Skip to content

Merge pull request #50 from JoshRDemo/revert-18-whitesource-remediate…

Mend for GitHub.com / Mend Security Check failed Jan 19, 2024 in 2m 15s

Security Report

The Security Check found 53 vulnerabilities.

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue
MSC-2023-16609

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> ❌ fsevents-1.2.9.tgz (Vulnerable Library)

Critical 9.8 High fsevents-1.2.9.tgz #4
CVE-2023-45311

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> ❌ fsevents-1.2.9.tgz (Vulnerable Library)

Critical 9.8 fsevents-1.2.9.tgz Upgrade to version: fsevents - 1.2.11 #4
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> optimist-0.6.1.tgz

     -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Critical 9.8 0.4% minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #4
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> rc-1.2.8.tgz

             -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Critical 9.8 0.4% minimist-1.2.0.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #4
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> mkdirp-0.5.1.tgz

             -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Critical 9.8 0.4% minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #4
CVE-2021-44906

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> prettyjson-1.2.1.tgz

     -> ❌ minimist-1.2.5.tgz (Vulnerable Library)

Critical 9.8 0.4% minimist-1.2.5.tgz Upgrade to version: minimist - 0.2.4,1.2.6 #4
CVE-2021-23440

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> braces-2.3.2.tgz

         -> snapdragon-0.8.2.tgz

           -> base-0.11.2.tgz

             -> cache-base-1.0.1.tgz

               -> ❌ set-value-2.0.0.tgz (Vulnerable Library)

Critical 9.8 6.7000003% set-value-2.0.0.tgz Upgrade to version: set-value - 2.0.1,4.0.1 #4
CVE-2021-23440

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> braces-2.3.2.tgz

         -> snapdragon-0.8.2.tgz

           -> base-0.11.2.tgz

             -> cache-base-1.0.1.tgz

               -> union-value-1.0.0.tgz

                 -> ❌ set-value-0.4.3.tgz (Vulnerable Library)

Critical 9.8 6.7000003% set-value-0.4.3.tgz Upgrade to version: set-value - 2.0.1,4.0.1 #4
CVE-2020-7788

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> rc-1.2.8.tgz

             -> ❌ ini-1.3.5.tgz (Vulnerable Library)

Critical 9.8 0.5% ini-1.3.5.tgz Upgrade to version: v1.3.6 #4
CVE-2020-7774

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> nconf-0.10.0.tgz

     -> yargs-3.32.0.tgz

       -> ❌ y18n-3.2.1.tgz (Vulnerable Library)

Critical 9.8 44.3% y18n-3.2.1.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 #4
CVE-2020-7610

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> mongodb-2.2.36.tgz (Root Library)

   -> mongodb-core-2.1.20.tgz

     -> ❌ bson-1.0.9.tgz (Vulnerable Library)

Critical 9.8 0.3% bson-1.0.9.tgz Upgrade to version: bson - 1.1.4 #6
CVE-2019-10747

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> braces-2.3.2.tgz

         -> snapdragon-0.8.2.tgz

           -> base-0.11.2.tgz

             -> cache-base-1.0.1.tgz

               -> union-value-1.0.0.tgz

                 -> ❌ set-value-0.4.3.tgz (Vulnerable Library)

Critical 9.8 0.4% set-value-0.4.3.tgz Upgrade to version: 2.0.1,3.0.1 #4
CVE-2019-10747

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> braces-2.3.2.tgz

         -> snapdragon-0.8.2.tgz

           -> base-0.11.2.tgz

             -> cache-base-1.0.1.tgz

               -> ❌ set-value-2.0.0.tgz (Vulnerable Library)

Critical 9.8 0.4% set-value-2.0.0.tgz Upgrade to version: 2.0.1,3.0.1 #4
CVE-2019-10746

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> braces-2.3.2.tgz

         -> snapdragon-0.8.2.tgz

           -> base-0.11.2.tgz

             -> ❌ mixin-deep-1.3.1.tgz (Vulnerable Library)

Critical 9.8 0.3% mixin-deep-1.3.1.tgz Upgrade to version: 1.3.2,2.0.1 #4
CVE-2021-37713

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.8.tgz (Vulnerable Library)

High 8.6 0.1% tar-4.4.8.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 #4
CVE-2021-37712

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.8.tgz (Vulnerable Library)

High 8.6 0.1% tar-4.4.8.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 #4
CVE-2021-37701

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.8.tgz (Vulnerable Library)

High 8.6 0.1% tar-4.4.8.tgz Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 #4
CVE-2021-32804

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.8.tgz (Vulnerable Library)

High 8.1 1.7% tar-4.4.8.tgz Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1 #4
CVE-2021-32803

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ tar-4.4.8.tgz (Vulnerable Library)

High 8.1 0.9% tar-4.4.8.tgz Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 #4
WS-2018-0148

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> broadway-0.3.6.tgz

       -> ❌ utile-0.2.1.tgz (Vulnerable Library)

High 7.5 utile-0.2.1.tgz Upgrade to version: JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03 #4
WS-2018-0148

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> ❌ utile-0.3.0.tgz (Vulnerable Library)

High 7.5 utile-0.3.0.tgz Upgrade to version: JetBrains.Rider.Frontend5 - 213.0.20211008.154703-eap03 #4
CVE-2022-38900

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> braces-2.3.2.tgz

         -> snapdragon-0.8.2.tgz

           -> source-map-resolve-0.5.2.tgz

             -> ❌ decode-uri-component-0.2.0.tgz (Vulnerable Library)

High 7.5 0.1% decode-uri-component-0.2.0.tgz Upgrade to version: decode-uri-component - 0.2.1 #4
CVE-2022-3517

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> ❌ minimatch-3.0.4.tgz (Vulnerable Library)

High 7.5 0.1% minimatch-3.0.4.tgz Upgrade to version: minimatch - 3.0.5 #4
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> mongodb-2.2.36.tgz (Root Library)

   -> mongodb-core-2.1.20.tgz

     -> require_optional-1.0.1.tgz

       -> ❌ semver-5.6.0.tgz (Vulnerable Library)

High 7.5 0.1% semver-5.6.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #6
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> ❌ semver-5.7.0.tgz (Vulnerable Library)

High 7.5 0.1% semver-5.7.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 #4
CVE-2022-24999

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> body-parser-1.18.3.tgz (Root Library)

   -> ❌ qs-6.5.2.tgz (Vulnerable Library)

High 7.5 0.4% qs-6.5.2.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #9
CVE-2022-21803

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> ❌ nconf-0.10.0.tgz (Vulnerable Library)

High 7.5 0.1% nconf-0.10.0.tgz Upgrade to version: nconf - 0.11.4 #4
CVE-2022-21803

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> broadway-0.3.6.tgz

       -> ❌ nconf-0.6.9.tgz (Vulnerable Library)

High 7.5 0.1% nconf-0.6.9.tgz Upgrade to version: nconf - 0.11.4 #4
CVE-2022-21681

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

High 7.5 0.1% marked-0.3.5.tgz Upgrade to version: marked - 4.0.10 #3
CVE-2022-21680

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

High 7.5 0.1% marked-0.3.5.tgz Upgrade to version: marked - 4.0.10 #3
CVE-2021-3820

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> utile-0.3.0.tgz

     -> ❌ i-0.3.6.tgz (Vulnerable Library)

High 7.5 0.1% i-0.3.6.tgz Upgrade to version: i - 0.3.7 #4
CVE-2020-28469

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> ❌ glob-parent-3.1.0.tgz (Vulnerable Library)

High 7.5 1.1% glob-parent-3.1.0.tgz Upgrade to version: glob-parent - 5.1.2 #4
CVE-2019-20149

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> readdirp-2.2.1.tgz

         -> micromatch-3.1.10.tgz

           -> ❌ kind-of-6.0.2.tgz (Vulnerable Library)

High 7.5 0.1% kind-of-6.0.2.tgz Upgrade to version: 6.0.3 #4
CVE-2017-20165

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> helmet-2.3.0.tgz (Root Library)

   -> connect-3.4.1.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

High 7.5 0.2% debug-2.2.0.tgz Upgrade to version: debug - 2.6.9,3.1.0 #8
CVE-2021-23358

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ underscore-1.9.1.tgz (Vulnerable Library)

High 7.2 0.4% underscore-1.9.1.tgz Upgrade to version: underscore - 1.12.1,1.13.0-2 #5
WS-2018-0031

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

High 7.1 marked-0.3.5.tgz Upgrade to version: 0.3.6 #3
WS-2019-0311

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ mongodb-2.2.36.tgz (Vulnerable Library)

Medium 6.5 mongodb-2.2.36.tgz Upgrade to version: mongodb - 3.1.13 #6
WS-2019-0289

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> helmet-2.3.0.tgz (Root Library)

   -> ❌ helmet-csp-1.2.2.tgz (Vulnerable Library)

Medium 6.1 helmet-csp-1.2.2.tgz Upgrade to version: 2.9.1 #8
WS-2019-0026

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 6.1 marked-0.3.5.tgz Upgrade to version: 0.3.9 #3
WS-2019-0025

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 6.1 marked-0.3.5.tgz Upgrade to version: 0.3.9 #3
WS-2020-0163

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 5.9 marked-0.3.5.tgz Upgrade to version: marked - 1.1.1 #3
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> optimist-0.6.1.tgz

     -> ❌ minimist-0.0.10.tgz (Vulnerable Library)

Medium 5.6 0.1% minimist-0.0.10.tgz Upgrade to version: minimist - 0.2.1,1.2.3 #4
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> mkdirp-0.5.1.tgz

             -> ❌ minimist-0.0.8.tgz (Vulnerable Library)

Medium 5.6 0.1% minimist-0.0.8.tgz Upgrade to version: minimist - 0.2.1,1.2.3 #4
CVE-2020-7598

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> forever-2.0.0.tgz (Root Library)

   -> forever-monitor-2.0.0.tgz

     -> chokidar-2.1.8.tgz

       -> fsevents-1.2.9.tgz

         -> node-pre-gyp-0.12.0.tgz

           -> rc-1.2.8.tgz

             -> ❌ minimist-1.2.0.tgz (Vulnerable Library)

Medium 5.6 0.1% minimist-1.2.0.tgz Upgrade to version: minimist - 0.2.1,1.2.3 #4
CVE-2017-16137

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> helmet-2.3.0.tgz (Root Library)

   -> connect-3.4.1.tgz

     -> ❌ debug-2.2.0.tgz (Vulnerable Library)

Medium 5.5 0.3% debug-2.2.0.tgz Upgrade to version: 2.6.9 #8
CVE-2017-16114

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 5.5 0.1% marked-0.3.5.tgz Upgrade to version: 0.3.9 #3
CVE-2016-10531

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 5.5 0.1% marked-0.3.5.tgz Upgrade to version: 0.3.6 #3
CVE-2015-8858

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> swig-1.4.2.tgz (Root Library)

   -> ❌ uglify-js-2.4.24.tgz (Vulnerable Library)

Medium 5.5 0.3% uglify-js-2.4.24.tgz Upgrade to version: v2.6.0 #7
CVE-2019-2391

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> mongodb-2.2.36.tgz (Root Library)

   -> mongodb-core-2.1.20.tgz

     -> ❌ bson-1.0.9.tgz (Vulnerable Library)

Medium 5.4 0.1% bson-1.0.9.tgz Upgrade to version: bson - 1.1.4 #6
WS-2019-0027

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 5.3 marked-0.3.5.tgz Upgrade to version: 0.3.18 #3
WS-2018-0628

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Medium 5.3 marked-0.3.5.tgz Upgrade to version: marked - 0.4.0 #3
CVE-2017-20162

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> helmet-2.3.0.tgz (Root Library)

   -> connect-3.4.1.tgz

     -> debug-2.2.0.tgz

       -> ❌ ms-0.7.1.tgz (Vulnerable Library)

Medium 5.3 0.1% ms-0.7.1.tgz Upgrade to version: ms - 2.0.0 #8
CVE-2017-1000427

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> ❌ marked-0.3.5.tgz (Vulnerable Library)

Low 3.7 0.1% marked-0.3.5.tgz Upgrade to version: 0.3.7 #3

Total libraries scanned: 379
Scan token: df90a686e0484c8b991645709ee45351