Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency eslint to v7.24.0 #255

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency eslint to v7.24.0

0810ebf
Select commit
Loading
Failed to load commit list.
Open

Update dependency eslint to v7.24.0 #255

Update dependency eslint to v7.24.0
0810ebf
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jan 2, 2025 in 13m 58s

Security Report

You have successfully remediated 141 vulnerabilities, but introduced 106 new vulnerabilities in this branch.

❌ New vulnerabilities:

Partial results (61 vulnerabilities) are displayed below due to a content size limitation in GitHub. To view information on the remaining vulnerabilities, navigate to the Mend Application.


CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-47875

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ dompurify-2.0.17.tgz (Vulnerable Library)

Critical 10.0 dompurify-2.0.17.tgz Upgrade to version: dompurify - 2.5.0,3.1.3 #292
WS-2022-0280

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ moment-timezone-0.5.27.tgz (Vulnerable Library)

Critical 9.8 moment-timezone-0.5.27.tgz Upgrade to version: moment-timezone - 0.5.35 #162
WS-2021-0153

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> ❌ ejs-3.1.3.tgz (Vulnerable Library)

Critical 9.8 ejs-3.1.3.tgz Upgrade to version: ejs - 3.1.6 None
CVE-2022-37601

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> file-loader-2.0.0.tgz (Root Library)

   -> ❌ loader-utils-1.1.0.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.1.0.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #166
CVE-2022-37601

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> webpack-cli-3.3.11.tgz (Root Library)

   -> ❌ loader-utils-1.2.3.tgz (Vulnerable Library)

Critical 9.8 loader-utils-1.2.3.tgz Upgrade to version: loader-utils - 1.4.1,2.0.3 #166
CVE-2022-29078

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> ❌ ejs-3.1.3.tgz (Vulnerable Library)

Critical 9.8 ejs-3.1.3.tgz Upgrade to version: ejs - v3.1.7 None
CVE-2021-42740

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> browserify-13.3.0.tgz

     -> ❌ shell-quote-1.6.1.tgz (Vulnerable Library)

Critical 9.8 shell-quote-1.6.1.tgz Upgrade to version: shell-quote - 1.7.3 #153
CVE-2021-3757

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> react-6.1.17.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ immer-1.10.0.tgz (Vulnerable Library)

Critical 9.8 immer-1.10.0.tgz Upgrade to version: immer - 9.0.6 #67
CVE-2021-3757

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> toolkit-1.4.0.tgz (Root Library)

   -> ❌ immer-7.0.7.tgz (Vulnerable Library)

Critical 9.8 immer-7.0.7.tgz Upgrade to version: immer - 9.0.6 #67
CVE-2023-45133

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> plugin-proposal-function-sent-7.12.1.tgz (Root Library)

   -> helper-wrap-function-7.10.4.tgz

     -> ❌ traverse-7.10.5.tgz (Vulnerable Library)

Critical 9.3 traverse-7.10.5.tgz Upgrade to version: @babel/traverse - 7.23.2 #237
CVE-2023-45133

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> styled-components-5.2.1.tgz (Root Library)

   -> ❌ traverse-7.12.12.tgz (Vulnerable Library)

Critical 9.3 traverse-7.12.12.tgz Upgrade to version: @babel/traverse - 7.23.2 #237
CVE-2023-45133

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> core-7.12.9.tgz (Root Library)

   -> ❌ traverse-7.12.9.tgz (Vulnerable Library)

Critical 9.3 traverse-7.12.9.tgz Upgrade to version: @babel/traverse - 7.23.2 #237
WS-2022-0284

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ moment-timezone-0.5.27.tgz (Vulnerable Library)

Critical 9.1 moment-timezone-0.5.27.tgz Upgrade to version: moment-timezone - 0.5.35 #161
CVE-2024-48910

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ dompurify-2.0.17.tgz (Vulnerable Library)

Critical 9.1 dompurify-2.0.17.tgz Upgrade to version: DOMPurify - 2.4.2 #303
CVE-2024-33883

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> ❌ ejs-3.1.3.tgz (Vulnerable Library)

High 8.8 ejs-3.1.3.tgz Upgrade to version: ejs - 3.1.10 None
CVE-2021-37713

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ tar-6.0.2.tgz (Vulnerable Library)

High 8.2 tar-6.0.2.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 #72
CVE-2021-37712

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ tar-6.0.2.tgz (Vulnerable Library)

High 8.2 tar-6.0.2.tgz Upgrade to version: tar - 4.4.18,5.0.10,6.1.9 #68
CVE-2021-37701

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ tar-6.0.2.tgz (Vulnerable Library)

High 8.2 tar-6.0.2.tgz Upgrade to version: tar - 4.4.16,5.0.8,6.1.7 #66
CVE-2021-32804

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ tar-6.0.2.tgz (Vulnerable Library)

High 8.2 tar-6.0.2.tgz Upgrade to version: tar - 3.2.2, 4.4.14, 5.0.6, 6.1.1 #62
CVE-2021-32803

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ tar-6.0.2.tgz (Vulnerable Library)

High 8.2 tar-6.0.2.tgz Upgrade to version: tar - 3.2.3, 4.4.15, 5.0.7, 6.1.2 #63
WS-2020-0042

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> browserify-13.3.0.tgz

     -> module-deps-4.1.1.tgz

       -> detective-4.7.1.tgz

         -> ❌ acorn-5.7.1.tgz (Vulnerable Library)

High 7.5 acorn-5.7.1.tgz Upgrade to version: acorn - 5.7.4,6.4.1,7.1.1 #300
WS-2020-0042

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> webpack-4.42.1.tgz (Root Library)

   -> ❌ acorn-6.3.0.tgz (Vulnerable Library)

High 7.5 acorn-6.3.0.tgz Upgrade to version: acorn - 5.7.4,6.4.1,7.1.1 #300
WS-2020-0042

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> browserify-13.3.0.tgz

     -> insert-module-globals-7.2.0.tgz

       -> acorn-node-1.5.2.tgz

         -> acorn-dynamic-import-3.0.0.tgz

           -> ❌ acorn-5.7.3.tgz (Vulnerable Library)

High 7.5 acorn-5.7.3.tgz Upgrade to version: acorn - 5.7.4,6.4.1,7.1.1 #300
CVE-2024-45590

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> express-4.17.1.tgz

       -> ❌ body-parser-1.19.0.tgz (Vulnerable Library)

High 7.5 body-parser-1.19.0.tgz Upgrade to version: body-parser - 1.20.3 None
CVE-2024-45296

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> react-router-5.1.2.tgz (Root Library)

   -> ❌ path-to-regexp-1.7.0.tgz (Vulnerable Library)

High 7.5 path-to-regexp-1.7.0.tgz Upgrade to version: path-to-regexp - 0.1.10,1.9.0,3.3.0,6.3.0,8.0.0 #284
CVE-2024-21538

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> react-6.1.17.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ cross-spawn-7.0.1.tgz (Vulnerable Library)

High 7.5 cross-spawn-7.0.1.tgz Upgrade to version: cross-spawn - 7.0.5 #304
CVE-2024-21538

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> yargs-8.0.2.tgz

     -> os-locale-2.1.0.tgz

       -> execa-0.7.0.tgz

         -> ❌ cross-spawn-5.1.0.tgz (Vulnerable Library)

High 7.5 cross-spawn-5.1.0.tgz Upgrade to version: cross-spawn - 7.0.5 #304
CVE-2022-37603

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> file-loader-2.0.0.tgz (Root Library)

   -> ❌ loader-utils-1.1.0.tgz (Vulnerable Library)

High 7.5 loader-utils-1.1.0.tgz Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1 #168
CVE-2022-37603

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> webpack-cli-3.3.11.tgz (Root Library)

   -> ❌ loader-utils-1.2.3.tgz (Vulnerable Library)

High 7.5 loader-utils-1.2.3.tgz Upgrade to version: loader-utils - 1.4.2,2.0.4,3.2.1 #168
CVE-2022-31129

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> moment-timezone-0.5.27.tgz (Root Library)

   -> ❌ moment-2.18.1.tgz (Vulnerable Library)

High 7.5 moment-2.18.1.tgz Upgrade to version: moment - 2.29.4 #155
CVE-2022-31129

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ moment-2.24.0.tgz (Vulnerable Library)

High 7.5 moment-2.24.0.tgz Upgrade to version: moment - 2.29.4 #155
CVE-2022-24999

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-knobs-6.1.17.tgz (Root Library)

   -> ❌ qs-6.9.4.tgz (Vulnerable Library)

High 7.5 qs-6.9.4.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #179
CVE-2022-24999

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> superagent-3.6.3.tgz (Root Library)

   -> ❌ qs-6.5.1.tgz (Vulnerable Library)

High 7.5 qs-6.5.1.tgz Upgrade to version: qs - 6.2.4,6.3.3,6.4.1,6.5.3,6.6.1,6.7.3,6.8.3,6.9.7,6.10.3 #179
CVE-2022-24785

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ moment-2.24.0.tgz (Vulnerable Library)

High 7.5 moment-2.24.0.tgz Upgrade to version: moment - 2.29.2 #136
CVE-2022-24785

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> moment-timezone-0.5.27.tgz (Root Library)

   -> ❌ moment-2.18.1.tgz (Vulnerable Library)

High 7.5 moment-2.18.1.tgz Upgrade to version: moment - 2.29.2 #136
CVE-2021-27292

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> rc-collapse-1.11.8.tgz (Root Library)

   -> prop-types-15.6.0.tgz

     -> fbjs-0.8.17.tgz

       -> ❌ ua-parser-js-0.7.21.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.21.tgz Upgrade to version: ua-parser-js - 0.7.24 None
CVE-2021-27292

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> glamor-2.20.40.tgz (Root Library)

   -> fbjs-0.8.16.tgz

     -> ❌ ua-parser-js-0.7.20.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.20.tgz Upgrade to version: ua-parser-js - 0.7.24 None
CVE-2021-27290

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> webpack-4.42.1.tgz (Root Library)

   -> terser-webpack-plugin-1.4.4.tgz

     -> cacache-12.0.4.tgz

       -> ❌ ssri-6.0.1.tgz (Vulnerable Library)

High 7.5 ssri-6.0.1.tgz Upgrade to version: ssri - 6.0.2,7.1.1,8.0.1 None
CVE-2021-27290

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ ssri-8.0.0.tgz (Vulnerable Library)

High 7.5 ssri-8.0.0.tgz Upgrade to version: ssri - 6.0.2,7.1.1,8.0.1 None
CVE-2020-7793

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> glamor-2.20.40.tgz (Root Library)

   -> fbjs-0.8.16.tgz

     -> ❌ ua-parser-js-0.7.20.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.20.tgz Upgrade to version: 0.7.23 None
CVE-2020-7793

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> rc-collapse-1.11.8.tgz (Root Library)

   -> prop-types-15.6.0.tgz

     -> fbjs-0.8.17.tgz

       -> ❌ ua-parser-js-0.7.21.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.21.tgz Upgrade to version: 0.7.23 None
CVE-2020-7733

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> rc-collapse-1.11.8.tgz (Root Library)

   -> prop-types-15.6.0.tgz

     -> fbjs-0.8.17.tgz

       -> ❌ ua-parser-js-0.7.21.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.21.tgz Upgrade to version: ua-parser-js - 0.7.22 None
CVE-2020-7733

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> glamor-2.20.40.tgz (Root Library)

   -> fbjs-0.8.16.tgz

     -> ❌ ua-parser-js-0.7.20.tgz (Vulnerable Library)

High 7.5 ua-parser-js-0.7.20.tgz Upgrade to version: ua-parser-js - 0.7.22 None
CVE-2020-28477

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> toolkit-1.4.0.tgz (Root Library)

   -> ❌ immer-7.0.7.tgz (Vulnerable Library)

High 7.5 immer-7.0.7.tgz Upgrade to version: v8.0.1 None
CVE-2020-28477

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> react-6.1.17.tgz (Root Library)

   -> react-dev-utils-10.2.1.tgz

     -> ❌ immer-1.10.0.tgz (Vulnerable Library)

High 7.5 immer-1.10.0.tgz Upgrade to version: v8.0.1 None
CVE-2018-16472

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> browserify-13.3.0.tgz

     -> ❌ cached-path-relative-1.0.1.tgz (Vulnerable Library)

High 7.5 cached-path-relative-1.0.1.tgz Upgrade to version: node-cached-path-relative - 1.0.2 None
CVE-2017-18214

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> moment-timezone-0.5.27.tgz (Root Library)

   -> ❌ moment-2.18.1.tgz (Vulnerable Library)

High 7.5 moment-2.18.1.tgz Upgrade to version: moment - 2.19.3 None
CVE-2024-29180

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> ❌ webpack-dev-middleware-3.7.2.tgz (Vulnerable Library)

High 7.4 webpack-dev-middleware-3.7.2.tgz Upgrade to version: webpack-dev-middleware - 5.3.4,6.1.2,7.1.0 #256
CVE-2024-45801

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ dompurify-2.0.17.tgz (Vulnerable Library)

High 7.3 dompurify-2.0.17.tgz Upgrade to version: domPurify - 2.5.4,3.1.3 #288
CVE-2021-23518

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> browserify-13.3.0.tgz

     -> ❌ cached-path-relative-1.0.1.tgz (Vulnerable Library)

High 7.3 cached-path-relative-1.0.1.tgz Upgrade to version: cached-path-relative - 1.1.0 #100
CVE-2020-7774

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> webpack-cli-3.3.11.tgz (Root Library)

   -> yargs-13.2.4.tgz

     -> ❌ y18n-4.0.0.tgz (Vulnerable Library)

High 7.3 y18n-4.0.0.tgz Upgrade to version: 3.2.2, 4.0.1, 5.0.5 None
CVE-2018-11499

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ node-sass-4.13.1.tgz (Vulnerable Library)

High 7.3 node-sass-4.13.1.tgz Upgrade to version: libsass - 3.6.0 #16
CVE-2021-23337

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ lodash-4.17.19.tgz (Vulnerable Library)

High 7.2 lodash-4.17.19.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #25
CVE-2021-23337

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> @department-of-veterans-affairs/caseflow-frontend-toolkit-2.6.1.tgz (Root Library)

   -> react-redux-5.0.6.tgz

     -> ❌ lodash-es-4.17.15.tgz (Vulnerable Library)

High 7.2 lodash-es-4.17.15.tgz Upgrade to version: lodash - 4.17.21, lodash-es - 4.17.21 #25
CVE-2022-46175

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> core-7.12.9.tgz (Root Library)

   -> ❌ json5-2.1.3.tgz (Vulnerable Library)

High 7.1 json5-2.1.3.tgz Upgrade to version: json5 - 2.2.2 #193
CVE-2022-46175

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> file-loader-2.0.0.tgz (Root Library)

   -> loader-utils-1.1.0.tgz

     -> ❌ json5-0.5.1.tgz (Vulnerable Library)

High 7.1 json5-0.5.1.tgz Upgrade to version: json5 - 2.2.2 #193
CVE-2022-0144

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> ❌ shelljs-0.8.4.tgz (Vulnerable Library)

High 7.1 shelljs-0.8.4.tgz Upgrade to version: shelljs - 0.8.5 None
CVE-2024-28863

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> addon-docs-6.1.17.tgz (Root Library)

   -> core-6.1.17.tgz

     -> terser-webpack-plugin-3.0.6.tgz

       -> cacache-15.0.5.tgz

         -> ❌ tar-6.0.2.tgz (Vulnerable Library)

Medium 6.5 tar-6.0.2.tgz Upgrade to version: tar - 6.2.1 #254
CVE-2023-46234

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> uswds-1.6.6.tgz (Root Library)

   -> browserify-13.3.0.tgz

     -> crypto-browserify-3.12.0.tgz

       -> ❌ browserify-sign-4.2.0.tgz (Vulnerable Library)

Medium 6.5 browserify-sign-4.2.0.tgz Upgrade to version: browserify-sign - 4.2.2 #235
CVE-2019-6286

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ node-sass-4.13.1.tgz (Vulnerable Library)

Medium 6.5 node-sass-4.13.1.tgz Upgrade to version: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #27
CVE-2019-6284

Path to dependency file: /client/package.json

Path to vulnerable library: /client/package.json

Dependency Hierarchy:

-> ❌ node-sass-4.13.1.tgz (Vulnerable Library)

Medium 6.5 node-sass-4.13.1.tgz Upgrade to version: node-sass - 5.0.0;Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105 #24

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2017-20165 debug-2.2.0.tgz
CVE-2021-37712 tar-6.1.0.tgz
CVE-2022-24773 node-forge-0.10.0.tgz
CVE-2021-23386 dns-packet-1.3.1.tgz
CVE-2022-24785 moment-2.29.1.tgz
CVE-2021-32804 tar-6.1.0.tgz
CVE-2018-19797 node-sass-4.14.1.tgz
CVE-2024-47875 dompurify-2.2.7.tgz
CVE-2020-11022 jquery-1.9.0.min.js
CVE-2017-20162 ms-0.7.1.tgz
CVE-2022-24771 node-forge-0.10.0.tgz
CVE-2018-20190 node-sass-4.14.1.tgz
CVE-2020-36048 engine.io-1.8.3.tgz
CVE-2020-11022 jquery-1.11.3.js
CVE-2024-21535 markdown-to-jsx-7.1.2.tgz
CVE-2024-29180 webpack-dev-middleware-3.7.3.tgz
CVE-2024-21536 http-proxy-middleware-0.19.1.tgz
WS-2018-0625 xmlbuilder-8.2.2.tgz
WS-2022-0008 node-forge-0.10.0.tgz
CVE-2018-11694 node-sass-4.14.1.tgz
CVE-2015-9251 jquery-1.11.3.js
CVE-2021-3757 immer-8.0.4.tgz
WS-2019-0425 mocha-5.2.0.tgz
CVE-2021-43138 async-2.6.3.tgz
CVE-2022-0512 url-parse-1.5.1.tgz
CVE-2020-7608 yargs-parser-11.1.1.tgz
CVE-2019-6286 node-sass-4.14.1.tgz
WS-2024-0017 dompurify-2.2.7.tgz
CVE-2023-26159 follow-redirects-1.13.3.tgz
WS-2022-0284 moment-timezone-0.5.33.tgz
CVE-2020-7608 yargs-parser-10.1.0.tgz
CVE-2024-43788 webpack-4.46.0.tgz
WS-2021-0638 mocha-5.2.0.tgz
CVE-2024-47764 cookie-0.3.1.tgz
CVE-2022-41940 engine.io-1.8.3.tgz
CVE-2024-45801 dompurify-2.2.7.tgz
CVE-2024-38355 socket.io-1.7.3.tgz
WS-2019-0425 mocha-1.8.1.js
CVE-2019-10744 lodash-3.10.1.tgz
WS-2019-0605 CSS::Sass-v3.4.11
CVE-2017-16137 debug-2.2.0.tgz
CVE-2022-46175 json5-2.2.0.tgz
CVE-2019-18797 opennms-opennms-source-26.0.0-1
CVE-2019-6284 node-sass-4.14.1.tgz
CVE-2021-23436 immer-8.0.1.tgz
CVE-2018-19827 node-sass-4.14.1.tgz
CVE-2018-20190 opennms-opennms-source-26.0.0-1
CVE-2021-3757 immer-8.0.1.tgz
CVE-2024-37890 ws-7.4.4.tgz
WS-2022-0280 moment-timezone-0.5.33.tgz
CVE-2018-19838 opennms-opennms-source-26.0.0-1
CVE-2022-24999 qs-6.10.1.tgz
CVE-2020-7598 minimist-0.0.8.tgz
CVE-2022-0691 url-parse-1.5.1.tgz
CVE-2017-20165 debug-2.3.3.tgz
CVE-2020-24025 node-sass-4.14.1.tgz
CVE-2021-23518 cached-path-relative-1.0.2.tgz
CVE-2017-16113 parsejson-0.0.3.tgz
CVE-2018-16487 lodash-3.10.1.tgz
CVE-2019-11358 jquery-3.2.1.min.js
CVE-2018-19839 node-sass-4.14.1.tgz
WS-2018-0650 useragent-2.3.0.tgz
CVE-2022-0122 node-forge-0.10.0.tgz
CVE-2021-31597 xmlhttprequest-ssl-1.5.3.tgz
CVE-2022-0639 url-parse-1.5.1.tgz
CVE-2023-26136 tough-cookie-4.0.0.tgz
CVE-2022-26592 opennms-opennms-source-26.0.0-1
CVE-2021-44906 minimist-0.0.8.tgz
WS-2020-0443 socket.io-1.7.3.tgz
CVE-2020-11023 jquery-1.9.0.min.js
CVE-2020-26311 useragent-2.3.0.tgz
CVE-2018-3721 lodash-3.10.1.tgz
CVE-2022-2421 socket.io-parser-2.3.1.tgz
CVE-2022-24772 node-forge-0.10.0.tgz
CVE-2021-33623 trim-newlines-2.0.0.tgz
CVE-2022-1650 eventsource-1.1.0.tgz
WS-2017-3757 content-type-parser-1.0.2.tgz
CVE-2019-11358 jquery-1.11.3.js
CVE-2024-4068 braces-1.8.5.tgz
CVE-2020-36049 socket.io-parser-2.3.1.tgz
CVE-2022-25901 cookiejar-2.1.2.tgz
CVE-2021-44906 minimist-0.0.10.tgz
CVE-2021-23495 karma-1.7.1.tgz
CVE-2022-0437 karma-1.7.1.tgz
CVE-2021-23436 immer-8.0.4.tgz
CVE-2018-20821 node-sass-4.14.1.tgz
CVE-2021-23364 browserslist-4.16.3.tgz
CVE-2022-0686 url-parse-1.5.1.tgz
CVE-2023-45133 traverse-7.13.15.tgz
CVE-2021-37701 tar-6.1.0.tgz
CVE-2020-28500 lodash-3.10.1.tgz
CVE-2019-6283 opennms-opennms-source-26.0.0-1
CVE-2022-31129 moment-2.29.1.tgz
CVE-2022-25883 semver-4.3.6.tgz
CVE-2024-48910 dompurify-2.2.7.tgz
CVE-2024-21538 cross-spawn-7.0.3.tgz
CVE-2021-33587 css-what-4.0.0.tgz
WS-2017-0421 ws-1.1.2.tgz
CVE-2024-28863 tar-6.1.0.tgz
CVE-2020-7598 minimist-0.0.10.tgz
CVE-2024-37890 ws-6.2.1.tgz
CVE-2022-0235 node-fetch-2.6.1.tgz
CVE-2019-6284 opennms-opennms-source-26.0.0-1
CVE-2020-28481 socket.io-1.7.3.tgz
CVE-2024-4067 micromatch-2.3.11.tgz
CVE-2020-11023 jquery-3.2.1.min.js
CVE-2022-0155 follow-redirects-1.13.3.tgz
CVE-2022-21704 log4js-0.6.38.tgz
CVE-2020-28502 xmlhttprequest-ssl-1.5.3.tgz
CVE-2019-1010266 lodash-3.10.1.tgz
CVE-2024-45296 path-to-regexp-1.8.0.tgz
CVE-2021-23337 lodash-3.10.1.tgz
CVE-2021-3664 url-parse-1.5.1.tgz
CVE-2023-44270 postcss-7.0.35.tgz
CVE-2022-25883 semver-5.5.0.tgz
CVE-2022-25883 semver-7.3.5.tgz
CVE-2023-46234 browserify-sign-4.2.1.tgz
CVE-2021-23364 browserslist-4.14.2.tgz
CVE-2015-9251 jquery-1.9.0.min.js
CVE-2020-11022 jquery-3.2.1.min.js
CVE-2017-20162 ms-0.7.2.tgz
CVE-2018-19797 opennms-opennms-source-26.0.0-1
CVE-2021-32640 ws-6.2.1.tgz
CVE-2021-32803 tar-6.1.0.tgz
CVE-2021-23382 postcss-7.0.35.tgz
CVE-2017-16137 debug-2.3.3.tgz
CVE-2019-6286 opennms-opennms-source-26.0.0-1
CVE-2020-11023 jquery-1.11.3.js
CVE-2022-0536 follow-redirects-1.13.3.tgz
CVE-2024-29180 webpack-dev-middleware-1.12.2.tgz
CVE-2018-20821 opennms-opennms-source-26.0.0-1
CVE-2021-3803 nth-check-2.0.0.tgz
CVE-2024-28849 follow-redirects-1.13.3.tgz
CVE-2021-37713 tar-6.1.0.tgz
CVE-2019-6283 node-sass-4.14.1.tgz
CVE-2020-8203 lodash-3.10.1.tgz
CVE-2021-23368 postcss-7.0.35.tgz
CVE-2021-31712 react-draft-wysiwyg-1.14.5.tgz
CVE-2018-20822 opennms-opennms-source-26.0.0-1
CVE-2021-32640 ws-7.4.4.tgz
CVE-2024-4068 braces-0.1.5.tgz

Base branch total remaining vulnerabilities: 281
Base branch commit: null


Total libraries scanned: 1979

Scan token: 0a065f201e4745eea20a2b9fd81b7ef0

View more details on Mend for GitHub.com