[Snyk] Security upgrade botbuilder from 4.5.3 to 4.17.1 #36

Security Report

12 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2021-44906 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> migrate-1.6.2.tgz (Root Library) -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library)	Critical	9.8	minimist-0.0.8.tgz	Upgrade to version: minimist - 0.2.4,1.2.6	None
CVE-2023-43646 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> nock-10.0.6.tgz -> chai-4.2.0.tgz -> ❌ get-func-name-2.0.0.tgz (Vulnerable Library)	High	8.6	get-func-name-2.0.0.tgz	Upgrade to version: get-func-name - 2.0.1,3.0.0	None
WS-2023-0439 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ axios-0.18.1.tgz (Vulnerable Library)	High	7.5	axios-0.18.1.tgz	Upgrade to version: axios - 1.6.3,0.20.0	None
CVE-2023-26159 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)	High	7.3	follow-redirects-1.5.10.tgz	Upgrade to version: follow-redirects - 1.15.4	None
CVE-2024-28849 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)	Medium	6.5	follow-redirects-1.5.10.tgz	Upgrade to version: follow-redirects - 1.15.6	None
CVE-2023-45857 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ axios-0.18.1.tgz (Vulnerable Library)	Medium	6.5	axios-0.18.1.tgz	Upgrade to version: axios - 1.6.0	None
CVE-2022-0155 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)	Medium	6.5	follow-redirects-1.5.10.tgz	Upgrade to version: follow-redirects - v1.14.7	None
CVE-2020-7751 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> nock-10.0.6.tgz -> chai-4.2.0.tgz -> ❌ pathval-1.1.0.tgz (Vulnerable Library)	Medium	6.0	pathval-1.1.0.tgz	Upgrade to version: pathval - 1.1.1	None
CVE-2020-28168 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ axios-0.18.1.tgz (Vulnerable Library)	Medium	5.9	axios-0.18.1.tgz	Upgrade to version: axios - 0.21.1	None
CVE-2020-7598 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> migrate-1.6.2.tgz (Root Library) -> mkdirp-0.5.1.tgz -> ❌ minimist-0.0.8.tgz (Vulnerable Library)	Medium	5.6	minimist-0.0.8.tgz	Upgrade to version: minimist - 0.2.1,1.2.3	None
CVE-2023-0842 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> ❌ xml2js-0.4.22.tgz (Vulnerable Library)	Medium	5.3	xml2js-0.4.22.tgz	Upgrade to version: xml2js - 0.5.0	None
CVE-2022-0536 Path to dependency file: /package.json Path to vulnerable library: /package.json Dependency Hierarchy: -> botbuilder-adapter-facebook-erxes-1.0.5.tgz (Root Library) -> botkit-4.5.0.tgz -> botframework-connector-4.5.3.tgz -> ms-rest-js-1.2.6.tgz -> axios-0.18.1.tgz -> ❌ follow-redirects-1.5.10.tgz (Vulnerable Library)	Low	2.6	follow-redirects-1.5.10.tgz	Upgrade to version: follow-redirects - 1.14.8	None

Base branch total remaining vulnerabilities: 98
Base branch commit: null

Total libraries scanned: 659

Scan token: bdbb6a4a18cc413bb6e00ca49778755f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade botbuilder from 4.5.3 to 4.17.1 #36

[Snyk] Security upgrade botbuilder from 4.5.3 to 4.17.1 #36

Security Report

Re-running checks...

[Snyk] Security upgrade botbuilder from 4.5.3 to 4.17.1 #36

Are you sure you want to change the base?

fix: package.json & yarn.lock to reduce vulnerabilities

[Snyk] Security upgrade botbuilder from 4.5.3 to 4.17.1 #36

Security Report

Re-running checks...