Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #23

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json to reduce vulnerabilities

05858bc
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Fix for 1 vulnerabilities #23

fix: package.json to reduce vulnerabilities
05858bc
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Feb 2, 2024 in 6m 12s

Security Report

You have successfully remediated 33 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-base64-image/node_modules/lodash/package.json

Dependency Hierarchy:

-> node-base64-image-1.0.7.tgz (Root Library)

   -> ❌ lodash-4.17.13.tgz (Vulnerable Library)

High 7.4 lodash-4.17.13.tgz Upgrade to version: lodash - 4.17.19 None
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-base64-image/node_modules/lodash/package.json

Dependency Hierarchy:

-> node-base64-image-1.0.7.tgz (Root Library)

   -> ❌ lodash-4.17.13.tgz (Vulnerable Library)

High 7.2 lodash-4.17.13.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 None
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-base64-image/node_modules/lodash/package.json

Dependency Hierarchy:

-> node-base64-image-1.0.7.tgz (Root Library)

   -> ❌ lodash-4.17.13.tgz (Vulnerable Library)

Medium 5.3 lodash-4.17.13.tgz Upgrade to version: lodash - 4.17.21 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-3803 nth-check-1.0.2.tgz
CVE-2019-10744 lodash-4.17.11.tgz
CVE-2021-21353 pug-2.0.3.tgz
CVE-2022-31129 moment-2.24.0.tgz
CVE-2019-17426 mongoose-5.6.0.tgz
CVE-2020-28500 lodash-4.17.11.tgz
CVE-2020-7598 minimist-1.2.0.tgz
CVE-2019-2391 bson-1.1.1.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2020-7769 nodemailer-4.7.0.tgz
CVE-2020-15366 ajv-6.10.0.tgz
CVE-2021-21353 pug-code-gen-2.0.1.tgz
CVE-2020-7610 bson-1.1.1.tgz
CVE-2022-24785 moment-2.24.0.tgz
CVE-2021-23400 nodemailer-4.7.0.tgz
CVE-2020-7598 minimist-0.0.8.tgz
CVE-2022-2564 mongoose-5.6.0.tgz
CVE-2021-43138 async-2.6.2.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2021-44906 minimist-1.2.0.tgz
CVE-2020-7689 node.bcrypt.js
CVE-2022-24999 qs-6.5.2.tgz
CVE-2022-25883 semver-5.7.0.tgz
CVE-2021-23337 lodash-4.17.11.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2021-23438 mpath-0.6.0.tgz
CVE-2020-35149 mquery-3.2.1.tgz
CVE-2019-10744 lodash.merge-4.6.1.tgz
CVE-2022-31106 underscore.deep-0.5.1.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2021-44906 minimist-0.0.8.tgz
CVE-2020-8203 lodash-4.17.11.tgz
CVE-2022-3517 minimatch-3.0.4.tgz

Base branch total remaining vulnerabilities: 49
Base branch commit: null


Total libraries scanned: 417

Scan token: 374cef31586a41d3b2e04c698df3416e

View more details on Mend Bolt for GitHub