Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade mongoose from 5.13.22 to 8.8.3 #30

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json to reduce vulnerabilities

5c71a02
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade mongoose from 5.13.22 to 8.8.3 #30

fix: package.json to reduce vulnerabilities
5c71a02
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Dec 4, 2024 in 1m 27s

Security Report

You have successfully remediated 39 vulnerabilities, but introduced 7 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/optimist/node_modules/minimist/package.json

Dependency Hierarchy:

-> email-templates-3.6.1.tgz (Root Library)

   -> html-to-text-4.0.0.tgz

     -> optimist-0.6.1.tgz

       -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Critical 9.8 minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-base64-image/node_modules/lodash/package.json

Dependency Hierarchy:

-> node-base64-image-1.0.7.tgz (Root Library)

   -> ❌ lodash-4.17.13.tgz (Vulnerable Library)

High 7.4 lodash-4.17.13.tgz Upgrade to version: lodash - 4.17.19 None
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-base64-image/node_modules/lodash/package.json

Dependency Hierarchy:

-> node-base64-image-1.0.7.tgz (Root Library)

   -> ❌ lodash-4.17.13.tgz (Vulnerable Library)

High 7.2 lodash-4.17.13.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 None
CVE-2021-21353

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/pug/package.json

Dependency Hierarchy:

-> email-templates-3.6.1.tgz (Root Library)

   -> preview-email-0.0.7.tgz

     -> ❌ pug-2.0.4.tgz (Vulnerable Library)

Medium 6.8 pug-2.0.4.tgz Upgrade to version: pug -3.0.1, pug-code-gen-2.0.3, pug-code-gen-3.0.2 None
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/optimist/node_modules/minimist/package.json

Dependency Hierarchy:

-> email-templates-3.6.1.tgz (Root Library)

   -> html-to-text-4.0.0.tgz

     -> optimist-0.6.1.tgz

       -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Medium 5.6 minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-base64-image/node_modules/lodash/package.json

Dependency Hierarchy:

-> node-base64-image-1.0.7.tgz (Root Library)

   -> ❌ lodash-4.17.13.tgz (Vulnerable Library)

Medium 5.3 lodash-4.17.13.tgz Upgrade to version: lodash - 4.17.21 None
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/underscore/package.json

Dependency Hierarchy:

-> email-templates-3.6.1.tgz (Root Library)

   -> i18n-0.2.0.tgz

     -> country-language-0.1.7.tgz

       -> ❌ underscore-1.7.0.tgz (Vulnerable Library)

Low 3.3 underscore-1.7.0.tgz Upgrade to version: underscore - 1.12.1,1.13.0-2 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2019-10744 lodash-4.17.11.tgz
CVE-2017-16137 debug-3.2.6.tgz
CVE-2021-21353 pug-2.0.3.tgz
CVE-2022-31129 moment-2.24.0.tgz
CVE-2019-17426 mongoose-5.6.0.tgz
CVE-2020-28500 lodash-4.17.11.tgz
CVE-2020-7598 minimist-1.2.0.tgz
CVE-2024-43799 send-0.17.1.tgz
CVE-2019-2391 bson-1.1.1.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2020-15366 ajv-6.10.0.tgz
CVE-2021-21353 pug-code-gen-2.0.1.tgz
CVE-2020-7610 bson-1.1.1.tgz
CVE-2022-24785 moment-2.24.0.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2020-7598 minimist-0.0.8.tgz
WS-2017-3772 underscore.string-3.3.5.tgz
CVE-2022-2564 mongoose-5.6.0.tgz
CVE-2021-43138 async-2.6.2.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2021-44906 minimist-1.2.0.tgz
CVE-2020-7689 node.bcrypt.js
CVE-2024-47764 cookie-0.4.0.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2024-45590 body-parser-1.19.0.tgz
CVE-2022-25883 semver-5.7.0.tgz
CVE-2021-23337 lodash-4.17.11.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2021-23438 mpath-0.6.0.tgz
CVE-2020-35149 mquery-3.2.1.tgz
CVE-2024-29041 express-4.17.1.tgz
CVE-2024-43800 serve-static-1.14.1.tgz
CVE-2019-10744 lodash.merge-4.6.1.tgz
CVE-2022-31106 underscore.deep-0.5.1.tgz
CVE-2024-43796 express-4.17.1.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2021-44906 minimist-0.0.8.tgz
CVE-2020-8203 lodash-4.17.11.tgz
CVE-2022-3517 minimatch-3.0.4.tgz

Base branch total remaining vulnerabilities: 60
Base branch commit: null


Total libraries scanned: 396

Scan token: 9ae33baf5ede4c7f8571b661963d814e

View more details on Mend Bolt for GitHub