Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⬆️ Updates @vercel/node to v5 #1151

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

:arrow_up: Updates @vercel/node to v5

0364a27
Select commit
Loading
Failed to load commit list.
Open

⬆️ Updates @vercel/node to v5 #1151

:arrow_up: Updates @vercel/node to v5
0364a27
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Dec 13, 2024 in 2m 14s

Security Report

You have successfully remediated 70 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-47831

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/next/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> ❌ next-11.1.4.tgz (Vulnerable Library)

Medium 5.9 next-11.1.4.tgz Upgrade to version: next - 14.2.7 None
CVE-2022-23646

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/next/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> ❌ next-11.1.4.tgz (Vulnerable Library)

Medium 5.9 next-11.1.4.tgz Upgrade to version: next - 12.1.0 #983
CVE-2024-47764

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/cookie/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> universal-cookie-4.0.4.tgz

     -> ❌ cookie-0.4.2.tgz (Vulnerable Library)

Medium 5.3 cookie-0.4.2.tgz Upgrade to version: cookie - 0.7.0 None
CVE-2023-44270

Path to dependency file: /tilt_modules/tilt_inspector/package.json

Path to vulnerable library: /tilt_modules/tilt_inspector/node_modules/postcss/package.json

Dependency Hierarchy:

-> tilt-inspector-0.1.8.tgz (Root Library)

   -> next-11.1.4.tgz

     -> ❌ postcss-8.2.15.tgz (Vulnerable Library)

Medium 5.3 postcss-8.2.15.tgz Upgrade to version: postcss - 8.4.31 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2018-16487 lodash-2.4.2.tgz
CVE-2021-43803 next-11.1.2.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2024-48949 elliptic-6.5.4.tgz
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2022-0144 shelljs-0.8.4.tgz
CVE-2021-3795 semver-regex-1.0.0.tgz
CVE-2015-9251 jquery-1.9.1.js
CVE-2024-29415 ip-1.1.5.tgz
CVE-2020-11022 jquery-1.9.1.js
CVE-2020-28500 lodash-2.4.2.tgz
CVE-2022-24785 moment-2.29.1.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2024-28176 jose-2.0.5.tgz
CVE-2021-23566 nanoid-3.1.25.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2022-33987 got-11.8.2.tgz
CVE-2021-43308 markdown-link-extractor-1.3.0.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2019-11358 jquery-1.9.1.js
CVE-2022-25883 semver-7.3.5.tgz
CVE-2024-28863 tar-6.1.11.tgz
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2021-23358 underscore-1.6.0.tgz
CVE-2012-6708 jquery-1.8.1.min.js
WS-2022-0280 moment-timezone-0.5.33.tgz
CVE-2020-7656 jquery-1.8.1.min.js
CVE-2020-8203 lodash-2.4.2.tgz
CVE-2021-43307 semver-regex-1.0.0.tgz
CVE-2022-25883 semver-6.3.0.tgz
CVE-2024-21538 cross-spawn-6.0.5.tgz
CVE-2023-45133 traverse-7.15.0.tgz
CVE-2021-23337 lodash-2.4.2.tgz
CVE-2021-3807 ansi-regex-5.0.0.tgz
CVE-2020-7753 trim-0.0.1.tgz
CVE-2022-33987 got-9.6.0.tgz
CVE-2021-3795 semver-regex-3.1.2.tgz
CVE-2024-48948 elliptic-6.5.4.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
CVE-2021-43307 semver-regex-3.1.2.tgz
CVE-2022-23646 next-11.1.2.tgz
CVE-2024-47764 cookie-0.4.1.tgz
CVE-2022-36083 jose-2.0.5.tgz
CVE-2024-55565 nanoid-3.1.25.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2022-31129 moment-2.29.1.tgz
CVE-2020-11023 jquery-1.8.1.min.js
CVE-2022-31051 semantic-release-17.4.4.tgz
CVE-2024-47831 next-11.1.2.tgz
CVE-2024-21538 cross-spawn-7.0.3.tgz
CVE-2019-1010266 lodash-2.4.2.tgz
CVE-2021-43138 async-3.2.1.tgz
WS-2022-0284 moment-timezone-0.5.33.tgz
CVE-2024-45390 template-1.0.0.tgz
CVE-2020-11023 jquery-1.9.1.js
CVE-2018-3721 lodash-2.4.2.tgz
CVE-2021-3777 tmpl-1.0.4.tgz
CVE-2024-37890 ws-7.5.4.tgz
CVE-2023-26136 tough-cookie-4.0.0.tgz
CVE-2015-9251 jquery-1.8.1.min.js
CVE-2022-29244 npm-7.21.1.tgz
CVE-2023-42282 ip-1.1.5.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2022-0235 node-fetch-2.6.1.tgz
CVE-2020-11022 jquery-1.8.1.min.js
CVE-2021-23425 trim-off-newlines-1.0.1.tgz
CVE-2019-10744 lodash-2.4.2.tgz

Base branch total remaining vulnerabilities: 76
Base branch commit: null


Total libraries scanned: 450

Scan token: 260180dd40ec435ba961d6bea699b3a4

View more details on Mend Bolt for GitHub