Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency @changesets/pre to ^1.0.14 #2

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency @changesets/pre to ^1.0.14

d6d0ac6
Select commit
Loading
Failed to load commit list.
Open

Update dependency @changesets/pre to ^1.0.14 #2

Update dependency @changesets/pre to ^1.0.14
d6d0ac6
Select commit
Loading
Failed to load commit list.
Mend/5034428 / Mend Security Check failed Oct 16, 2024 in 2h 33m 5s

Security Report

The Security Check found 64 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue
MSC-2023-16609

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> ❌ fsevents-1.2.9.tgz (Vulnerable Library)

Critical 9.8 High fsevents-1.2.9.tgz None
CVE-2023-45311

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> ❌ fsevents-1.2.9.tgz (Vulnerable Library)

Critical 9.8 Not Defined 1.1% fsevents-1.2.9.tgz Upgrade to version: fsevents - 1.2.11 None
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> sane-4.1.0.tgz

         -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 3.5% minimist-1.2.0.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> core-7.13.10.tgz (Root Library)

   -> json5-2.2.0.tgz

     -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 3.5% minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-util-24.9.0.tgz

       -> mkdirp-0.5.1.tgz

         -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 Not Defined 3.5% minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> reporters-24.9.0.tgz

         -> istanbul-reports-2.2.6.tgz

           -> handlebars-4.5.3.tgz

             -> optimist-0.6.1.tgz

               -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Critical 9.8 Not Defined 3.5% minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2021-3918

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-2.88.0.tgz

             -> http-signature-1.2.0.tgz

               -> jsprim-1.4.1.tgz

                 -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.5% json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 None
CVE-2023-45133

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> babel-plugin-istanbul-5.2.0.tgz

     -> istanbul-lib-instrument-3.3.0.tgz

       -> ❌ traverse-7.6.0.tgz (Vulnerable Library)

Critical 9.3 Not Defined 0.1% traverse-7.6.0.tgz Upgrade to version: @babel/traverse - 7.23.2 None
CVE-2023-45133

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> core-7.13.10.tgz (Root Library)

   -> ❌ traverse-7.13.0.tgz (Vulnerable Library)

Critical 9.3 Not Defined 0.1% traverse-7.13.0.tgz Upgrade to version: @babel/traverse - 7.23.2 None
CVE-2023-45133

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-jasmine2-24.9.0.tgz

         -> ❌ traverse-7.5.5.tgz (Vulnerable Library)

Critical 9.3 Not Defined 0.1% traverse-7.5.5.tgz Upgrade to version: @babel/traverse - 7.23.2 None
MSC-2022-1747

Path to dependency file: /fixtures/simple-project/package.json

Path to vulnerable library: /fixtures/simple-project/packages/pkg-b/package.json

Dependency Hierarchy:

-> ❌ simple-project-pkg-b-1.0.0.tgz (Vulnerable Library)

High 8.6 High simple-project-pkg-b-1.0.0.tgz None
CVE-2021-37713

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.10.tgz (Vulnerable Library)

High 8.2 Not Defined 0.1% tar-4.4.10.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 None
CVE-2021-37712

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.10.tgz (Vulnerable Library)

High 8.2 Not Defined 0.1% tar-4.4.10.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 None
CVE-2021-37701

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.10.tgz (Vulnerable Library)

High 8.2 Not Defined 0.1% tar-4.4.10.tgz Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 None
CVE-2021-32804

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.10.tgz (Vulnerable Library)

High 8.2 Not Defined 0.70000005% tar-4.4.10.tgz Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1 None
CVE-2021-32803

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.10.tgz (Vulnerable Library)

High 8.2 Not Defined 0.70000005% tar-4.4.10.tgz Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 None
WS-2020-0450

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> reporters-24.9.0.tgz

         -> istanbul-reports-2.2.6.tgz

           -> ❌ handlebars-4.5.3.tgz (Vulnerable Library)

High 7.5 Not Defined handlebars-4.5.3.tgz Upgrade to version: handlebars - 4.6.0 None
WS-2020-0042

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> ❌ acorn-5.7.3.tgz (Vulnerable Library)

High 7.5 Not Defined acorn-5.7.3.tgz Upgrade to version: acorn - 5.7.4,6.4.1,7.1.1 None
WS-2020-0042

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> acorn-globals-4.3.4.tgz

             -> ❌ acorn-6.3.0.tgz (Vulnerable Library)

High 7.5 Not Defined acorn-6.3.0.tgz Upgrade to version: acorn - 5.7.4,6.4.1,7.1.1 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> get-packages-1.1.3.tgz (Root Library)

   -> globby-11.0.1.tgz

     -> fast-glob-3.2.4.tgz

       -> micromatch-4.0.2.tgz

         -> ❌ braces-3.0.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% braces-3.0.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> micromatch-3.1.10.tgz

       -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-37890

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> ❌ ws-5.2.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% ws-5.2.2.tgz Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 None
CVE-2022-38900

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> micromatch-3.1.10.tgz

       -> snapdragon-0.8.2.tgz

         -> source-map-resolve-0.5.2.tgz

           -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% decode-uri-component-0.2.0.tgz Upgrade to version: decode-uri-component - 0.2.1 None
CVE-2022-3517

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> babel-plugin-istanbul-5.2.0.tgz

     -> test-exclude-5.2.3.tgz

       -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 None
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-2.88.0.tgz

             -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 Not Defined 1.9% qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> jest-watcher-24.9.0.tgz

         -> string-length-2.0.0.tgz

           -> strip-ansi-4.0.0.tgz

             -> ❌ ansi-regex-3.0.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% ansi-regex-3.0.0.tgz Upgrade to version: ansi-regex - 5.0.1,6.0.1 None
CVE-2021-3807

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> pretty-format-24.9.0.tgz

         -> ❌ ansi-regex-4.1.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% ansi-regex-4.1.0.tgz Upgrade to version: ansi-regex - 5.0.1,6.0.1 None
CVE-2021-3777

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> walker-1.0.7.tgz

         -> makeerror-1.0.11.tgz

           -> ❌ tmpl-1.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% tmpl-1.0.4.tgz Upgrade to version: tmpl - 1.0.5 None
CVE-2020-7753

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> remark-parse-7.0.1.tgz (Root Library)

   -> ❌ trim-0.0.1.tgz (Vulnerable Library)

High 7.5 Not Defined 1.4000001% trim-0.0.1.tgz Upgrade to version: trim - 0.0.3 None
CVE-2019-20149

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> micromatch-3.1.10.tgz

       -> ❌ kind-of-6.0.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% kind-of-6.0.2.tgz Upgrade to version: kind-of - 6.0.3 None
CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-promise-native-1.0.7.tgz

             -> request-promise-core-1.1.2.tgz

               -> ❌ lodash-4.17.15.tgz (Vulnerable Library)

High 7.4 Not Defined 1.7% lodash-4.17.15.tgz Upgrade to version: lodash - 4.17.19 None
CVE-2020-7788

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> rc-1.2.8.tgz

             -> ❌ ini-1.3.5.tgz (Vulnerable Library)

High 7.3 Proof of concept 1.2% ini-1.3.5.tgz Upgrade to version: v1.3.6 None
CVE-2020-7774

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> yargs-13.3.0.tgz

       -> ❌ y18n-4.0.0.tgz (Vulnerable Library)

High 7.3 Proof of concept 28.2% y18n-4.0.0.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 None
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-promise-native-1.0.7.tgz

             -> request-promise-core-1.1.2.tgz

               -> ❌ lodash-4.17.15.tgz (Vulnerable Library)

High 7.2 Proof of concept 0.9% lodash-4.17.15.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 None
CVE-2022-46175

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> core-7.6.0.tgz

       -> ❌ json5-2.1.0.tgz (Vulnerable Library)

High 7.1 Not Defined 1.0% json5-2.1.0.tgz Upgrade to version: json5 - 2.2.2 None
CVE-2022-46175

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> core-7.13.10.tgz (Root Library)

   -> ❌ json5-2.2.0.tgz (Vulnerable Library)

High 7.1 Not Defined 1.0% json5-2.2.0.tgz Upgrade to version: json5 - 2.2.2 None
CVE-2024-28863

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.10.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.0% tar-4.4.10.tgz Upgrade to version: tar - 6.2.1 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Medium 6.5 Proof of concept 0.2% tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-2.88.0.tgz

             -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)

Medium 6.5 Proof of concept 0.2% tough-cookie-2.4.3.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> ❌ request-2.88.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% request-2.88.0.tgz Upgrade to version: @cypress/request - 3.0.0 None
CVE-2022-0235

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> github-4.0.0.tgz (Root Library)

   -> core-3.1.0.tgz

     -> request-5.4.5.tgz

       -> ❌ node-fetch-2.6.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.4% node-fetch-2.6.0.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 None
CVE-2021-23383

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> reporters-24.9.0.tgz

         -> istanbul-reports-2.2.6.tgz

           -> ❌ handlebars-4.5.3.tgz (Vulnerable Library)

Medium 5.6 Proof of concept 3.3% handlebars-4.5.3.tgz Upgrade to version: handlebars - 4.7.7 None
CVE-2021-23369

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> reporters-24.9.0.tgz

         -> istanbul-reports-2.2.6.tgz

           -> ❌ handlebars-4.5.3.tgz (Vulnerable Library)

Medium 5.6 Proof of concept 14.900001% handlebars-4.5.3.tgz Upgrade to version: com.github.jknack:handlebars:4.2.0, handlebars - 4.7.7 None
CVE-2020-7789

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> reporters-24.9.0.tgz

         -> ❌ node-notifier-5.4.3.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.3% node-notifier-5.4.3.tgz Upgrade to version: node-notifier - 5.4.4,8.0.1 None
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> sane-4.1.0.tgz

         -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% minimist-1.2.0.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> core-24.9.0.tgz

       -> reporters-24.9.0.tgz

         -> istanbul-reports-2.2.6.tgz

           -> handlebars-4.5.3.tgz

             -> optimist-0.6.1.tgz

               -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-util-24.9.0.tgz

       -> mkdirp-0.5.1.tgz

         -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2020-15366

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-2.88.0.tgz

             -> har-validator-5.1.3.tgz

               -> ❌ ajv-6.10.2.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.4% ajv-6.10.2.tgz Upgrade to version: ajv - 6.12.3 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> get-packages-1.1.3.tgz (Root Library)

   -> globby-11.0.1.tgz

     -> fast-glob-3.2.4.tgz

       -> ❌ micromatch-4.0.2.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% micromatch-4.0.2.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% micromatch-3.1.10.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> husky-3.0.3.tgz (Root Library)

   -> execa-1.0.0.tgz

     -> cross-spawn-6.0.5.tgz

       -> ❌ semver-5.7.1.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ semver-6.3.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% semver-6.3.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> preset-env-7.13.10.tgz (Root Library)

   -> core-js-compat-3.9.1.tgz

     -> ❌ semver-7.0.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% semver-7.0.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2021-32640

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> ❌ ws-5.2.2.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% ws-5.2.2.tgz Upgrade to version: 5.2.3,6.2.2,7.4.6 None
CVE-2021-23364

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> preset-env-7.13.10.tgz (Root Library)

   -> core-js-compat-3.9.1.tgz

     -> ❌ browserslist-4.16.3.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% browserslist-4.16.3.tgz Upgrade to version: browserslist - 4.16.5 None
CVE-2021-23362

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> husky-3.0.3.tgz (Root Library)

   -> read-pkg-5.2.0.tgz

     -> normalize-package-data-2.5.0.tgz

       -> ❌ hosted-git-info-2.8.4.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% hosted-git-info-2.8.4.tgz Upgrade to version: hosted-git-info - 2.8.9,3.0.8 None
CVE-2021-23343

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> core-7.6.0.tgz

       -> resolve-1.12.0.tgz

         -> ❌ path-parse-1.0.6.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.3% path-parse-1.0.6.tgz Upgrade to version: path-parse - 1.0.7 None
CVE-2020-7608

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> yargs-13.3.0.tgz

       -> ❌ yargs-parser-13.1.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% yargs-parser-13.1.1.tgz Upgrade to version: 5.0.1;13.1.2;15.0.1;18.1.1 None
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> jest-24.9.0.tgz (Root Library)

   -> jest-cli-24.9.0.tgz

     -> jest-config-24.9.0.tgz

       -> jest-environment-jsdom-24.9.0.tgz

         -> jsdom-11.12.0.tgz

           -> request-promise-native-1.0.7.tgz

             -> request-promise-core-1.1.2.tgz

               -> ❌ lodash-4.17.15.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.2% lodash-4.17.15.tgz Upgrade to version: lodash - 4.17.21 None
CVE-2020-28469

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> get-packages-1.1.3.tgz (Root Library)

   -> globby-11.0.1.tgz

     -> fast-glob-3.2.4.tgz

       -> ❌ glob-parent-5.1.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 1.2% glob-parent-5.1.1.tgz Upgrade to version: glob-parent - 5.1.2 None
CVE-2022-35954

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ core-1.6.0.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.1% core-1.6.0.tgz Upgrade to version: @actions/core - 1.9.1 None
CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-jest-24.9.0.tgz (Root Library)

   -> transform-24.9.0.tgz

     -> jest-haste-map-24.9.0.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> needle-2.4.0.tgz

             -> ❌ debug-3.2.6.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.3% debug-3.2.6.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 None
CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> preset-env-7.13.10.tgz (Root Library)

   -> babel-plugin-polyfill-regenerator-0.1.6.tgz

     -> helper-define-polyfill-provider-0.1.5.tgz

       -> ❌ debug-4.1.1.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.3% debug-4.1.1.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 None
CVE-2020-15168

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> github-4.0.0.tgz (Root Library)

   -> core-3.1.0.tgz

     -> request-5.4.5.tgz

       -> ❌ node-fetch-2.6.0.tgz (Vulnerable Library)

Low 2.6 Not Defined 0.1% node-fetch-2.6.0.tgz Upgrade to version: 2.6.1,3.0.0-beta.9 None

Total libraries scanned: 773
Scan token: 0b4eb8c4a0dd49b3be61baa8be9568a5
View more details on Mend/5034428