Skip to content
This repository has been archived by the owner on Dec 21, 2023. It is now read-only.

Update dependency husky to v5 (master) #72

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency husky to v5

8503d2a
Select commit
Loading
Failed to load commit list.
Open

Update dependency husky to v5 (master) #72

Update dependency husky to v5
8503d2a
Select commit
Loading
Failed to load commit list.
Appcues WSS / WhiteSource Security Check failed Sep 22, 2023 in 4m 11s

Security Report

You have successfully remediated 164 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> analytics.js-integration-facebook-pixel-2.11.4.tgz (Root Library)

   -> dateformat-1.0.12.tgz

     -> meow-3.7.0.tgz

       -> normalize-package-data-2.5.0.tgz

         -> ❌ semver-5.7.0.tgz (Vulnerable Library)

High 7.5 semver-5.7.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2020-23064

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jquery/package.json

Dependency Hierarchy:

-> @segment/analytics.js-integration-uservoice-2.0.1.tgz (Root Library)

   -> ❌ jquery-2.2.4.tgz (Vulnerable Library)

Medium 6.1 jquery-2.2.4.tgz Upgrade to version: jquery - 3.5.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
WS-2021-0638 mocha-2.5.3.tgz
CVE-2017-20165 debug-2.2.0.tgz
CVE-2021-37712 tar-6.1.0.tgz
CVE-2019-10744 lodash-4.17.11.tgz
WS-2019-0425 mocha-2.5.3.tgz
WS-2021-0638 mocha-6.1.4.tgz
CVE-2022-24773 node-forge-0.10.0.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2022-2218 parse-url-5.0.1.tgz
CVE-2022-0235 node-fetch-2.6.0.tgz
CVE-2020-7608 yargs-parser-7.0.0.tgz
CVE-2018-3721 lodash-3.10.1.tgz
CVE-2021-32804 tar-6.1.0.tgz
CVE-2021-37713 tar-4.4.10.tgz
CVE-2020-15366 ajv-4.11.8.tgz
CVE-2022-24772 node-forge-0.10.0.tgz
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2022-48285 jszip-3.2.1.tgz
CVE-2022-24771 node-forge-0.10.0.tgz
CVE-2021-23413 jszip-3.2.1.tgz
CVE-2021-42581 ramda-0.21.0.tgz
CVE-2020-28500 lodash-4.17.20.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2021-37701 tar-4.4.10.tgz
CVE-2022-2217 parse-url-5.0.1.tgz
CVE-2022-0437 karma-1.3.0.tgz
WS-2018-0347 eslint-2.13.1.tgz
CVE-2022-0691 url-parse-1.4.7.tgz
CVE-2016-10542 ws-1.0.1.tgz
CVE-2021-3664 url-parse-1.4.7.tgz
CVE-2021-32804 tar-4.4.10.tgz
WS-2022-0239 parse-url-5.0.1.tgz
CVE-2016-10539 negotiator-0.4.9.tgz
CVE-2022-0512 url-parse-1.4.7.tgz
CVE-2019-10744 lodash.template-4.4.0.tgz
WS-2018-0625 xmlbuilder-8.2.2.tgz
WS-2017-0421 ws-1.0.1.tgz
CVE-2020-36049 socket.io-parser-2.2.2.tgz
CVE-2017-16113 parsejson-0.0.1.tgz
CVE-2022-0624 parse-path-4.0.1.tgz
WS-2022-0008 node-forge-0.10.0.tgz
CVE-2021-44906 minimist-0.0.10.tgz
CVE-2020-7608 yargs-parser-13.0.0.tgz
CVE-2022-0639 url-parse-1.4.7.tgz
CVE-2021-32803 tar-4.4.10.tgz
CVE-2022-21704 log4js-4.3.1.tgz
CVE-2020-28481 socket.io-1.4.7.tgz
CVE-2022-37603 loader-utils-1.4.0.tgz
CVE-2021-37712 tar-4.4.10.tgz
CVE-2020-36049 socket.io-parser-2.2.6.tgz
CVE-2022-1650 eventsource-1.0.7.tgz
CVE-2022-0536 follow-redirects-1.7.0.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2020-28481 socket.io-2.1.1.tgz
CVE-2021-23364 browserslist-4.16.3.tgz
CVE-2022-2216 parse-url-5.0.1.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2021-43307 semver-regex-3.1.2.tgz
CVE-2021-37701 tar-6.1.0.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2021-23495 karma-4.1.0.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2020-28500 lodash-3.10.1.tgz
CVE-2022-3517 minimatch-0.3.0.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2022-33987 got-6.7.1.tgz
CVE-2020-7608 yargs-parser-11.1.1.tgz
CVE-2021-23337 lodash-4.17.11.tgz
CVE-2022-29078 ejs-2.7.4.tgz
CVE-2022-25858 terser-5.5.1.tgz
CVE-2020-36049 socket.io-parser-3.2.0.tgz
CVE-2020-7608 yargs-parser-8.1.0.tgz
CVE-2022-37598 uglify-js-3.6.0.tgz
CVE-2022-3224 parse-url-5.0.1.tgz
CVE-2020-36632 flat-4.1.0.tgz
CVE-2020-7598 minimist-0.0.10.tgz
CVE-2020-28469 glob-parent-2.0.0.tgz
CVE-2022-0155 follow-redirects-1.7.0.tgz
CVE-2021-42581 ramda-0.26.1.tgz
CVE-2020-8203 lodash-4.17.11.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2022-0235 node-fetch-2.6.1.tgz
CVE-2019-10744 lodash-3.10.1.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2022-21704 log4js-0.6.38.tgz
CVE-2021-23369 handlebars-4.7.6.tgz
CVE-2021-23807 jsonpointer-4.1.0.tgz
CVE-2023-0842 xml2js-0.4.19.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.1.tgz
CVE-2019-1010266 lodash-3.10.1.tgz
WS-2018-0590 diff-1.4.0.tgz
CVE-2021-23369 handlebars-4.1.2.tgz
WS-2020-0042 acorn-6.1.1.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2020-28500 lodash-4.17.11.tgz
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2022-0686 url-parse-1.4.7.tgz
CVE-2017-16137 debug-2.2.0.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2021-23337 lodash-3.10.1.tgz
CVE-2022-24066 simple-git-1.113.0.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2022-41940 engine.io-1.6.10.tgz
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2022-0437 karma-4.1.0.tgz
CVE-2021-42740 shell-quote-1.6.1.tgz
WS-2020-0443 socket.io-1.4.7.tgz
CVE-2020-7707 property-expr-1.5.1.tgz
CVE-2016-10540 minimatch-0.3.0.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-8116 dot-prop-4.2.0.tgz
CVE-2022-24433 simple-git-1.113.0.tgz
CVE-2019-19919 handlebars-4.1.2.tgz
CVE-2020-15366 ajv-6.10.0.tgz
WS-2020-0443 socket.io-2.1.1.tgz
WS-2019-0310 https-proxy-agent-2.2.1.tgz
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-32803 tar-6.1.0.tgz
CVE-2020-7598 minimist-0.0.8.tgz
CVE-2017-16042 growl-1.9.2.tgz
CVE-2020-7608 yargs-parser-13.1.1.tgz
CVE-2021-3795 semver-regex-3.1.2.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-8116 dot-prop-3.0.0.tgz
CVE-2022-0722 parse-url-5.0.1.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2021-43138 async-2.6.2.tgz
WS-2021-0153 ejs-2.7.4.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
CVE-2022-25912 simple-git-1.113.0.tgz
WS-2022-0238 parse-url-5.0.1.tgz
CVE-2021-23358 underscore-1.12.0.tgz
CVE-2021-23495 karma-1.3.0.tgz
CVE-2021-23518 cached-path-relative-1.0.2.tgz
CVE-2021-23337 lodash-4.17.20.tgz
WS-2020-0091 http-proxy-1.17.0.tgz
CVE-2019-15657 eslint-utils-1.3.1.tgz
CVE-2021-27515 url-parse-1.4.7.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2020-36048 engine.io-3.2.1.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
CVE-2018-16487 lodash-3.10.1.tgz
CVE-2020-28469 glob-parent-5.1.1.tgz
CVE-2020-15168 node-fetch-2.6.0.tgz
CVE-2023-28155 request-2.88.0.tgz
WS-2018-0650 useragent-2.3.0.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.1.tgz
CVE-2022-0122 node-forge-0.10.0.tgz
CVE-2021-37713 tar-6.1.0.tgz
CVE-2020-8203 lodash-3.10.1.tgz
WS-2020-0042 acorn-5.7.3.tgz
CVE-2022-2900 parse-url-5.0.1.tgz
CVE-2019-20149 kind-of-6.0.2.tgz
WS-2017-0107 ws-1.0.1.tgz
CVE-2022-0144 shelljs-0.6.1.tgz
WS-2022-0237 parse-url-5.0.1.tgz
CVE-2021-44906 minimist-0.0.8.tgz
CVE-2020-36048 engine.io-1.6.10.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2022-25858 terser-4.8.0.tgz
CVE-2021-23425 trim-off-newlines-1.0.1.tgz
CVE-2021-23383 handlebars-4.7.6.tgz
CVE-2022-41940 engine.io-3.2.1.tgz

Base branch total remaining vulnerabilities: 183
Base branch commit: null


Total libraries scanned: 366

Scan token: 13ec221c95a149a9a73c3a3b5e5dcec7