Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency grunt-cli to v1.4.0 (develop) #864

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Update dependency grunt-cli to v1.4.0

953502a
Select commit
Loading
Failed to load commit list.
Open

Update dependency grunt-cli to v1.4.0 (develop) #864

Update dependency grunt-cli to v1.4.0
953502a
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Aug 24, 2024 in 6m 31s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

Scan Details Report

general

https://vonagecc.jfrog.io/artifactory
Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided unsupported host type gradle, skipped

The Security Check found 55 vulnerabilities.
CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue Reachability
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/tough-cookie/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ tough-cookie-2.5.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.2% tough-cookie-2.5.0.tgz Upgrade to version: tough-cookie - 4.1.3 #794

Reachable
CVE-2021-3918

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/json-schema/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> http-signature-1.2.0.tgz

       -> jsprim-1.4.1.tgz

         -> ❌ json-schema-0.2.3.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.5% json-schema-0.2.3.tgz Upgrade to version: json-schema - 0.4.0 #794

Reachable
CVE-2022-23539

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

High 8.1 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable
CVE-2022-23540

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

High 7.6 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable
CVE-2022-3517

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 #788

Reachable
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/semver/package.json

Dependency Hierarchy:

-> grunt-html-build-0.7.1.tgz (Root Library)

   -> js-beautify-1.13.0.tgz

     -> editorconfig-0.15.3.tgz

       -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #795

Reachable
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

-> ❌ qs-6.9.4.tgz (Vulnerable Library)

High 7.5 Not Defined 1.9% qs-6.9.4.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #829

Reachable
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/body-parser/node_modules/qs/package.json,/node_modules/express/node_modules/qs/package.json

Dependency Hierarchy:

-> express-4.17.1.tgz (Root Library)

   -> ❌ qs-6.7.0.tgz (Vulnerable Library)

High 7.5 Not Defined 1.9% qs-6.7.0.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #828

Reachable
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/node_modules/qs/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> request-2.88.2.tgz

     -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 Not Defined 1.9% qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #794

Reachable
CVE-2022-24772

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable
CVE-2022-24771

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable
CVE-2022-24434

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/dicer/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> multer-1.4.2.tgz

     -> busboy-0.2.14.tgz

       -> ❌ dicer-0.2.5.tgz (Vulnerable Library)

High 7.5 Not Defined 0.3% dicer-0.2.5.tgz #786

Reachable
CVE-2017-20165

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 1.0% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0 #786

Reachable
WS-2018-0590

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/diff/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ diff-1.3.2.tgz (Vulnerable Library)

High 7.1 Not Defined diff-1.3.2.tgz Upgrade to version: 3.5.0 #789

Reachable
WS-2022-0008

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.6 Not Defined node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #787

Reachable
CVE-2024-28849

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.0% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.15.6 #786

Reachable
CVE-2022-0155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.2% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - v1.14.7 #786

Reachable
CVE-2022-23541

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/jsonwebtoken/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ jsonwebtoken-8.5.1.tgz (Vulnerable Library)

Medium 6.3 Not Defined 0.1% jsonwebtoken-8.5.1.tgz Upgrade to version: jsonwebtoken - 9.0.0 #794

Reachable
CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.0% express-4.17.1.tgz Upgrade to version: express - 4.19.0 #828

Reachable
CVE-2023-28155

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/package.json

Dependency Hierarchy:

-> opentok-2.10.0.tgz (Root Library)

   -> ❌ request-2.88.2.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% request-2.88.2.tgz Upgrade to version: @cypress/request - 3.0.0 #794

Reachable
CVE-2023-26159

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.15.4 #786

Reachable
CVE-2022-0235

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-fetch/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gaxios-4.0.1.tgz

     -> ❌ node-fetch-2.6.1.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.4% node-fetch-2.6.1.tgz Upgrade to version: node-fetch - 2.6.7,3.1.1 #787

Reachable
CVE-2022-0122

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 6.1 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.0.0 #787

Reachable
CVE-2022-0536

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/follow-redirects/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ follow-redirects-1.13.0.tgz (Vulnerable Library)

Medium 5.9 Not Defined 0.1% follow-redirects-1.13.0.tgz Upgrade to version: follow-redirects - 1.14.8 #786

Reachable
CVE-2023-0842

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/xml2js/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ xml2js-0.4.23.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% xml2js-0.4.23.tgz Upgrade to version: xml2js - 0.5.0 #786

Reachable
CVE-2022-24773

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-forge/package.json

Dependency Hierarchy:

-> google-auth-library-6.1.3.tgz (Root Library)

   -> gtoken-5.1.0.tgz

     -> google-p12-pem-3.0.3.tgz

       -> ❌ node-forge-0.10.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% node-forge-0.10.0.tgz Upgrade to version: node-forge - 1.3.0 #787

Reachable
CVE-2017-20162

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/ms/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> debug-2.2.0.tgz

       -> ❌ ms-0.7.1.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% ms-0.7.1.tgz Upgrade to version: ms - 2.0.0 #786

Reachable
CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/node-rest-client/node_modules/debug/package.json

Dependency Hierarchy:

-> swagger-boilerplate-0.1.6.tgz (Root Library)

   -> node-rest-client-3.1.0.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

Low 3.7 Not Defined 0.3% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0,3.2.7,4.3.1 #786

Reachable
WS-2021-0153

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined ejs-3.1.5.tgz Upgrade to version: ejs - 3.1.6 #797

Unreachable
CVE-2022-37602

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-karma/package.json

Dependency Hierarchy:

-> ❌ grunt-karma-4.0.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 0.3% grunt-karma-4.0.0.tgz #817

Unreachable
CVE-2022-29078

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 43.5% ejs-3.1.5.tgz Upgrade to version: ejs - v3.1.7 #797

Unreachable
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/minimist/package.json

Dependency Hierarchy:

-> grunt-contrib-compress-1.6.0.tgz (Root Library)

   -> iltorb-2.4.5.tgz

     -> prebuild-install-5.3.6.tgz

       -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 Not Defined 3.5% minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #792

Unreachable
CVE-2020-28282

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/getobject/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-legacy-util-2.0.0.tgz

     -> ❌ getobject-0.1.0.tgz (Vulnerable Library)

Critical 9.8 Not Defined 1.0% getobject-0.1.0.tgz Upgrade to version: getobject - 1.0.0 #788

Unreachable
CVE-2019-10744

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Critical 9.1 Not Defined 2.1% lodash-0.10.0.tgz Upgrade to version: lodash-4.17.12, lodash-amd-4.17.12, lodash-es-4.17.12, lodash.defaultsdeep-4.6.1, lodash.merge- 4.6.2, lodash.mergewith-4.6.2, lodash.template-4.5.0 #796

Unreachable
CVE-2024-33883

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ejs/package.json

Dependency Hierarchy:

-> ❌ ejs-3.1.5.tgz (Vulnerable Library)

High 8.8 Not Defined 0.1% ejs-3.1.5.tgz Upgrade to version: ejs - 3.1.10 #797

Unreachable
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-contrib-connect/node_modules/async/package.json

Dependency Hierarchy:

-> grunt-contrib-connect-3.0.0.tgz (Root Library)

   -> ❌ async-3.2.0.tgz (Vulnerable Library)

High 7.8 Not Defined 0.2% async-3.2.0.tgz Upgrade to version: async - 2.6.4,3.2.2 #799

Unreachable
CVE-2021-43138

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/package.json,/node_modules/grunt-contrib-less/node_modules/async/package.json,/node_modules/grunt-contrib-watch/node_modules/async/package.json,/node_modules/archiver/node_modules/async/package.json,/node_modules/grunt-contrib-clean/node_modules/async/package.json,/node_modules/geoip-lite/node_modules/async/package.json,/node_modules/portscanner/node_modules/async/package.json

Dependency Hierarchy:

-> geoip-lite-1.4.2.tgz (Root Library)

   -> ❌ async-2.6.3.tgz (Vulnerable Library)

High 7.8 Not Defined 0.2% async-2.6.3.tgz Upgrade to version: async - 2.6.4,3.2.2 #812

Unreachable
CVE-2024-4068

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/liftoff/node_modules/braces/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-cli-1.3.2.tgz

     -> liftoff-2.5.0.tgz

       -> findup-sync-2.0.0.tgz

         -> micromatch-3.1.10.tgz

           -> ❌ braces-2.3.2.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% braces-2.3.2.tgz Upgrade to version: braces - 3.0.3 #788

Unreachable
CVE-2024-4067

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/liftoff/node_modules/micromatch/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-cli-1.3.2.tgz

     -> liftoff-2.5.0.tgz

       -> findup-sync-2.0.0.tgz

         -> ❌ micromatch-3.1.10.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% micromatch-3.1.10.tgz #788

Unreachable
CVE-2024-37890

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/ws/package.json

Dependency Hierarchy:

-> grunt-contrib-connect-3.0.0.tgz (Root Library)

   -> node-http2-4.0.1.tgz

     -> websocket-stream-5.5.2.tgz

       -> ❌ ws-3.3.3.tgz (Vulnerable Library)

High 7.5 Not Defined 0.0% ws-3.3.3.tgz Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 #799

Unreachable
CVE-2022-38900

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/decode-uri-component/package.json

Dependency Hierarchy:

-> grunt-1.3.0.tgz (Root Library)

   -> grunt-cli-1.3.2.tgz

     -> liftoff-2.5.0.tgz

       -> findup-sync-2.0.0.tgz

         -> micromatch-3.1.10.tgz

           -> snapdragon-0.8.2.tgz

             -> source-map-resolve-0.5.3.tgz

               -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.4% decode-uri-component-0.2.0.tgz Upgrade to version: decode-uri-component - 0.2.1 #788

Unreachable
CVE-2022-25858

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/terser/package.json

Dependency Hierarchy:

-> grunt-terser-1.0.0.tgz (Root Library)

   -> ❌ terser-4.8.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% terser-4.8.0.tgz Upgrade to version: terser - 4.8.1,5.14.2 #813

Unreachable
CVE-2022-0355

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/simple-get/package.json

Dependency Hierarchy:

-> grunt-contrib-compress-1.6.0.tgz (Root Library)

   -> iltorb-2.4.5.tgz

     -> prebuild-install-5.3.6.tgz

       -> ❌ simple-get-3.1.0.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% simple-get-3.1.0.tgz Upgrade to version: simple-get - 4.0.1 #792

Unreachable
CVE-2021-23382

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ postcss-4.1.16.tgz (Vulnerable Library)

High 7.5 Not Defined 0.2% postcss-4.1.16.tgz Upgrade to version: postcss - 8.2.13 #789

Unreachable
CVE-2020-8203

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

High 7.4 Not Defined 1.7% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.19 #796

Unreachable
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> async-2.6.3.tgz

     -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

High 7.2 Not Defined 0.6% lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #796

Unreachable
CVE-2021-23337

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

High 7.2 Not Defined 0.6% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #796

Unreachable
CVE-2022-1537

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt/package.json

Dependency Hierarchy:

-> ❌ grunt-1.3.0.tgz (Vulnerable Library)

High 7.0 Not Defined 0.0% grunt-1.3.0.tgz Upgrade to version: grunt - v1.5.3 #788

Unreachable
CVE-2019-1010266

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.4% lodash-0.10.0.tgz Upgrade to version: lodash-4.17.11 #796

Unreachable
CVE-2018-3721

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 6.5 Not Defined 0.1% lodash-0.10.0.tgz Upgrade to version: lodash 4.17.5 #796

Unreachable
CVE-2018-16487

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 5.6 Not Defined 0.1% lodash-0.10.0.tgz Upgrade to version: lodash 4.17.11 #796

Unreachable
CVE-2022-0436

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt/package.json

Dependency Hierarchy:

-> ❌ grunt-1.3.0.tgz (Vulnerable Library)

Medium 5.5 Not Defined 0.1% grunt-1.3.0.tgz Upgrade to version: grunt - 1.5.2 #788

Unreachable
CVE-2023-44270

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/postcss/package.json

Dependency Hierarchy:

-> grunt-autoprefixer-3.0.4.tgz (Root Library)

   -> ❌ postcss-4.1.16.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.1% postcss-4.1.16.tgz Upgrade to version: postcss - 8.4.31 #789

Unreachable
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/async/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> async-2.6.3.tgz

     -> ❌ lodash-4.17.20.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% lodash-4.17.20.tgz Upgrade to version: lodash - 4.17.21 #796

Unreachable
CVE-2020-28500

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/grunt-bower-task/node_modules/lodash/package.json

Dependency Hierarchy:

-> grunt-bower-task-0.5.0.tgz (Root Library)

   -> ❌ lodash-0.10.0.tgz (Vulnerable Library)

Medium 5.3 Not Defined 0.2% lodash-0.10.0.tgz Upgrade to version: lodash - 4.17.21 #796

Unreachable

Total libraries scanned: 604
Scan token: 58174b30b1fc48b4b4a9f80e55f216c8
View more details on Mend for GitHub.com