Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency html-loader to v1 #284

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency html-loader to v1

96ddae4
Select commit
Loading
Failed to load commit list.
Open

Update dependency html-loader to v1 #284

Update dependency html-loader to v1
96ddae4
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jun 20, 2023 in 2h 18m 32s

Security Report

You have successfully remediated 142 vulnerabilities, but introduced 4 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-2471

Path to dependency file: /nifi-registry/nifi-registry-core/nifi-registry-test/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/mysql/mysql-connector-java/8.0.15/mysql-connector-java-8.0.15.jar

Dependency Hierarchy:

-> ❌ mysql-connector-java-8.0.15.jar (Vulnerable Library)

Medium 5.9 mysql-connector-java-8.0.15.jar Upgrade to version: mysql:mysql-connector-java:8.0.27 None
CVE-2023-2976

Path to dependency file: /nifi-toolkit/nifi-toolkit-zookeeper-migrator/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/28.0-jre/guava-28.0-jre.jar

Dependency Hierarchy:

-> ❌ guava-28.0-jre.jar (Vulnerable Library)

Medium 5.5 guava-28.0-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-jre,com.google.guava:guava:32.0.1-android None
CVE-2023-2976

Path to dependency file: /nifi-nar-bundles/nifi-azure-bundle/nifi-azure-processors/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar,/home/wss-scanner/.m2/repository/com/google/guava/guava/27.0.1-jre/guava-27.0.1-jre.jar

Dependency Hierarchy:

-> ❌ guava-27.0.1-jre.jar (Vulnerable Library)

Medium 5.5 guava-27.0.1-jre.jar Upgrade to version: com.google.guava:guava:32.0.1-jre,com.google.guava:guava:32.0.1-android None
CVE-2023-33264

Path to dependency file: /nifi-nar-bundles/nifi-hazelcast-bundle/nifi-hazelcast-services/pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/com/hazelcast/hazelcast/4.2/hazelcast-4.2.jar

Dependency Hierarchy:

-> ❌ hazelcast-4.2.jar (Vulnerable Library)

Medium 4.3 hazelcast-4.2.jar Upgrade to version: com.hazelcast:hazelcast:5.1.6,5.3.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2016-10735 bootstrap-3.3.1.min.js
CVE-2021-23362 hosted-git-info-2.6.0.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2021-32803 tar-2.2.2.tgz
CVE-2021-23495 karma-5.0.4.tgz
CVE-2021-3807 ansi-regex-4.1.0.tgz
CVE-2018-11696 node-sass-4.13.1.tgz
CVE-2022-0512 url-parse-1.4.7.tgz
CVE-2022-0639 url-parse-1.4.7.tgz
CVE-2022-0122 node-forge-0.9.0.tgz
CVE-2022-0536 follow-redirects-1.7.0.tgz
CVE-2021-3918 json-schema-0.2.3.tgz
CVE-2021-27290 ssri-7.1.0.tgz
CVE-2022-24999 qs-6.5.2.tgz
CVE-2020-15168 node-fetch-2.3.0.tgz
CVE-2020-7774 y18n-4.0.0.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2018-20677 bootstrap-3.3.1.min.js
CVE-2018-19838 node-sass-4.13.1.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2021-23343 path-parse-1.0.6.tgz
CVE-2018-20821 node-sass-4.13.1.tgz
CVE-2020-36049 socket.io-parser-3.2.0.tgz
CVE-2018-11694 node-sass-4.13.1.tgz
CVE-2020-8203 lodash-4.17.18.tgz
CVE-2015-9251 jquery-1.10.2.min.js
CVE-2022-0155 follow-redirects-1.7.0.tgz
CVE-2021-23413 jszip-3.1.5.tgz
CVE-2018-19837 node-sass-4.13.1.tgz
CVE-2020-7720 node-forge-0.9.0.tgz
CVE-2021-37701 tar-2.2.2.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2022-48285 jszip-3.1.5.tgz
CVE-2021-37701 tar-4.4.8.tgz
CVE-2022-46175 json5-1.0.1.tgz
CVE-2021-29060 color-string-1.5.3.tgz
CVE-2022-46175 json5-0.5.1.tgz
CVE-2022-24066 simple-git-1.113.0.tgz
CVE-2022-0437 karma-5.0.4.tgz
CVE-2021-23337 lodash-4.17.18.tgz
CVE-2018-20190 node-sass-4.13.1.tgz
CVE-2021-41183 jquery-ui-1.12.1.js
CVE-2020-7707 property-expr-1.5.1.tgz
CVE-2021-27290 ssri-6.0.1.tgz
CVE-2022-38900 decode-uri-component-0.2.0.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-8116 dot-prop-4.2.0.tgz
CVE-2019-18797 node-sass-4.13.1.tgz
CVE-2021-41184 jquery-ui-1.12.1.js
CVE-2020-15366 ajv-6.10.0.tgz
CVE-2019-8331 bootstrap-3.3.1.min.js
CVE-2018-19839 node-sass-4.13.1.tgz
CVE-2019-6286 node-sass-4.13.1.tgz
CVE-2021-29059 is-svg-3.0.0.tgz
CVE-2021-3807 ansi-regex-5.0.0.tgz
CVE-2020-7774 y18n-3.2.1.tgz
CVE-2020-28498 elliptic-6.4.1.tgz
CVE-2018-14040 bootstrap-3.3.1.min.js
CVE-2021-33623 trim-newlines-3.0.0.tgz
CVE-2021-27515 url-parse-1.4.7.tgz
CVE-2020-36048 engine.io-3.2.1.tgz
CVE-2020-13822 elliptic-6.4.1.tgz
CVE-2021-23364 browserslist-4.5.5.tgz
CVE-2020-24025 node-sass-4.13.1.tgz
CVE-2019-6284 node-sass-4.13.1.tgz
CVE-2022-31160 jquery-ui-1.12.1.js
CVE-2022-21704 log4js-4.5.1.tgz
CVE-2019-11358 jquery-1.12.4.js
CVE-2022-24772 node-forge-0.9.0.tgz
CVE-2018-11698 node-sass-4.13.1.tgz
CVE-2023-28155 request-2.88.2.tgz
CVE-2018-19827 node-sass-4.13.1.tgz
CVE-2022-37598 uglify-js-3.4.10.tgz
CVE-2019-6283 node-sass-4.13.1.tgz
CVE-2021-23364 browserslist-4.12.0.tgz
CVE-2021-23368 postcss-7.0.29.tgz
CVE-2015-9251 jquery-1.12.4.js
CVE-2022-24773 node-forge-0.9.0.tgz
CVE-2022-25858 terser-4.5.1.tgz
CVE-2022-0691 url-parse-1.4.7.tgz
CVE-2021-3664 url-parse-1.4.7.tgz
CVE-2021-23368 postcss-7.0.14.tgz
CVE-2020-7788 ini-1.3.5.tgz
CVE-2021-27292 ua-parser-js-0.7.21.tgz
CVE-2020-7793 ua-parser-js-0.7.21.tgz
WS-2019-0424 elliptic-6.4.1.tgz
CVE-2018-14042 bootstrap-3.3.1.min.js
CVE-2022-46175 json5-2.1.0.tgz
CVE-2020-7753 trim-0.0.1.tgz
CVE-2021-37712 tar-4.4.8.tgz
CVE-2022-1650 eventsource-1.0.7.tgz
CVE-2020-28481 socket.io-2.1.1.tgz
CVE-2022-37601 loader-utils-0.2.17.tgz
CVE-2021-41182 jquery-ui-1.12.1.js
CVE-2018-11499 node-sass-4.13.1.tgz
WS-2022-0008 node-forge-0.9.0.tgz
WS-2021-0152 color-string-1.5.3.tgz
CVE-2022-25758 scss-tokenizer-0.2.3.tgz
CVE-2018-20676 bootstrap-3.3.1.min.js
CVE-2020-28500 lodash-4.17.18.tgz
CVE-2022-0235 node-fetch-2.3.0.tgz
CVE-2021-28092 is-svg-3.0.0.tgz
CVE-2021-3803 nth-check-1.0.2.tgz
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2023-28155 request-2.87.0.tgz
CVE-2023-0842 xml2js-0.4.19.tgz
CVE-2020-11022 jquery-1.10.2.min.js
CVE-2021-37713 tar-4.4.8.tgz
CVE-2020-15366 ajv-6.10.2.tgz
CVE-2022-0686 url-parse-1.4.7.tgz
WS-2019-0427 elliptic-6.4.1.tgz
CVE-2019-11358 jquery-1.10.2.min.js
CVE-2021-23382 postcss-7.0.29.tgz
CVE-2022-37603 loader-utils-1.2.3.tgz
CVE-2022-24433 simple-git-1.113.0.tgz
CVE-2018-19797 node-sass-4.13.1.tgz
CVE-2020-7660 serialize-javascript-2.1.2.tgz
WS-2020-0443 socket.io-2.1.1.tgz
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-32804 tar-4.4.8.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.5.tgz
CVE-2020-28469 glob-parent-3.1.0.tgz
CVE-2022-24771 node-forge-0.9.0.tgz
CVE-2021-23382 postcss-7.0.14.tgz
CVE-2020-15366 ajv-6.12.2.tgz
CVE-2021-3807 ansi-regex-3.0.0.tgz
CVE-2021-37712 tar-2.2.2.tgz
CVE-2022-25912 simple-git-1.113.0.tgz
CVE-2020-7733 ua-parser-js-0.7.21.tgz
CVE-2018-11697 node-sass-4.13.1.tgz
CVE-2021-37713 tar-2.2.2.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2020-28469 glob-parent-5.1.1.tgz
CVE-2022-37620 html-minifier-3.5.21.tgz
CVE-2021-32803 tar-4.4.8.tgz
CVE-2021-32804 tar-2.2.2.tgz
CVE-2022-37601 loader-utils-1.2.3.tgz
CVE-2020-11022 jquery-1.12.4.js
CVE-2022-46175 json5-2.1.3.tgz
CVE-2022-3517 minimatch-3.0.4.tgz
CVE-2022-41940 engine.io-3.2.1.tgz

Base branch total remaining vulnerabilities: 250
Base branch commit: d9bab7423d2f0a27e478e0a225fccf352baa0cf2


Total libraries scanned: 606

Scan token: f1c40e38b69e49c18f2226fc1095349f

View more details on Mend for GitHub.com