Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Apiiro] Apiiro SCA OSS Vulnerabilities - Critical Severity · Critical Risk #299

Closed
AhmedThebaSecurrency opened this issue May 8, 2024 · 0 comments
Closed

[Apiiro] Apiiro SCA OSS Vulnerabilities - Critical Severity · Critical Risk #299

AhmedThebaSecurrency opened this issue May 8, 2024 · 0 comments

Comments

@AhmedThebaSecurrency
Copy link

Please investigate if we can update

Discovered on: Mar 07, 2024 12:30
Dependency: webpack
Version: 5.75.0
Type: Sub dependency
Introduced through:

  • @docusaurus/core: 2.3.1 > webpack: 5.75.0
  • @docusaurus/core: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > webpack: 5.75.0
  • @docusaurus/core: 2.3.1 > @docusaurus/mdx-loader: 2.3.1 > webpack: 5.75.0
  • @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-blog: 2.3.1 > webpack: 5.75.0
  • @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-docs: 2.3.1 > webpack: 5.75.0
  • @docusaurus/preset-classic: 2.3.1 > @docusaurus/plugin-content-pages: 2.3.1 > webpack: 5.75.0
  • @docusaurus/module-type-aliases: 2.3.1 > @docusaurus/types: 2.3.1 > webpack: 5.75.0
  • @docusaurus/module-type-aliases: 2.3.1 > @docusaurus/types: 2.3.1 > webpack: 5.75.0
  • @docusaurus/module-type-aliases: 2.3.1 > @docusaurus/types: 2.3.1 > webpack: 5.75.0

Vulnerabilities

About this package:

External dependency: webpack - https://www.npmjs.com/package/webpack
Package details: Packs CommonJs/AMD modules for the browser. Allows to split your codebase into multiple bundles, which can be loaded on demand. Support loaders to preprocess files, i.e. json, jsx, es7, css, less, ... and your custom stuff.
Latest version: 5.91.0
License: MIT
Insights:

  • Adequately tested - Testing practices are thoroughly followed
  • Backed by foundation - This package is backed by a respected OSS foundation and adheres to its maintenance standards
  • Frequent commits - New code commits are frequently being pushed
  • Popularity - This package has many weekly downloads and high popularity scores
  • Has vulnerabilities - One or more vulnerabilities have been reported for this package
  • Public repository - This is a repository accessible by the general public

Remediation

Recommended fix version: 5.76.0
Upgrading will fix all current vulnerabilities.
✅ No known vulnerabilities for the recommended version.

This is a sub-dependency

In order to update its version, you may need to upgrade the following top-level dependencies:

View in Apiiro
@divyanshub024 divyanshub024 mentioned this issue Jun 3, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@divyanshub024 @AhmedThebaSecurrency