS-2021-0152

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/color/node_modules/color-string/package.json

Dependency Hierarchy:

-> cssnano-4.1.0.tgz (Root Library)

   -> cssnano-preset-default-4.0.0.tgz

     -> postcss-colormin-4.0.1.tgz

       -> color-3.0.0.tgz

         -> ❌ color-string-1.5.3.tgz (Vulnerable Library)

High 7.5 color-string-1.5.3.tgz Upgrade to version: color-string - 1.5.5 #231
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/body-parser/node_modules/qs/package.json

Dependency Hierarchy:

-> body-parser-1.18.3.tgz (Root Library)

   -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #292
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/pretty-format/node_modules/ansi-regex/package.json

Dependency Hierarchy:

-> lint-staged-7.2.2.tgz (Root Library)

   -> jest-validate-23.5.0.tgz

     -> pretty-format-23.5.0.tgz

       -> ❌ ansi-regex-3.0.0.tgz (Vulnerable Library)

High 7.5 ansi-regex-3.0.0.tgz Upgrade to version: ansi-regex - 5.0.1,6.0.1 #247
CVE-2021-29059

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/is-svg/package.json

Dependency Hierarchy:

-> cssnano-4.1.0.tgz (Root Library)

   -> cssnano-preset-default-4.0.0.tgz

     -> postcss-svgo-4.0.0.tgz

       -> ❌ is-svg-3.0.0.tgz (Vulnerable Library)

High 7.5 is-svg-3.0.0.tgz Upgrade to version: is-svg - 4.3.0 #237
CVE-2021-28092

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/is-svg/package.json

Dependency Hierarchy:

-> cssnano-4.1.0.tgz (Root Library)

   -> cssnano-preset-default-4.0.0.tgz

     -> postcss-svgo-4.0.0.tgz

       -> ❌ is-svg-3.0.0.tgz (Vulnerable Library)

High 7.5 is-svg-3.0.0.tgz Upgrade to version: v4.2.2 #208
CVE-2021-27290

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ssri/package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> uglifyjs-webpack-plugin-1.3.0.tgz

     -> cacache-10.0.4.tgz

       -> ❌ ssri-5.3.0.tgz (Vulnerable Library)

High 7.5 ssri-5.3.0.tgz Upgrade to version: ssri - 6.0.2,7.1.1,8.0.1 #204
CVE-2021-23382

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Dependency Hierarchy:

-> css-loader-1.0.0.tgz (Root Library)

   -> ❌ postcss-6.0.23.tgz (Vulnerable Library)

High 7.5 postcss-6.0.23.tgz Upgrade to version: postcss - 8.2.13 #206
CVE-2021-23382

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss-loader/node_modules/postcss/package.json

Dependency Hierarchy:

-> postcss-loader-3.0.0.tgz (Root Library)

   -> ❌ postcss-7.0.2.tgz (Vulnerable Library)

High 7.5 postcss-7.0.2.tgz Upgrade to version: postcss - 8.2.13 #206
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/underscore/package.json

Dependency Hierarchy:

-> sitemap-1.13.0.tgz (Root Library)

   -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

High 7.2 underscore-1.7.0.tgz Upgrade to version: underscore - 1.12.1,1.13.0-2 #207
CVE-2020-28498

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> node-libs-browser-2.1.0.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.0.4.tgz

         -> ❌ elliptic-6.4.1.tgz (Vulnerable Library)

Medium 6.8 elliptic-6.4.1.tgz Upgrade to version: v6.5.4 #179
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

-> node-sass-6.0.1.tgz (Root Library)

   -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 request-2.88.2.tgz #296
WS-2019-0427

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> node-libs-browser-2.1.0.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.0.4.tgz

         -> ❌ elliptic-6.4.1.tgz (Vulnerable Library)

Medium 5.9 elliptic-6.4.1.tgz Upgrade to version: v6.5.2 #167
WS-2019-0424

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/elliptic/package.json

Dependency Hierarchy:

-> webpack-4.17.1.tgz (Root Library)

   -> node-libs-browser-2.1.0.tgz

     -> crypto-browserify-3.12.0.tgz

       -> browserify-sign-4.0.4.tgz

         -> ❌ elliptic-6.4.1.tgz (Vulnerable Library)

Medium 5.9 elliptic-6.4.1.tgz Upgrade to version: GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105;Romano.Vue - 1.0.1;org.webjars.npm:elliptic - 6.5.4,6.3.3;VueJS.NetCore - 1.1.1;elliptic - 6.5.3;Indianadavy.VueJsWebAPITemplate.CSharp - 1.0.1;NorDroN.AngularTemplate - 0.1.6;CoreVueWebTest - 3.0.101;dotnetng.template - 1.0.0.4;Fable.Template.Elmish.React - 0.1.6 #114
CVE-2023-26115

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/word-wrap/package.json

Dependency Hierarchy:

-> eslint-7.0.0.tgz (Root Library)

   -> optionator-0.9.1.tgz

     -> ❌ word-wrap-1.2.3.tgz (Vulnerable Library)

Medium 5.3 word-wrap-1.2.3.tgz None
CVE-2022-33987

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/gh-got/node_modules/got/package.json

Dependency Hierarchy:

-> webpack-cli-4.0.0.tgz (Root Library)

   -> init-1.1.3.tgz

     -> generators-1.3.1.tgz

       -> yeoman-generator-4.13.0.tgz

         -> github-username-3.0.0.tgz

           -> gh-got-5.0.0.tgz

             -> ❌ got-6.7.1.tgz (Vulnerable Library)

Medium 5.3 got-6.7.1.tgz Upgrade to version: got - 11.8.5,12.1.0 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@babel/helper-create-class-features-plugin/node_modules/semver/package.json,/node_modules/@babel/helper-compilation-targets/node_modules/semver/package.json,/node_modules/yeoman-generator/node_modules/make-dir/node_modules/semver/package.json,/node_modules/editions/node_modules/semver/package.json,/node_modules/@babel/core/node_modules/semver/package.json

Dependency Hierarchy:

-> webpack-cli-4.0.0.tgz (Root Library)

   -> init-1.1.3.tgz

     -> generators-1.3.1.tgz

       -> yeoman-generator-4.13.0.tgz

         -> istextorbinary-2.6.0.tgz

           -> editions-2.3.1.tgz

             -> ❌ semver-6.3.0.tgz (Vulnerable Library)

Medium 5.3 semver-6.3.0.tgz Upgrade to version: semver - 7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> babel-preset-env-1.7.0.tgz (Root Library)

   -> ❌ semver-5.5.0.tgz (Vulnerable Library)

Medium 5.3 semver-5.5.0.tgz Upgrade to version: semver - 7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@babel/register/node_modules/semver/package.json,/node_modules/yeoman-generator/node_modules/cross-spawn/node_modules/semver/package.json

Dependency Hierarchy:

-> webpack-cli-4.0.0.tgz (Root Library)

   -> init-1.1.3.tgz

     -> generators-1.3.1.tgz

       -> yeoman-generator-4.13.0.tgz

         -> cross-spawn-6.0.5.tgz

           -> ❌ semver-5.7.1.tgz (Vulnerable Library)

Medium 5.3 semver-5.7.1.tgz Upgrade to version: semver - 7.5.2 None
CVE-2021-32640

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ws/package.json

Dependency Hierarchy:

-> ❌ ws-6.0.0.tgz (Vulnerable Library)

Medium 5.3 ws-6.0.0.tgz Upgrade to version: 5.2.3,6.2.2,7.4.6 #229
CVE-2021-29060

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/color/node_modules/color-string/package.json

Dependency Hierarchy:

-> cssnano-4.1.0.tgz (Root Library)

   -> cssnano-preset-default-4.0.0.tgz

     -> postcss-colormin-4.0.1.tgz

       -> color-3.0.0.tgz

         -> ❌ color-string-1.5.3.tgz (Vulnerable Library)

Medium 5.3 color-string-1.5.3.tgz Upgrade to version: color-string - 1.5.5 #233
CVE-2021-23368

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss-loader/node_modules/postcss/package.json

Dependency Hierarchy:

-> postcss-loader-3.0.0.tgz (Root Library)

   -> ❌ postcss-7.0.2.tgz (Vulnerable Library)

Medium 5.3 postcss-7.0.2.tgz Upgrade to version: postcss -8.2.10 #210

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-37713 tar-4.4.9.tgz
CVE-2018-20821 node-sass-4.9.3.tgz
CVE-2018-11698 node-sass-4.9.3.tgz
CVE-2021-32803 tar-2.2.2.tgz
CVE-2019-6283 node-sass-v4.9.0
CVE-2018-11698 node-sass-v4.9.0
CVE-2018-11499 node-sass-v4.9.0
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2018-11696 node-sass-v4.9.0
CVE-2018-20190 node-sass-v4.9.0
CVE-2021-37701 tar-4.4.9.tgz
CVE-2018-20822 node-sass-4.9.3.tgz
CVE-2018-11693 node-sass-v4.9.0
CVE-2019-6286 node-sass-4.9.3.tgz
CVE-2018-11694 node-sass-v4.9.0
CVE-2021-32803 tar-4.4.9.tgz
CVE-2019-13173 fstream-1.0.11.tgz
CVE-2022-37598 uglify-js-3.6.0.tgz
CVE-2020-7608 yargs-parser-10.1.0.tgz
CVE-2019-6284 node-sass-4.9.3.tgz
CVE-2022-21191 global-modules-path-2.1.0.tgz
CVE-2018-11697 node-sass-4.9.3.tgz
CVE-2018-20821 node-sass-v4.9.0
CVE-2018-11697 node-sass-v4.9.0
CVE-2018-11696 node-sass-4.9.3.tgz
CVE-2018-19838 node-sass-v4.9.0
CVE-2018-11697 CSS::Sass-v3.4.12
CVE-2018-19827 node-sass-4.9.3.tgz
CVE-2021-37701 tar-2.2.2.tgz
CVE-2019-6283 node-sass-4.9.3.tgz
CVE-2023-28155 request-2.87.0.tgz
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2018-19839 CSS::Sass-v3.4.12
CVE-2020-7598 minimist-1.2.0.tgz
CVE-2018-11693 node-sass-4.9.3.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2020-7608 yargs-parser-5.0.0.tgz
CVE-2019-6284 node-sass-v4.9.0
CVE-2018-19837 node-sass-4.9.3.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2018-19827 node-sass-v4.9.0
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2018-19837 node-sass-v4.9.0
CVE-2019-18797 node-sass-4.9.3.tgz
CVE-2018-19839 node-sass-4.9.3.tgz
CVE-2019-15599 tree-kill-1.2.0.tgz
CVE-2021-37712 tar-4.4.9.tgz
CVE-2021-32804 tar-4.4.9.tgz
CVE-2018-19838 node-sass-4.9.3.tgz
CVE-2018-19797 node-sass-v4.9.0
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2019-0605 node-sass-v4.9.0
CVE-2018-11694 node-sass-4.9.3.tgz
CVE-2019-6286 node-sass-v4.9.0
CVE-2018-20822 node-sass-v4.9.0
CVE-2021-44906 minimist-1.2.0.tgz
WS-2019-0307 mem-1.1.0.tgz
CVE-2021-37712 tar-2.2.2.tgz
CVE-2021-37713 tar-2.2.2.tgz
CVE-2020-24025 node-sass-4.9.3.tgz
WS-2019-0180 lodash.mergewith-4.6.1.tgz
CVE-2018-11499 node-sass-4.9.3.tgz
CVE-2021-32804 tar-2.2.2.tgz
CVE-2018-20190 node-sass-4.9.3.tgz
CVE-2019-18797 node-sass-v4.9.0
CVE-2019-10744 lodash.mergewith-4.6.1.tgz
CVE-2018-19797 node-sass-4.9.3.tgz

Base branch total remaining vulnerabilities: 141
Base branch commit: null


Total libraries scanned: 1559

Scan token: 6076987321a94b499e7c9ee384f767da

View more details on Mend Bolt for GitHub