Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⬆️ Updates eslint-plugin-github to v5 #642

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

:arrow_up: Updates eslint-plugin-github to v5

c149b04
Select commit
Loading
Failed to load commit list.
Open

⬆️ Updates eslint-plugin-github to v5 #642

:arrow_up: Updates eslint-plugin-github to v5
c149b04
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Jun 5, 2024 in 5m 38s

Security Report

You have successfully remediated 59 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/qs/package.json

Dependency Hierarchy:

-> ❌ qs-6.9.6.tgz (Vulnerable Library)

High 7.5 qs-6.9.6.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #611

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-37712 tar-6.1.0.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2022-25851 jpeg-js-0.4.3.tgz
CVE-2024-29415 ip-1.1.5.tgz
CVE-2021-37701 tar-4.4.13.tgz
CVE-2023-26136 tough-cookie-2.4.3.tgz
CVE-2021-32804 tar-6.1.0.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2022-29244 npm-6.14.11.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2021-32804 tar-4.4.13.tgz
CVE-2020-28500 lodash-4.17.20.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2021-33502 normalize-url-5.3.0.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2021-27290 ssri-6.0.1.tgz
CVE-2023-26136 tough-cookie-3.0.1.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2012-6708 jquery-1.8.1.min.js
CVE-2020-7656 jquery-1.8.1.min.js
CVE-2022-25883 semver-6.3.0.tgz
CVE-2023-26136 tough-cookie-2.5.0.tgz
CVE-2021-32803 tar-6.1.0.tgz
CVE-2021-3807 ansi-regex-5.0.0.tgz
CVE-2021-3795 semver-regex-3.1.2.tgz
CVE-2022-31051 semantic-release-17.3.9.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2021-23362 hosted-git-info-2.8.8.tgz
CVE-2021-23364 browserslist-4.16.3.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
CVE-2022-37598 uglify-js-3.12.8.tgz
CVE-2021-37701 tar-6.1.0.tgz
CVE-2021-43307 semver-regex-3.1.2.tgz
CVE-2024-28863 tar-4.4.13.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2021-23337 lodash-4.17.20.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
CVE-2020-28469 glob-parent-5.1.1.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2022-33987 got-6.7.1.tgz
CVE-2023-28155 request-2.88.0.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2020-11023 jquery-1.8.1.min.js
CVE-2021-32640 ws-7.4.3.tgz
CVE-2021-37713 tar-6.1.0.tgz
CVE-2024-28863 tar-6.1.0.tgz
CVE-2020-28499 merge-1.2.1.tgz
CVE-2022-25883 semver-7.0.0.tgz
CVE-2021-37712 tar-4.4.13.tgz
CVE-2021-32803 tar-4.4.13.tgz
CVE-2021-3777 tmpl-1.0.4.tgz
CVE-2015-9251 jquery-1.8.1.min.js
CVE-2021-37713 tar-4.4.13.tgz
CVE-2023-42282 ip-1.1.5.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2020-11022 jquery-1.8.1.min.js
CVE-2021-23425 trim-off-newlines-1.0.1.tgz

Base branch total remaining vulnerabilities: 61
Base branch commit: null


Total libraries scanned: 7

Scan token: c2092798b4694a5b949bf2560396dda1

View more details on Mend Bolt for GitHub