Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auto Compress Images #535

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

[pre-commit.ci] auto fixes from pre-commit.com hooks

b2ad14a
Select commit
Loading
Failed to load commit list.
Open

Auto Compress Images #535

[pre-commit.ci] auto fixes from pre-commit.com hooks
b2ad14a
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jan 5, 2025 in 2m 34s

Security Report

You have successfully remediated 65 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-51479

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/next/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> ❌ next-11.1.4.tgz (Vulnerable Library)

High 7.5 next-11.1.4.tgz Upgrade to version: next - 14.2.15 None
CVE-2024-47831

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/next/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> ❌ next-11.1.4.tgz (Vulnerable Library)

Medium 5.9 next-11.1.4.tgz Upgrade to version: next - 14.2.7 None
CVE-2022-23646

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/next/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> ❌ next-11.1.4.tgz (Vulnerable Library)

Medium 5.9 next-11.1.4.tgz Upgrade to version: next - 12.1.0 #309
CVE-2024-47764

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/cookie/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> universal-cookie-4.0.4.tgz

     -> ❌ cookie-0.4.2.tgz (Vulnerable Library)

Medium 5.3 cookie-0.4.2.tgz Upgrade to version: cookie - 0.7.0 None
CVE-2023-44270

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/postcss/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> next-11.1.4.tgz

     -> ❌ postcss-8.2.15.tgz (Vulnerable Library)

Medium 5.3 postcss-8.2.15.tgz Upgrade to version: postcss - 8.4.31 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2018-16487 lodash-2.4.2.tgz
CVE-2022-2216 parse-url-6.0.0.tgz
WS-2022-0238 parse-url-6.0.0.tgz
CVE-2021-43803 next-11.1.2.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2024-48949 elliptic-6.5.4.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2022-0144 shelljs-0.8.4.tgz
CVE-2021-3795 semver-regex-1.0.0.tgz
CVE-2023-37920 certifi-2021.10.8-py2.py3-none-any.whl
CVE-2020-28500 lodash-2.4.2.tgz
CVE-2024-37891 urllib3-1.26.7-py2.py3-none-any.whl
CVE-2022-46175 json5-1.0.1.tgz
CVE-2024-28176 jose-2.0.5.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2023-45803 urllib3-1.26.7-py2.py3-none-any.whl
CVE-2022-0624 parse-path-4.0.3.tgz
CVE-2024-55565 nanoid-3.1.30.tgz
CVE-2022-0722 parse-url-6.0.0.tgz
WS-2022-0239 parse-url-6.0.0.tgz
CVE-2021-43308 markdown-link-extractor-1.3.0.tgz
CVE-2022-25883 semver-7.3.5.tgz
CVE-2022-2900 parse-url-6.0.0.tgz
CVE-2024-28863 tar-6.1.11.tgz
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2021-23358 underscore-1.6.0.tgz
WS-2022-0237 parse-url-6.0.0.tgz
CVE-2022-21803 nconf-0.10.0.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2020-8203 lodash-2.4.2.tgz
CVE-2022-24065 cookiecutter-1.7.3-py2.py3-none-any.whl
CVE-2022-3224 parse-url-6.0.0.tgz
CVE-2021-43307 semver-regex-1.0.0.tgz
CVE-2022-25883 semver-6.3.0.tgz
CVE-2024-39689 certifi-2021.10.8-py2.py3-none-any.whl
CVE-2022-24999 qs-6.10.1.tgz
CVE-2024-21538 cross-spawn-6.0.5.tgz
CVE-2021-23337 lodash-2.4.2.tgz
CVE-2020-7753 trim-0.0.1.tgz
CVE-2022-33987 got-9.6.0.tgz
CVE-2023-43804 urllib3-1.26.7-py2.py3-none-any.whl
CVE-2024-48948 elliptic-6.5.4.tgz
CVE-2021-23566 nanoid-3.1.30.tgz
CVE-2022-21670 markdown-it-12.0.4.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2022-0235 node-fetch-2.6.6.tgz
CVE-2022-23646 next-11.1.2.tgz
CVE-2022-2218 parse-url-6.0.0.tgz
CVE-2024-47764 cookie-0.4.1.tgz
CVE-2022-36083 jose-2.0.5.tgz
CVE-2022-23491 certifi-2021.10.8-py2.py3-none-any.whl
CVE-2022-25883 semver-5.7.1.tgz
CVE-2024-51479 next-11.1.2.tgz
CVE-2023-44270 postcss-7.0.39.tgz
CVE-2024-47831 next-11.1.2.tgz
CVE-2024-21538 cross-spawn-7.0.3.tgz
CVE-2019-1010266 lodash-2.4.2.tgz
CVE-2024-37890 ws-7.5.6.tgz
CVE-2022-33987 got-11.8.3.tgz
CVE-2018-3721 lodash-2.4.2.tgz
CVE-2022-2217 parse-url-6.0.0.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2022-0235 node-fetch-2.6.1.tgz
CVE-2019-10744 lodash-2.4.2.tgz

Base branch total remaining vulnerabilities: 71
Base branch commit: null


Total libraries scanned: 516

Scan token: a78d26bd94f34d36949ee93e6e2d16b8

View more details on Mend Bolt for GitHub