[Discover-next] Add query editor extensions (#7034)
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
WS-2017-3772Vulnerable Source Files: ❌ /packages/osd-ui-framework/node_modules/underscore.string/unescapeHTML.js |
 High |
7.5 | juice-shopjuice-shop-14.0.0_node14_darwin_x64 | Upgrade to version: underscore.string - 3.3.5 | #4734 |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/ws/package.json Dependency Hierarchy: -> cli-1.10.4.tgz (Root Library) -> cli-command-1.10.4.tgz -> core-1.10.4.tgz -> ❌ ws-8.5.0.tgz (Vulnerable Library) |
High |
7.5 | ws-8.5.0.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | None |
CVE-2024-37890Path to dependency file: /package.json Path to vulnerable library: /node_modules/jsdom/node_modules/ws/package.json Dependency Hierarchy: -> jest-27.5.1.tgz (Root Library) -> core-27.5.1.tgz -> jest-config-27.5.1.tgz -> jest-environment-jsdom-27.5.1.tgz -> jsdom-16.7.0.tgz -> ❌ ws-7.5.7.tgz (Vulnerable Library) |
High |
7.5 | ws-7.5.7.tgz | Upgrade to version: ws - 5.2.4,6.2.3,7.5.10,8.17.1 | None |
CVE-2023-26156Path to dependency file: /package.json Path to vulnerable library: /node_modules/chromedriver/package.json Dependency Hierarchy: -> ❌ chromedriver-107.0.3.tgz (Vulnerable Library) |
High |
7.5 | chromedriver-107.0.3.tgz | Upgrade to version: chromedriver - 119.0.1 | None |
 Medium |
5.3 | juice-shopjuice-shop-14.0.0_node14_darwin_x64 | Upgrade to version: micromatch - 4.0.6 | #6791 |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| WS-2017-3772 | juice-shop-juice-shop-14.5.1_node16_darwin_x64 |
| CVE-2023-28155 | request-2.88.12.tgz |
| CVE-2024-4067 | juice-shop-juice-shop-15.2.0_node16_win32_x64 |
Base branch total remaining vulnerabilities: 16
Base branch commit: 4f54049fc2ffe2977c40e4de0869967a23dba5ff
Total libraries scanned: 2410
Scan token: dadddf9a5734493181f36bf3200ea5c1