-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable JavaScript dependencies reported by GitHub Enterprise #90
Comments
Updated the baseline with the required fixes. |
Vulnerabilities still outstanding. Vulnerabilities reported in frontend/package-lock.json |
Issues appear to have been addressed. |
Fix for wiremock server issue
Vulnerabilities that need to be addressed before production deployment.
Vulnerabilities reported in frontend/package-lock.json
kind-of - Known security vulnerability in 3.2.2 https://nvd.nist.gov/vuln/detail/CVE-2019-20149
object-path - Known security vulnerability in 0.11.4 https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
Vulnerabilities reported in frontend/yarn.lock
acorn - Known security vulnerability in 6.1.1 https://github.com/acornjs/acorn/issues/929
dot-prop - Known security vulnerability in 4.2.0 https://nvd.nist.gov/vuln/detail/CVE-2020-8116
elliptic - Known security vulnerability in 6.4.1 https://nvd.nist.gov/vuln/detail/CVE-2020-13822
handlebars - Known security vulnerability in 4.1.2 https://nvd.nist.gov/vuln/detail/CVE-2019-19919
http-proxy - Known security vulnerability in 1.17.0 https://github.com/http-party/node-http-proxy/pull/1447/files
kind-of - Known security vulnerability in 6.0.2 https://nvd.nist.gov/vuln/detail/CVE-2019-20149
lodash - Known security vulnerability in 4.17.11 https://nvd.nist.gov/vuln/detail/CVE-2020-8203
minimist - Known security vulnerability in 0.0.10 https://nvd.nist.gov/vuln/detail/CVE-2020-7598
node-forge - Known security vulnerability in 0.7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7720
serialize-javascript - Known security vulnerability in 1.7.0 https://nvd.nist.gov/vuln/detail/CVE-2020-7660
websocket-extensions - Known security vulnerability in 0.1.3 https://github.com/faye/websocket-extensions-node/security/advisories/GHSA-g78m-2chm-r7qv
yargs-parser - Known security vulnerability in 11.1.1 https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2
The text was updated successfully, but these errors were encountered: