Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency body-parser to v1.20.3 - autoclosed #16

Closed
wants to merge 1 commit into from

Update dependency body-parser to v1.20.3

53f81a4
Select commit
Loading
Failed to load commit list.
Closed

Update dependency body-parser to v1.20.3 - autoclosed #16

Update dependency body-parser to v1.20.3
53f81a4
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Dec 17, 2024 in 1m 28s

Security Report

You have successfully remediated 18 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-21803

Path to dependency file: /server/package.json

Path to vulnerable library: /server/node_modules/nconf/package.json

Dependency Hierarchy:

-> node-zendesk-1.5.0.tgz (Root Library)

   -> ❌ nconf-0.10.0.tgz (Vulnerable Library)

High 7.3 nconf-0.10.0.tgz Upgrade to version: nconf - 0.11.4 None
CVE-2023-26136

Path to dependency file: /server/package.json

Path to vulnerable library: /server/node_modules/tough-cookie/package.json

Dependency Hierarchy:

-> node-zendesk-1.5.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Medium 6.5 tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 None
CVE-2023-28155

Path to dependency file: /server/package.json

Path to vulnerable library: /server/node_modules/request/package.json

Dependency Hierarchy:

-> node-zendesk-1.5.0.tgz (Root Library)

   -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 request-2.88.2.tgz Upgrade to version: @cypress/request - 3.0.0 None
CVE-2024-43799

Path to dependency file: /server/package.json

Path to vulnerable library: /server/node_modules/send/package.json

Dependency Hierarchy:

-> express-3.21.2.tgz (Root Library)

   -> ❌ send-0.13.0.tgz (Vulnerable Library)

Medium 5.0 send-0.13.0.tgz Upgrade to version: send - 0.19.0 #8

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-8203 lodash-4.17.15.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2023-0842 xml2js-0.4.19.tgz
CVE-2023-26136 tough-cookie-2.4.3.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2024-45590 body-parser-1.19.0.tgz
CVE-2022-23541 jsonwebtoken-8.5.1.tgz
CVE-2020-15366 ajv-6.10.2.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2023-28155 request-2.88.0.tgz
CVE-2020-28472 aws-sdk-2.695.0.tgz
CVE-2021-23337 lodash-4.17.15.tgz
CVE-2022-21803 nconf-0.7.2.tgz
CVE-2020-28500 lodash-4.17.15.tgz
CVE-2022-23540 jsonwebtoken-8.5.1.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2022-23539 jsonwebtoken-8.5.1.tgz

Base branch total remaining vulnerabilities: 42
Base branch commit: null


Total libraries scanned: 242

Scan token: 61a7b2fb9789407ca578e1933cdce3c2

View more details on Mend for GitHub.com