Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency swagger-ui to v4 #16

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Update dependency swagger-ui to v4

35576bc
Select commit
Loading
Failed to load commit list.
Open

Update dependency swagger-ui to v4 #16

Update dependency swagger-ui to v4
35576bc
Select commit
Loading
Failed to load commit list.
Staging - WhiteSource for GitHub.com / Mend Security Check failed May 23, 2024 in 3m 3s

Security Report

You have successfully remediated 34 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2021-23648

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/@braintree/sanitize-url/package.json

Dependency Hierarchy:

-> swagger-ui-4.1.3.tgz (Root Library)

   -> ❌ sanitize-url-5.0.2.tgz (Vulnerable Library)

Medium 6.1 sanitize-url-5.0.2.tgz Upgrade to version: @braintree/sanitize-url - 6.0.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-0235 node-fetch-1.7.3.tgz
CVE-2020-7693 sockjs-0.3.18.tgz
CVE-2022-24773 node-forge-0.10.0.tgz
CVE-2021-26540 sanitize-html-1.27.5.tgz
CVE-2021-26539 sanitize-html-1.27.5.tgz
CVE-2020-28500 lodash-4.17.2.tgz
CVE-2018-14732 webpack-dev-server-2.5.0.tgz
CVE-2022-24772 node-forge-0.10.0.tgz
CVE-2022-46175 json5-0.5.1.tgz
CVE-2022-24771 node-forge-0.10.0.tgz
CVE-2018-3750 deep-extend-0.4.1.tgz
CVE-2018-16487 lodash-4.17.2.tgz
WS-2018-0593 swagger-ui-3.2.2.tgz
WS-2022-0008 node-forge-0.10.0.tgz
CVE-2018-3721 lodash-4.17.2.tgz
WS-2019-0171 swagger-ui-3.2.2.tgz
CVE-2020-7608 yargs-parser-4.2.1.tgz
CVE-2019-1010266 lodash-4.17.2.tgz
WS-2019-0540 autolinker-0.28.1.tgz
CVE-2018-25031 swagger-ui-3.2.2.tgz
CVE-2022-37601 loader-utils-0.2.17.tgz
WS-2019-0172 swagger-ui-3.2.2.tgz
WS-2017-3770 autolinker-0.28.1.tgz
CVE-2022-25887 sanitize-html-1.27.5.tgz
CVE-2021-23424 ansi-html-0.0.7.tgz
CVE-2021-23337 lodash-4.17.2.tgz
CVE-2021-33623 trim-newlines-1.0.0.tgz
CVE-2020-8203 lodash-4.17.2.tgz
CVE-2022-0122 node-forge-0.10.0.tgz
CVE-2019-17495 swagger-ui-3.2.2.tgz
CVE-2020-28469 glob-parent-2.0.0.tgz
CVE-2020-15168 node-fetch-1.7.3.tgz
CVE-2022-1650 eventsource-0.1.6.tgz
CVE-2019-10744 lodash-4.17.2.tgz

Base branch total remaining vulnerabilities: 49
Base branch commit: f8c8e4d7f6a25f19e287fb835f5e22f9ee447de7


Total libraries scanned: 316

Scan token: 8fe136407e814d94a052fb1bff71743f