Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @azure/storage-blob from 12.2.1 to 12.18.0 #1230

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

fix: upgrade @azure/storage-blob from 12.2.1 to 12.18.0

d7f43b6
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Upgrade @azure/storage-blob from 12.2.1 to 12.18.0 #1230

fix: upgrade @azure/storage-blob from 12.2.1 to 12.18.0
d7f43b6
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 18, 2024 in 4m 48s

Security Report

You have successfully remediated 26 vulnerabilities, but introduced 2 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2018-1324

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.12/84caa68576e345eb5e7ae61a0e5a9229eb100d7b/commons-compress-1.12.jar

Dependency Hierarchy:

-> lint-gradle-27.1.0.jar (Root Library)

   -> sdk-common-27.1.0.jar

     -> sdklib-27.1.0.jar

       -> ❌ commons-compress-1.12.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.12.jar Upgrade to version: 1.16 #18
CVE-2018-11771

Path to dependency file: /packages/playwright-core/src/server/android/driver/app/build.gradle

Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.commons/commons-compress/1.12/84caa68576e345eb5e7ae61a0e5a9229eb100d7b/commons-compress-1.12.jar

Dependency Hierarchy:

-> lint-gradle-27.1.0.jar (Root Library)

   -> sdk-common-27.1.0.jar

     -> sdklib-27.1.0.jar

       -> ❌ commons-compress-1.12.jar (Vulnerable Library)

Medium 5.5 commons-compress-1.12.jar Upgrade to version: 1.18 #16

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-25881 http-cache-semantics-4.1.0.tgz
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2022-29247 electron-12.2.1.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-37603 loader-utils-2.0.0.tgz
CVE-2022-25883 semver-7.3.5.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2023-39956 electron-12.2.1.tgz
CVE-2023-44402 electron-12.2.1.tgz
CVE-2022-21718 electron-12.2.1.tgz
CVE-2022-33987 got-9.6.0.tgz
CVE-2023-0842 xml2js-0.4.23.tgz
CVE-2022-37603 loader-utils-1.4.0.tgz
CVE-2023-29198 electron-12.2.1.tgz
CVE-2023-44270 postcss-8.3.9.tgz
CVE-2022-37599 loader-utils-2.0.0.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2021-33502 normalize-url-4.5.0.tgz
CVE-2022-37601 loader-utils-2.0.0.tgz
CVE-2023-28154 webpack-5.68.0.tgz
CVE-2023-2968 proxy-1.0.2.tgz
CVE-2022-36077 electron-12.2.1.tgz
CVE-2023-26136 tough-cookie-4.0.0.tgz
CVE-2022-29257 electron-12.2.1.tgz
CVE-2022-25858 terser-5.10.0.tgz
CVE-2022-24999 qs-6.9.3.tgz

Base branch total remaining vulnerabilities: 69
Base branch commit: null


Total libraries scanned: 358

Scan token: b90a5071b8bc42aba96ce98872bffaa5

View more details on Mend Bolt for GitHub