Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade express from 4.17.1 to 4.19.2 #24

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

fix: package.json & yarn.lock to reduce vulnerabilities

07e973d
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade express from 4.17.1 to 4.19.2 #24

fix: package.json & yarn.lock to reduce vulnerabilities
07e973d
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Mar 27, 2024 in 1m 0s

Security Report

12 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> migrate-1.6.2.tgz (Root Library)

   -> mkdirp-0.5.1.tgz

     -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.4,1.2.6 None
CVE-2023-43646

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> nock-10.0.6.tgz

       -> chai-4.2.0.tgz

         -> ❌ get-func-name-2.0.0.tgz (Vulnerable Library)

High 7.5 get-func-name-2.0.0.tgz Upgrade to version: get-func-name - 2.0.1,3.0.0 None
CVE-2020-7751

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> nock-10.0.6.tgz

       -> chai-4.2.0.tgz

         -> ❌ pathval-1.1.0.tgz (Vulnerable Library)

High 7.2 pathval-1.1.0.tgz Upgrade to version: pathval - 1.1.1 None
CVE-2024-28849

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> axios-0.18.1.tgz

         -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)

Medium 6.5 follow-redirects-1.5.10.tgz Upgrade to version: follow-redirects - 1.15.6 None
CVE-2023-45857

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> ❌ axios-0.18.1.tgz (Vulnerable Library)

Medium 6.5 axios-0.18.1.tgz Upgrade to version: axios - 1.6.0 None
CVE-2022-0155

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> axios-0.18.1.tgz

         -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)

Medium 6.5 follow-redirects-1.5.10.tgz Upgrade to version: follow-redirects - v1.14.7 None
CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library)

   -> botkit-4.5.0.tgz

     -> ❌ express-4.17.1.tgz (Vulnerable Library)

Medium 6.1 express-4.17.1.tgz Upgrade to version: express - 4.19.0 None
CVE-2023-26159

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> axios-0.18.1.tgz

         -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)

Medium 6.1 follow-redirects-1.5.10.tgz Upgrade to version: follow-redirects - 1.15.4 None
CVE-2022-0536

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> axios-0.18.1.tgz

         -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)

Medium 5.9 follow-redirects-1.5.10.tgz Upgrade to version: follow-redirects - 1.14.8 None
CVE-2020-28168

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> ❌ axios-0.18.1.tgz (Vulnerable Library)

Medium 5.9 axios-0.18.1.tgz Upgrade to version: axios - 0.21.1 None
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> migrate-1.6.2.tgz (Root Library)

   -> mkdirp-0.5.1.tgz

     -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Medium 5.6 minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.1,1.2.3 None
CVE-2023-0842

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> botbuilder-4.5.3.tgz (Root Library)

   -> botframework-connector-4.5.3.tgz

     -> ms-rest-js-1.2.6.tgz

       -> ❌ xml2js-0.4.22.tgz (Vulnerable Library)

Medium 5.3 xml2js-0.4.22.tgz Upgrade to version: xml2js - 0.5.0 None

Base branch total remaining vulnerabilities: 84
Base branch commit: null


Total libraries scanned: 582

Scan token: f6dd7f4a5210412ea4b7302baa15ea82

View more details on Mend Bolt for GitHub