Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade express from 4.17.1 to 4.20.0 #70

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & yarn.lock to reduce vulnerabilities

f33abbe
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade express from 4.17.1 to 4.20.0 #70

fix: package.json & yarn.lock to reduce vulnerabilities
f33abbe
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Sep 18, 2024 in 1m 10s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 3 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-29483

Path to dependency file: /elkSyncer/requirements.txt

Path to vulnerable library: /elkSyncer/requirements.txt

Dependency Hierarchy:

-> mongo_connector-3.1.1-py2.py3-none-any.whl (Root Library)

   -> pymongo-4.7.3-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

     -> ❌ dnspython-2.3.0-py3-none-any.whl (Vulnerable Library)

High 7.0 dnspython-2.3.0-py3-none-any.whl Upgrade to version: dnspython - 2.6.0 None
CVE-2024-37891

Path to dependency file: /elkSyncer/requirements.txt

Path to vulnerable library: /elkSyncer/requirements.txt

Dependency Hierarchy:

-> elasticsearch-7.5.1-py2.py3-none-any.whl (Root Library)

   -> ❌ urllib3-2.0.7-py3-none-any.whl (Vulnerable Library)

Medium 4.4 urllib3-2.0.7-py3-none-any.whl Upgrade to version: urllib3 - 1.26.19,2.2.2 None
CVE-2024-5569

Path to dependency file: /elkSyncer/requirements.txt

Path to vulnerable library: /elkSyncer/requirements.txt

Dependency Hierarchy:

-> elastic2_doc_manager-1.0.0-py2.py3-none-any.whl (Root Library)

   -> importlib_metadata-6.7.0-py3-none-any.whl

     -> ❌ zipp-3.15.0-py3-none-any.whl (Vulnerable Library)

Low 3.3 zipp-3.15.0-py3-none-any.whl Upgrade to version: zipp - 3.19.1 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-33502 normalize-url-3.3.0.tgz
CVE-2023-45803 urllib3-1.26.9-py2.py3-none-any.whl
CVE-2023-43804 urllib3-1.26.9-py2.py3-none-any.whl
CVE-2024-5629 pymongo-4.1.1-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
CVE-2024-37891 urllib3-1.26.9-py2.py3-none-any.whl

Base branch total remaining vulnerabilities: 154
Base branch commit: null


Total libraries scanned: 789

Scan token: eb0f50d3e079436e8ec70c0ef10c8fc9

View more details on Mend Bolt for GitHub