Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency yeoman-generator to v6 - autoclosed #301

Closed

Update dependency yeoman-generator to v6

dda7003
Select commit
Loading
Failed to load commit list.
Closed

Update dependency yeoman-generator to v6 - autoclosed #301

Update dependency yeoman-generator to v6
dda7003
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jan 30, 2024 in 11m 26s

Security Report

You have successfully remediated 232 vulnerabilities, but introduced 9 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-26136

Path to dependency file: /packages/react-server-cli/package.json

Path to vulnerable library: /packages/react-server-cli/node_modules/tough-cookie/package.json,/package.json

Dependency Hierarchy:

-> less-2.7.3.tgz (Root Library)

   -> request-2.81.0.tgz

     -> ❌ tough-cookie-2.3.4.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.3.4.tgz Upgrade to version: tough-cookie - 4.1.3 #290
CVE-2023-26136

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-server-cli-file:packages/react-server-cli.tgz (Root Library)

   -> node-sass-4.11.0.tgz

     -> request-2.88.0.tgz

       -> ❌ tough-cookie-2.4.3.tgz (Vulnerable Library)

Critical 9.8 tough-cookie-2.4.3.tgz Upgrade to version: tough-cookie - 4.1.3 #290
CVE-2023-45133

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-server-cli-file:packages/react-server-cli.tgz (Root Library)

   -> core-7.4.3.tgz

     -> ❌ traverse-7.4.3.tgz (Vulnerable Library)

High 8.8 traverse-7.4.3.tgz Upgrade to version: @babel/traverse - 7.23.2 None
CVE-2023-5764

Path to dependency file: /packages/react-server-website/deployment/requirements.txt

Path to vulnerable library: /packages/react-server-website/deployment/requirements.txt

Dependency Hierarchy:

-> ansible-4.10.0.tar.gz (Root Library)

   -> ❌ ansible-core-2.11.12.tar.gz (Vulnerable Library)

High 7.8 ansible-core-2.11.12.tar.gz Upgrade to version: ansible-core - 2.14.12,2.15.7,2.16.1 #300
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-preset-react-server-file:packages/babel-preset-react-server.tgz (Root Library)

   -> plugin-transform-runtime-7.4.3.tgz

     -> ❌ semver-5.7.0.tgz (Vulnerable Library)

High 7.5 semver-5.7.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json,/packages/react-server-cli/node_modules/node-gyp/node_modules/semver/package.json

Dependency Hierarchy:

-> node-sass-4.14.1.tgz (Root Library)

   -> node-gyp-3.8.0.tgz

     -> ❌ semver-5.3.0.tgz (Vulnerable Library)

High 7.5 semver-5.3.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2022-25883

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> babel-preset-react-server-file:packages/babel-preset-react-server.tgz (Root Library)

   -> preset-env-7.4.3.tgz

     -> core-js-compat-3.0.1.tgz

       -> ❌ semver-6.0.0.tgz (Vulnerable Library)

High 7.5 semver-6.0.0.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2023-46234

Path to dependency file: /package.json

Path to vulnerable library: /package.json

Dependency Hierarchy:

-> react-server-cli-file:packages/react-server-cli.tgz (Root Library)

   -> node-libs-browser-2.2.0.tgz

     -> crypto-browserify-3.12.0.tgz

       -> ❌ browserify-sign-4.0.4.tgz (Vulnerable Library)

Medium 6.5 browserify-sign-4.0.4.tgz Upgrade to version: browserify-sign - 4.2.2 None
CVE-2023-5115

Path to dependency file: /packages/react-server-website/deployment/requirements.txt

Path to vulnerable library: /packages/react-server-website/deployment/requirements.txt

Dependency Hierarchy:

-> ansible-4.10.0.tar.gz (Root Library)

   -> ❌ ansible-core-2.11.12.tar.gz (Vulnerable Library)

Medium 6.3 ansible-core-2.11.12.tar.gz Upgrade to version: ansible-core - 2.16.0 #299

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2022-0235 node-fetch-1.7.3.tgz
CVE-2017-20165 debug-2.2.0.tgz
CVE-2022-0144 shelljs-0.8.4.tgz
CVE-2017-15010 tough-cookie-2.3.2.tgz
CVE-2019-6284 node-sass-v4.13.1
CVE-2022-24785 moment-2.29.1.tgz
CVE-2022-0155 follow-redirects-1.14.1.tgz
CVE-2019-16777 npm-6.9.0.tgz
CVE-2018-16492 extend-3.0.0.tgz
CVE-2019-16775 npm-4.6.1.tgz
CVE-2021-44906 minimist-0.2.1.tgz
CVE-2019-10744 lodash-1.0.2.tgz
CVE-2022-37603 loader-utils-2.0.0.tgz
CVE-2018-21270 stringstream-0.0.5.tgz
CVE-2022-2217 parse-url-5.0.1.tgz
CVE-2018-19797 node-sass-v4.13.1
CVE-2019-6283 node-sass-v4.13.1
WS-2022-0239 parse-url-5.0.1.tgz
CVE-2023-5764 ansible-core-2.11.1.tar.gz
CVE-2018-19827 node-sass-v4.13.1
CVE-2020-15366 ajv-4.11.4.tgz
CVE-2019-10744 lodash.template-4.4.0.tgz
WS-2020-0163 marked-0.6.2.tgz
CVE-2022-0624 parse-path-4.0.1.tgz
CVE-2023-48795 paramiko-2.7.2-py2.py3-none-any.whl
CVE-2021-23362 hosted-git-info-2.4.2.tgz
CVE-2018-20190 node-sass-v4.13.1
CVE-2020-7754 npm-user-validate-0.1.5.tgz
CVE-2022-3517 minimatch-2.0.10.tgz
CVE-2015-9251 jquery-1.7.1.min.js
CVE-2021-27515 url-parse-1.4.6.tgz
WS-2019-0425 mocha-3.5.3.tgz
CVE-2017-16032 brace-expansion-1.1.6.tgz
CVE-2020-15168 node-fetch-2.3.0.tgz
CVE-2019-11358 jquery-1.7.2.min.js
CVE-2021-29059 is-svg-2.1.0.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2022-0512 url-parse-1.5.1.tgz
CVE-2022-25883 semver-5.7.1.tgz
CVE-2022-22984 snyk-1.19.1.tgz
CVE-2022-33987 got-6.7.1.tgz
CVE-2020-7608 yargs-parser-11.1.1.tgz
WS-2020-0180 npm-user-validate-0.1.5.tgz
CVE-2018-11694 node-sass-v4.13.1
CVE-2020-7656 jquery-1.7.1.min.js
CVE-2022-37601 loader-utils-2.0.0.tgz
CVE-2021-23337 lodash-1.0.2.tgz
CVE-2020-7608 yargs-parser-8.1.0.tgz
WS-2019-0209 marked-0.6.2.tgz
CVE-2022-3224 parse-url-5.0.1.tgz
CVE-2019-11358 jquery-1.11.1.js
CVE-2022-3517 minimatch-0.2.14.tgz
CVE-2020-7608 yargs-parser-10.1.0.tgz
WS-2018-0347 eslint-3.19.0.tgz
CVE-2022-24999 qs-2.3.3.tgz
CVE-2023-26159 follow-redirects-1.14.1.tgz
CVE-2022-24999 qs-6.7.0.tgz
CVE-2019-16776 npm-4.6.1.tgz
CVE-2018-14732 webpack-dev-server-1.16.5.tgz
CVE-2022-24441 snyk-1.19.1.tgz
CVE-2018-16487 lodash-2.4.1.js
CVE-2012-6708 jquery-1.7.2.min.js
CVE-2018-3721 lodash-2.4.1.js
CVE-2018-11698 node-sass-v4.13.1
CVE-2021-23369 handlebars-4.1.2.tgz
CVE-2022-29244 npm-4.6.1.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2017-16137 debug-2.2.0.tgz
CVE-2022-37614 mockery-2.1.0.tgz
CVE-2020-11022 jquery-1.7.1.min.js
CVE-2018-20676 bootstrap-3.2.0.min.js
CVE-2017-16129 superagent-1.8.4.tgz
CVE-2018-3737 sshpk-1.11.0.tgz
CVE-2017-16138 mime-1.3.4.tgz
WS-2020-0450 handlebars-4.1.2.tgz
CVE-2021-3749 axios-0.21.1.tgz
CVE-2019-10795 undefsafe-0.0.3.tgz
CVE-2022-0639 url-parse-1.4.6.tgz
CVE-2018-14040 bootstrap-3.2.0.min.js
CVE-2020-11023 jquery-1.7.1.min.js
CVE-2019-19919 handlebars-4.1.2.tgz
WS-2020-0180 npm-user-validate-1.0.0.tgz
CVE-2018-20822 node-sass-v4.13.1
CVE-2017-18077 brace-expansion-1.1.6.tgz
CVE-2021-3664 url-parse-1.4.6.tgz
CVE-2022-0691 url-parse-1.4.6.tgz
CVE-2021-3807 ansi-regex-5.0.0.tgz
CVE-2017-16042 growl-1.9.2.tgz
WS-2019-0063 js-yaml-3.7.0.tgz
CVE-2022-3517 minimatch-3.0.2.tgz
CVE-2021-23337 lodash-2.4.1.js
CVE-2020-8116 dot-prop-3.0.0.tgz
CVE-2023-45857 axios-0.21.1.tgz
CVE-2022-0691 url-parse-1.5.1.tgz
CVE-2020-11022 jquery-1.11.1.min.js
CVE-2021-29060 color-string-0.3.0.tgz
WS-2021-0153 ejs-2.7.4.tgz
WS-2022-0238 parse-url-5.0.1.tgz
CVE-2018-20676 bootstrap-3.3.7.tgz
CVE-2020-28500 lodash-1.0.2.tgz
CVE-2022-37599 loader-utils-2.0.0.tgz
WS-2018-0103 stringstream-0.0.5.tgz
CVE-2018-20677 bootstrap-3.3.7.tgz
WS-2020-0042 acorn-5.7.3.tgz
CVE-2019-8331 bootstrap-3.2.0.min.js
CVE-2021-23382 postcss-5.2.18.tgz
CVE-2019-6286 node-sass-v4.13.1
CVE-2022-0536 follow-redirects-1.14.1.tgz
WS-2019-0339 bin-links-1.1.2.tgz
CVE-2022-0639 url-parse-1.5.1.tgz
WS-2022-0237 parse-url-5.0.1.tgz
WS-2019-0338 bin-links-1.1.2.tgz
CVE-2020-7677 thenify-3.3.0.tgz
CVE-2022-21681 marked-0.6.2.tgz
CVE-2019-10744 lodash.template-3.6.2.tgz
CVE-2015-9251 jquery-1.11.1.js
CVE-2022-37601 loader-utils-1.4.0.tgz
CVE-2022-2218 parse-url-5.0.1.tgz
CVE-2016-10540 minimatch-2.0.10.tgz
CVE-2023-5115 ansible-core-2.11.1.tar.gz
CVE-2017-20165 debug-2.6.8.tgz
CVE-2021-3583 ansible-core-2.11.1.tar.gz
CVE-2020-11023 jquery-1.11.1.js
WS-2019-0032 js-yaml-3.7.0.tgz
CVE-2019-1010266 lodash-2.4.1.js
CVE-2021-33623 trim-newlines-2.0.0.tgz
CVE-2021-23383 handlebars-4.1.2.tgz
CVE-2018-14042 bootstrap-3.3.7.tgz
CVE-2022-1650 eventsource-1.1.0.tgz
CVE-2019-1010266 lodash-1.0.2.tgz
CVE-2018-3750 deep-extend-0.4.1.tgz
CVE-2022-21680 marked-0.6.2.tgz
CVE-2022-21803 nconf-0.7.2.tgz
CVE-2019-16775 npm-6.9.0.tgz
CVE-2019-18797 node-sass-v4.13.1
CVE-2021-44906 minimist-0.0.10.tgz
CVE-2016-10540 minimatch-0.2.14.tgz
CVE-2016-10735 bootstrap-3.3.7.tgz
CVE-2018-19839 CSS::Sass-v3.6.0
CVE-2018-14040 bootstrap-3.3.7.tgz
CVE-2022-37603 loader-utils-1.4.0.tgz
CVE-2015-9251 jquery-1.7.2.min.js
CVE-2020-15095 npm-6.9.0.tgz
CVE-2022-0686 url-parse-1.5.1.tgz
CVE-2022-2216 parse-url-5.0.1.tgz
CVE-2020-28503 documentation-v3-archive
CVE-2022-40764 snyk-1.19.1.tgz
CVE-2018-19838 node-sass-v4.13.1
WS-2019-0425 mocha-1.21.5.js
CVE-2022-31129 moment-2.29.1.tgz
CVE-2022-29078 ejs-2.7.4.tgz
CVE-2023-45133 babel-traverse-6.26.0.tgz
CVE-2021-28092 is-svg-2.1.0.tgz
CVE-2019-16777 npm-4.6.1.tgz
CVE-2021-23382 postcss-6.0.23.tgz
WS-2018-0107 open-0.0.5.tgz
CVE-2020-11022 jquery-1.11.1.js
CVE-2018-16487 lodash-1.0.2.tgz
CVE-2018-14042 bootstrap-3.2.0.min.js
CVE-2020-7598 minimist-0.0.10.tgz
CVE-2019-10744 lodash.merge-4.6.1.tgz
CVE-2022-3517 minimatch-3.0.3.tgz
CVE-2022-24302 paramiko-2.7.2-py2.py3-none-any.whl
CVE-2020-15168 node-fetch-1.7.3.tgz
CVE-2018-11499 node-sass-v4.13.1
CVE-2022-0235 node-fetch-2.3.0.tgz
CVE-2022-0235 node-fetch-2.6.1.tgz
WS-2020-0127 npm-registry-fetch-3.9.0.tgz
CVE-2019-11358 jquery-1.11.1.min.js
CVE-2018-20821 node-sass-v4.13.1
CVE-2021-44906 minimist-1.2.5.tgz
CVE-2021-23807 jsonpointer-4.1.0.tgz
CVE-2020-28500 lodash-2.4.1.js
CVE-2012-6708 jquery-1.7.1.min.js
CVE-2018-11697 node-sass-v4.13.1
CVE-2019-20920 handlebars-4.1.2.tgz
CVE-2020-8203 lodash-1.0.2.tgz
CVE-2020-7608 yargs-parser-9.0.2.tgz
CVE-2019-20922 handlebars-4.1.2.tgz
CVE-2021-3664 url-parse-1.5.1.tgz
CVE-2022-25883 semver-7.3.5.tgz
CVE-2020-11022 jquery-1.7.2.min.js
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2020-7788 ini-1.3.4.tgz
CVE-2023-26115 word-wrap-1.2.3.tgz
CVE-2017-16137 debug-2.6.8.tgz
CVE-2018-11697 CSS::Sass-v3.6.0
WS-2021-0152 color-string-0.3.0.tgz
CVE-2020-28503 copy-props-1.6.0.tgz
CVE-2022-37598 uglify-js-3.5.6.tgz
CVE-2022-33987 got-3.3.1.tgz
CVE-2022-0512 url-parse-1.4.6.tgz
WS-2019-0310 https-proxy-agent-2.2.1.tgz
CVE-2022-25901 cookiejar-2.0.6.tgz
CVE-2018-20677 bootstrap-3.2.0.min.js
CVE-2021-23382 postcss-7.0.35.tgz
CVE-2020-8203 lodash-2.4.1.js
CVE-2021-25949 set-getter-0.1.0.tgz
CVE-2022-0722 parse-url-5.0.1.tgz
WS-2018-0590 diff-3.2.0.tgz
WS-2021-0638 mocha-3.5.3.tgz
CVE-2018-3721 lodash-1.0.2.tgz
CVE-2022-29078 ejs-3.1.6.tgz
CVE-2015-9251 jquery-1.11.1.min.js
CVE-2019-8331 bootstrap-3.3.7.tgz
WS-2019-0307 mem-1.1.0.tgz
CVE-2020-7754 npm-user-validate-1.0.0.tgz
CVE-2020-8116 dot-prop-4.1.1.tgz
CVE-2019-12043 remarkable-1.7.1.js
CVE-2018-19826 node-sass-v4.13.1
CVE-2016-10735 bootstrap-3.2.0.min.js
CVE-2019-15657 eslint-utils-1.3.1.tgz
CVE-2020-15366 ajv-5.5.2.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
CVE-2020-15095 npm-4.6.1.tgz
CVE-2020-7656 jquery-1.7.2.min.js
CVE-2017-1000048 qs-2.3.3.tgz
CVE-2019-12041 remarkable-1.7.1.js
CVE-2022-0686 url-parse-1.4.6.tgz
CVE-2022-2900 parse-url-5.0.1.tgz
CVE-2023-26136 tough-cookie-2.3.2.tgz
CVE-2020-11023 jquery-1.11.1.min.js
CVE-2021-23368 postcss-7.0.35.tgz
CVE-2021-3620 ansible-core-2.11.1.tar.gz
CVE-2020-11023 jquery-1.7.2.min.js
CVE-2019-16776 npm-6.9.0.tgz
CVE-2022-1650 eventsource-0.1.6.tgz
CVE-2017-18869 chownr-1.0.1.tgz
CVE-2020-7608 yargs-parser-2.4.1.tgz
CVE-2022-29244 npm-6.9.0.tgz
CVE-2021-23425 trim-off-newlines-1.0.1.tgz
CVE-2022-25858 terser-4.8.0.tgz

Base branch total remaining vulnerabilities: 378
Base branch commit: null


Total libraries scanned: 1931

Scan token: ba08d1595188417eb757096b2bb268f5