[Snyk] Fix for 1 vulnerabilities #25
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
CVE-2021-44906Path to dependency file: /package.json Path to vulnerable library: /node_modules/mkdirp/node_modules/minimist/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> nock-10.0.6.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
 Critical |
9.8 | minimist-0.0.8.tgz | Upgrade to version: minimist - 0.2.4,1.2.6 | None |
CVE-2023-43646Path to dependency file: /package.json Path to vulnerable library: /node_modules/get-func-name/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> nock-10.0.6.tgz -> chai-4.2.0.tgz -> ❌ get-func-name-2.0.0.tgz (Vulnerable Library) |
 High |
7.5 | get-func-name-2.0.0.tgz | Upgrade to version: get-func-name - 2.0.1,3.0.0 | None |
CVE-2021-23337Path to dependency file: /package.json Path to vulnerable library: /node_modules/request-promise-core/node_modules/lodash/package.json Dependency Hierarchy: -> request-promise-4.2.6.tgz (Root Library) -> request-promise-core-1.1.4.tgz -> ❌ lodash-4.17.20.tgz (Vulnerable Library) |
High |
7.2 | lodash-4.17.20.tgz | Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 | None |
CVE-2020-7751Path to dependency file: /package.json Path to vulnerable library: /node_modules/pathval/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> nock-10.0.6.tgz -> chai-4.2.0.tgz -> ❌ pathval-1.1.0.tgz (Vulnerable Library) |
High |
7.2 | pathval-1.1.0.tgz | Upgrade to version: pathval - 1.1.1 | None |
CVE-2024-28849Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library) |
 Medium |
6.5 | follow-redirects-1.5.10.tgz | Upgrade to version: follow-redirects - 1.15.6 | None |
CVE-2023-45857Path to dependency file: /package.json Path to vulnerable library: /node_modules/axios/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ axios-0.18.1.tgz (Vulnerable Library) |
Medium |
6.5 | axios-0.18.1.tgz | Upgrade to version: axios - 1.6.0 | None |
CVE-2022-0155Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library) |
Medium |
6.5 | follow-redirects-1.5.10.tgz | Upgrade to version: follow-redirects - v1.14.7 | None |
CVE-2024-29041Path to dependency file: /package.json Path to vulnerable library: /node_modules/express/package.json Dependency Hierarchy: -> ❌ express-4.17.1.tgz (Vulnerable Library) |
Medium |
6.1 | express-4.17.1.tgz | Upgrade to version: express - 4.19.0 | None |
CVE-2023-26159Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library) |
Medium |
6.1 | follow-redirects-1.5.10.tgz | Upgrade to version: follow-redirects - 1.15.4 | None |
CVE-2022-0536Path to dependency file: /package.json Path to vulnerable library: /node_modules/follow-redirects/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library) |
Medium |
5.9 | follow-redirects-1.5.10.tgz | Upgrade to version: follow-redirects - 1.14.8 | None |
CVE-2020-28168Path to dependency file: /package.json Path to vulnerable library: /node_modules/axios/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ axios-0.18.1.tgz (Vulnerable Library) |
Medium |
5.9 | axios-0.18.1.tgz | Upgrade to version: axios - 0.21.1 | None |
CVE-2020-7598Path to dependency file: /package.json Path to vulnerable library: /node_modules/mkdirp/node_modules/minimist/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> nock-10.0.6.tgz -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library) |
Medium |
5.6 | minimist-0.0.8.tgz | Upgrade to version: minimist - 0.2.1,1.2.3 | None |
CVE-2023-0842Path to dependency file: /package.json Path to vulnerable library: /node_modules/xml2js/package.json Dependency Hierarchy: -> botbuilder-4.5.3.tgz (Root Library) -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ xml2js-0.4.22.tgz (Vulnerable Library) |
Medium |
5.3 | xml2js-0.4.22.tgz | Upgrade to version: xml2js - 0.5.0 | None |
CVE-2020-28500Path to dependency file: /package.json Path to vulnerable library: /node_modules/request-promise-core/node_modules/lodash/package.json Dependency Hierarchy: -> request-promise-4.2.6.tgz (Root Library) -> request-promise-core-1.1.4.tgz -> ❌ lodash-4.17.20.tgz (Vulnerable Library) |
Medium |
5.3 | lodash-4.17.20.tgz | Upgrade to version: lodash - 4.17.21 | None |
Base branch total remaining vulnerabilities: 84
Base branch commit: null
Total libraries scanned: 547
Scan token: 8127881d433e4887b3937ccfa265313c