Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade apollo-server-express from 2.10.1 to 3.13.0 #68

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & yarn.lock to reduce vulnerabilities

fb579bf
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade apollo-server-express from 2.10.1 to 3.13.0 #68

fix: package.json & yarn.lock to reduce vulnerabilities
fb579bf
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Sep 11, 2024 in 1m 14s

Security Report

You have successfully remediated 16 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-29483

Path to dependency file: /elkSyncer/requirements.txt

Path to vulnerable library: /elkSyncer/requirements.txt

Dependency Hierarchy:

-> mongo_connector-3.1.1-py2.py3-none-any.whl (Root Library)

   -> pymongo-4.7.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

     -> ❌ dnspython-2.3.0-py3-none-any.whl (Vulnerable Library)

High 7.0 dnspython-2.3.0-py3-none-any.whl Upgrade to version: dnspython - 2.6.0 None
CVE-2024-29041

Path to dependency file: /email-verifier/package.json

Path to vulnerable library: /email-verifier/package.json,/package.json,/engages-email-sender/package.json,/logger/package.json

Dependency Hierarchy:

-> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 6.1 express-4.17.1.tgz Upgrade to version: express - 4.19.0 None
CVE-2024-37891

Path to dependency file: /elkSyncer/requirements.txt

Path to vulnerable library: /elkSyncer/requirements.txt

Dependency Hierarchy:

-> elasticsearch-7.5.1-py2.py3-none-any.whl (Root Library)

   -> ❌ urllib3-2.0.7-py3-none-any.whl (Vulnerable Library)

Medium 4.4 urllib3-2.0.7-py3-none-any.whl Upgrade to version: urllib3 - 1.26.19,2.2.2 None
CVE-2024-5569

Path to dependency file: /elkSyncer/requirements.txt

Path to vulnerable library: /elkSyncer/requirements.txt

Dependency Hierarchy:

-> elastic2_doc_manager-1.0.0-py2.py3-none-any.whl (Root Library)

   -> importlib_metadata-6.7.0-py3-none-any.whl

     -> ❌ zipp-3.15.0-py3-none-any.whl (Vulnerable Library)

Low 3.3 zipp-3.15.0-py3-none-any.whl Upgrade to version: zipp - 3.19.1 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-32640 ws-5.2.2.tgz
CVE-2020-15256 object-path-0.11.4.tgz
CVE-2021-33502 normalize-url-3.3.0.tgz
CVE-2023-45803 urllib3-1.26.9-py2.py3-none-any.whl
CVE-2024-37890 ws-6.2.1.tgz
CVE-2024-37890 ws-5.2.2.tgz
WS-2020-0111 apollo-server-express-2.10.1.tgz
WS-2021-0418 apollo-server-core-2.10.1.tgz
CVE-2023-43804 urllib3-1.26.9-py2.py3-none-any.whl
CVE-2024-5629 pymongo-4.1.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-23434 object-path-0.11.4.tgz
WS-2020-0108 apollo-server-core-2.10.1.tgz
CVE-2021-41249 apollo-server-core-2.10.1.tgz
CVE-2021-3805 object-path-0.11.4.tgz
CVE-2024-37891 urllib3-1.26.9-py2.py3-none-any.whl

Base branch total remaining vulnerabilities: 149
Base branch commit: null


Total libraries scanned: 788

Scan token: cda175ece332414389931e5fa717dcd5

View more details on Mend Bolt for GitHub