Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): replace dependency eslint-plugin-node with eslint-plugin-n ^14.0.0 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+94 −103

fix(deps): replace dependency eslint-plugin-node with eslint-plugin-n…

d211854
Select commit
Loading
Failed to load commit list.
Open

fix(deps): replace dependency eslint-plugin-node with eslint-plugin-n ^14.0.0 #3

fix(deps): replace dependency eslint-plugin-node with eslint-plugin-n…
d211854
Select commit
Loading
Failed to load commit list.
Mend/5034428 / Mend Security Check failed Dec 27, 2024 in 2m 4s

Security Report

The Security Check found 49 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue
CVE-2023-42282

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> fetch-7.0.1.tgz (Root Library)

   -> network.agent-0.1.0.tgz

     -> network.proxy-agent-0.1.0.tgz

       -> socks-proxy-agent-6.1.1.tgz

         -> socks-2.7.1.tgz

           -> ❌ ip-2.0.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.1% ip-2.0.0.tgz Upgrade to version: ip - 1.1.9,2.0.1 None
CVE-2021-44906

Path to dependency file: /fixtures/with-unsaved-deps/package.json

Path to vulnerable library: /fixtures/with-unsaved-deps/package.json

Dependency Hierarchy:

-> symlink-dir-2.0.2.tgz (Root Library)

   -> mkdirp-promise-5.0.1.tgz

     -> mkdirp-0.5.1.tgz

       -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 Not Defined 2.3% minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2021-44906

Path to dependency file: /fixtures/hello-world-js-bin/package.json

Path to vulnerable library: /fixtures/hello-world-js-bin/node_modules/minimist/package.json

Dependency Hierarchy:

-> cowsay-1.2.1.tgz (Root Library)

   -> optimist-0.6.1.tgz

     -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Critical 9.8 Not Defined 2.3% minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2024-29415

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> fetch-7.0.1.tgz (Root Library)

   -> network.agent-0.1.0.tgz

     -> network.proxy-agent-0.1.0.tgz

       -> socks-proxy-agent-6.1.1.tgz

         -> socks-2.7.1.tgz

           -> ❌ ip-2.0.0.tgz (Vulnerable Library)

Critical 9.1 Not Defined ip-2.0.0.tgz None
CVE-2020-7677

Path to dependency file: /fixtures/with-unsaved-deps/package.json

Path to vulnerable library: /fixtures/with-unsaved-deps/package.json

Dependency Hierarchy:

-> symlink-dir-2.0.2.tgz (Root Library)

   -> mz-2.7.0.tgz

     -> thenify-all-1.6.0.tgz

       -> ❌ thenify-3.3.0.tgz (Vulnerable Library)

High 8.6 Proof of concept 0.2% thenify-3.3.0.tgz Upgrade to version: thenify - 3.3.1;org.webjars.npm:thenify:3.3.1 None
CVE-2024-53866

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ pnpm-8.5.1.tgz (Vulnerable Library)

High 8.2 Not Defined 0.0% pnpm-8.5.1.tgz Upgrade to version: pnpm - 9.15.0, @pnpm/npm-resolver - 900.0.2 None
CVE-2024-53866

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ npm-resolver-16.0.4.tgz (Vulnerable Library)

High 8.2 Not Defined 0.0% npm-resolver-16.0.4.tgz Upgrade to version: pnpm - 9.15.0, @pnpm/npm-resolver - 900.0.2 None
CVE-2024-52798

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/path-to-regexp/package.json,/package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> express-4.18.2.tgz

     -> ❌ path-to-regexp-0.1.7.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% path-to-regexp-0.1.7.tgz Upgrade to version: path-to-regexp - 0.1.12 None
CVE-2024-45590

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/body-parser/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ body-parser-1.19.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% body-parser-1.19.0.tgz Upgrade to version: body-parser - 1.20.3 None
CVE-2024-45590

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> ❌ body-parser-1.20.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% body-parser-1.20.1.tgz Upgrade to version: body-parser - 1.20.3 None
CVE-2024-45296

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/path-to-regexp/package.json,/package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> express-4.18.2.tgz

     -> ❌ path-to-regexp-0.1.7.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% path-to-regexp-0.1.7.tgz Upgrade to version: path-to-regexp - 0.1.10,1.9.0,3.3.0,6.3.0,8.0.0 None
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> filter-workspace-packages-7.0.8.tgz (Root Library)

   -> micromatch-4.0.5.tgz

     -> ❌ braces-3.0.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% braces-3.0.2.tgz Upgrade to version: braces - 3.0.3 None
CVE-2024-21538

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-8.39.0.tgz (Root Library)

   -> ❌ cross-spawn-7.0.3.tgz (Vulnerable Library)

High 7.5 Proof of concept 0.0% cross-spawn-7.0.3.tgz Upgrade to version: cross-spawn - 7.0.5 None
CVE-2024-21538

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> patching.apply-patch-2.0.0.tgz (Root Library)

   -> patch-package-6.5.1.tgz

     -> ❌ cross-spawn-6.0.5.tgz (Vulnerable Library)

High 7.5 Proof of concept 0.0% cross-spawn-6.0.5.tgz Upgrade to version: cross-spawn - 7.0.5 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ macos-arm64-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% macos-arm64-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ pnpm-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% pnpm-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ linux-x64-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% linux-x64-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ exe-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% exe-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ macos-x64-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% macos-x64-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ linux-arm64-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% linux-arm64-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ cafs-7.0.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% cafs-7.0.0.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2023-37478

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ win-x64-8.5.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% win-x64-8.5.1.tgz Upgrade to version: @pnpm/cafs - 7.0.5;@pnpm/exe - 7.33.4,8.6.8;@pnpm/linux-arm64 - 7.33.4,8.6.8;@pnpm/linux-x64 - 7.33.4,8.6.8;@pnpm/macos-arm64 - 7.33.4,8.6.8;@pnpm/macos-x64 - 7.33.4,8.6.8;@pnpm/win-x64 - 7.33.4,8.6.8;pnpm - 7.33.4,8.6.8 None
CVE-2022-3517

Path to dependency file: /fixtures/general/package.json

Path to vulnerable library: /fixtures/general/package.json,/fixtures/has-yarn2-lock/package.json,/fixtures/with-unsaved-deps/package.json,/fixtures/fixtureWithLinks/general/package.json

Dependency Hierarchy:

-> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 None
CVE-2022-24999

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ qs-6.7.0.tgz (Vulnerable Library)

High 7.5 Not Defined 1.4000001% qs-6.7.0.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 None
CVE-2024-28863

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> plugin-commands-installation-13.0.7.tgz (Root Library)

   -> @yarnpkg/core-4.0.0-rc.42.tgz

     -> ❌ tar-6.1.14.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.0% tar-6.1.14.tgz Upgrade to version: tar - 6.2.1 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> request-2.88.0.tgz

     -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)

Medium 6.5 Proof of concept 0.4% tough-cookie-2.4.3.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> registry-mock-3.8.0.tgz (Root Library)

   -> anonymous-npm-registry-client-0.2.0.tgz

     -> request-2.88.2.tgz

       -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Medium 6.5 Proof of concept 0.4% tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2024-29041

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.0% express-4.17.1.tgz Upgrade to version: express - 4.19.0 None
CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> ❌ express-4.18.2.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.0% express-4.18.2.tgz Upgrade to version: express - 4.19.0 None
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> ❌ request-2.88.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% request-2.88.0.tgz Upgrade to version: @cypress/request - 3.0.0 None
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> registry-mock-3.8.0.tgz (Root Library)

   -> anonymous-npm-registry-client-0.2.0.tgz

     -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% request-2.88.2.tgz Upgrade to version: @cypress/request - 3.0.0 None
CVE-2020-7598

Path to dependency file: /fixtures/with-unsaved-deps/package.json

Path to vulnerable library: /fixtures/with-unsaved-deps/package.json

Dependency Hierarchy:

-> symlink-dir-2.0.2.tgz (Root Library)

   -> mkdirp-promise-5.0.1.tgz

     -> mkdirp-0.5.1.tgz

       -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2020-7598

Path to dependency file: /fixtures/hello-world-js-bin/package.json

Path to vulnerable library: /fixtures/hello-world-js-bin/node_modules/minimist/package.json

Dependency Hierarchy:

-> cowsay-1.2.1.tgz (Root Library)

   -> optimist-0.6.1.tgz

     -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2020-15366

Path to dependency file: /fixtures/with-peer/package.json

Path to vulnerable library: /fixtures/with-peer/package.json

Dependency Hierarchy:

-> ❌ ajv-6.10.2.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.4% ajv-6.10.2.tgz Upgrade to version: ajv - 6.12.3 None
CVE-2024-47764

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/cookie/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ cookie-0.4.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% cookie-0.4.0.tgz Upgrade to version: cookie - 0.7.0 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> express-4.18.2.tgz

     -> ❌ cookie-0.5.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% cookie-0.5.0.tgz Upgrade to version: cookie - 0.7.0 None
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> filter-workspace-packages-7.0.8.tgz (Root Library)

   -> ❌ micromatch-4.0.5.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.0% micromatch-4.0.5.tgz Upgrade to version: micromatch - 4.0.8 None
CVE-2023-26115

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-8.39.0.tgz (Root Library)

   -> optionator-0.9.1.tgz

     -> ❌ word-wrap-1.2.3.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.1% word-wrap-1.2.3.tgz Upgrade to version: word-wrap - 1.2.4 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> git-resolver-8.0.2.tgz (Root Library)

   -> ❌ semver-7.5.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% semver-7.5.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> patching.apply-patch-2.0.0.tgz (Root Library)

   -> patch-package-6.5.1.tgz

     -> ❌ semver-5.7.1.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> ❌ semver-7.3.8.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% semver-7.3.8.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> eslint-config-1.0.1.tgz (Root Library)

   -> eslint-plugin-n-14.0.0.tgz

     -> ❌ semver-6.3.0.tgz (Vulnerable Library)

Medium 5.3 Proof of concept 0.3% semver-6.3.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2024-43800

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/serve-static/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ serve-static-1.14.1.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.1% serve-static-1.14.1.tgz Upgrade to version: serve-static - 1.16.0,2.1.0 None
CVE-2024-43800

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> express-4.18.2.tgz

     -> ❌ serve-static-1.15.0.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.1% serve-static-1.15.0.tgz Upgrade to version: serve-static - 1.16.0,2.1.0 None
CVE-2024-43799

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/send/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ send-0.17.1.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% send-0.17.1.tgz Upgrade to version: send - 0.19.0 None
CVE-2024-43799

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> express-4.18.2.tgz

     -> ❌ send-0.18.0.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% send-0.18.0.tgz Upgrade to version: send - 0.19.0 None
CVE-2024-43796

Path to dependency file: /fixtures/pkg-with-external-lockfile/pkg/package.json

Path to vulnerable library: /fixtures/pkg-with-external-lockfile/pkg/node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% express-4.17.1.tgz Upgrade to version: express - 4.20.0,5.0.0 None
CVE-2024-43796

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> verdaccio-5.20.1.tgz (Root Library)

   -> ❌ express-4.18.2.tgz (Vulnerable Library)

Medium 5.0 Not Defined 0.0% express-4.18.2.tgz Upgrade to version: express - 4.20.0,5.0.0 None
CVE-2024-27088

Path to dependency file: /fixtures/circular/package.json

Path to vulnerable library: /fixtures/circular/package.json

Dependency Hierarchy:

-> es6-iterator-2.0.1.tgz (Root Library)

   -> ❌ es5-ext-0.10.24.tgz (Vulnerable Library)

Low 0.0 Not Defined 0.0% es5-ext-0.10.24.tgz Upgrade to version: es5-ext - 0.10.63 None

Total libraries scanned: 1126
Scan token: bbb1d75703a444829cb3e310bfa6790d
View more details on Mend/5034428