Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x] fix for quickrange to use datemath to parse datetime strings #6834

Merged
merged 1 commit into from
Jun 4, 2024

fix for quickrange to use datemath to parse datetime strings (#6782)

d31c892
Select commit
Loading
Failed to load commit list.
Merged

[Backport 2.x] fix for quickrange to use datemath to parse datetime strings #6834

fix for quickrange to use datemath to parse datetime strings (#6782)
d31c892
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed May 24, 2024 in 8m 23s

Security Report

You have successfully remediated 6 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2017-3772

Vulnerable Source Files:

❌ /packages/osd-ui-framework/node_modules/underscore.string/unescapeHTML.js

 High 7.5 juice-shopjuice-shop-14.0.0_node14_darwin_x64 Upgrade to version: underscore.string - 3.3.5 #4734
CVE-2024-4068

Vulnerable Source Files:

❌ /packages/osd-ui-framework/node_modules/braces/lib/parse.js

 High 7.5 lportalliferay-ce-portal-src-7.3.5-ga6-20200930172312275 Upgrade to version: braces - 3.0.3 #6792
CVE-2023-26156

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/chromedriver/package.json

Dependency Hierarchy:

-> ❌ chromedriver-107.0.3.tgz (Vulnerable Library)

High 7.5 chromedriver-107.0.3.tgz Upgrade to version: chromedriver - 119.0.1 None
CVE-2019-20149
 High 7.5 lportalliferay-ce-portal-src-7.3.5-ga6-20200930172312275 Upgrade to version: 6.0.3 #4726
CVE-2024-4067
 Medium 5.3 juice-shopjuice-shop-14.0.0_node14_darwin_x64 Upgrade to version: micromatch - 4.0.6 #6791
CVE-2024-4067
 Medium 5.3 lportalliferay-ce-portal-src-7.3.5-ga6-20200930172312275 Upgrade to version: micromatch - 4.0.6 #6791

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-4067 processmaker-processmaker-3.5.7-community
CVE-2019-20149 juice-shop-juice-shop-15.2.0_node16_win32_x64
CVE-2023-28155 request-2.88.12.tgz
CVE-2024-4067 juice-shop-juice-shop-15.2.0_node16_win32_x64
WS-2017-3772 juice-shop-juice-shop-14.5.1_node16_darwin_x64
CVE-2024-4068 juice-shop-juice-shop-15.2.0_node16_win32_x64

Base branch total remaining vulnerabilities: 26
Base branch commit: 347639f4ad9e3e856a21bae48b161bfc64434644


Total libraries scanned: 2528

Scan token: d3105f382d0540bd8258181d9b17027c

View more details on Mend for GitHub.com