Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update dependency @types/zkochan__table to v6.3.2 #10

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

chore(deps): update dependency @types/zkochan__table to v6.3.2

9b8f44e
Select commit
Loading
Failed to load commit list.
Open

chore(deps): update dependency @types/zkochan__table to v6.3.2 #10

chore(deps): update dependency @types/zkochan__table to v6.3.2
9b8f44e
Select commit
Loading
Failed to load commit list.
Mend/5034428 / Mend Security Check failed Oct 19, 2024 in 2m 12s

Security Report

The Security Check found 23 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue
CVE-2023-42282

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> npm-registry-agent-5.0.0.tgz (Root Library)

   -> socks-proxy-agent-5.0.1.tgz

     -> socks-2.6.1.tgz

       -> ❌ ip-1.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.1% ip-1.1.5.tgz Upgrade to version: ip - 1.1.9,2.0.1 None
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> write-project-manifest-2.0.4.tgz (Root Library)

   -> json5-2.2.0.tgz

     -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 3.5% minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2024-29415

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> npm-registry-agent-5.0.0.tgz (Root Library)

   -> socks-proxy-agent-5.0.1.tgz

     -> socks-2.6.1.tgz

       -> ❌ ip-1.1.5.tgz (Vulnerable Library)

Critical 9.1 Not Defined ip-1.1.5.tgz None
CVE-2022-26183

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ pnpm-6.11.5.tgz (Vulnerable Library)

High 8.8 Not Defined 0.3% pnpm-6.11.5.tgz Upgrade to version: pnpm - 6.15.1 None
CVE-2021-37713

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lifecycle-11.0.4.tgz (Root Library)

   -> npm-lifecycle-5.1.2.tgz

     -> node-gyp-8.1.0.tgz

       -> ❌ tar-6.1.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.1% tar-6.1.1.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 None
CVE-2021-37712

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lifecycle-11.0.4.tgz (Root Library)

   -> npm-lifecycle-5.1.2.tgz

     -> node-gyp-8.1.0.tgz

       -> ❌ tar-6.1.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.1% tar-6.1.1.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 None
CVE-2021-37701

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lifecycle-11.0.4.tgz (Root Library)

   -> npm-lifecycle-5.1.2.tgz

     -> node-gyp-8.1.0.tgz

       -> ❌ tar-6.1.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.1% tar-6.1.1.tgz Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 None
CVE-2021-32803

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lifecycle-11.0.4.tgz (Root Library)

   -> npm-lifecycle-5.1.2.tgz

     -> node-gyp-8.1.0.tgz

       -> ❌ tar-6.1.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.70000005% tar-6.1.1.tgz Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> filter-workspace-packages-4.1.7.tgz (Root Library)

   -> micromatch-4.0.4.tgz

     -> ❌ braces-3.0.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% braces-3.0.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ cafs-3.0.7.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% cafs-3.0.7.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2022-3517

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-7.31.0.tgz (Root Library)

   -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-7.31.0.tgz (Root Library)

   -> strip-ansi-6.0.0.tgz

     -> ❌ ansi-regex-5.0.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% ansi-regex-5.0.0.tgz Upgrade to version: ansi-regex - 3.0.1,4.1.1,5.0.1,6.0.1 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> default-reporter-8.1.8.tgz (Root Library)

   -> ansi-diff-1.1.1.tgz

     -> ansi-split-1.0.1.tgz

       -> ❌ ansi-regex-3.0.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% ansi-regex-3.0.0.tgz Upgrade to version: ansi-regex - 3.0.1,4.1.1,5.0.1,6.0.1 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> default-reporter-8.1.8.tgz (Root Library)

   -> boxen-5.0.1.tgz

     -> ansi-align-3.0.0.tgz

       -> string-width-3.1.0.tgz

         -> strip-ansi-5.2.0.tgz

           -> ❌ ansi-regex-4.1.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% ansi-regex-4.1.0.tgz Upgrade to version: ansi-regex - 3.0.1,4.1.1,5.0.1,6.0.1 None
CVE-2022-46175

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> write-project-manifest-2.0.4.tgz (Root Library)

   -> ❌ json5-2.2.0.tgz (Vulnerable Library)

High 7.1 Not Defined 1.0% json5-2.2.0.tgz Upgrade to version: json5 - 2.2.2 None
CVE-2024-28863

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lifecycle-11.0.4.tgz (Root Library)

   -> npm-lifecycle-5.1.2.tgz

     -> node-gyp-8.1.0.tgz

       -> ❌ tar-6.1.1.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.0% tar-6.1.1.tgz Upgrade to version: tar - 6.2.1 None
CVE-2022-0235

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> fetch-4.0.2.tgz (Root Library)

   -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.4% node-fetch-2.6.1.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> filter-workspace-packages-4.1.7.tgz (Root Library)

   -> ❌ micromatch-4.0.4.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% micromatch-4.0.4.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2023-26115

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-7.31.0.tgz (Root Library)

   -> optionator-0.9.1.tgz

     -> ❌ word-wrap-1.2.3.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.1% word-wrap-1.2.3.tgz Upgrade to version: word-wrap - 1.2.4 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-config-1.0.0.tgz (Root Library)

   -> eslint-plugin-node-11.1.0.tgz

     -> ❌ semver-6.3.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% semver-6.3.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> merge-lockfile-changes-2.0.1.tgz (Root Library)

   -> ❌ semver-7.3.5.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% semver-7.3.5.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> @pnpm/prepare-0.0.26.tgz (Root Library)

   -> write-pkg-4.0.0.tgz

     -> write-json-file-3.2.0.tgz

       -> make-dir-2.1.0.tgz

         -> ❌ semver-5.7.1.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25881

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> lifecycle-11.0.4.tgz (Root Library)

   -> npm-lifecycle-5.1.2.tgz

     -> node-gyp-8.1.0.tgz

       -> make-fetch-happen-8.0.14.tgz

         -> ❌ http-cache-semantics-4.1.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% http-cache-semantics-4.1.0.tgz Upgrade to version: http-cache-semantics - 4.1.1;org.webjars.npm:http-cache-semantics:4.1.1 None

Total libraries scanned: 672
Scan token: 428284e0eaab4173a437ffbadf63504b
View more details on Mend/5034428