Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEUTRAL] Update dependency nbconvert to v6 #746

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

chore(deps): update dependency nbconvert to v6

b5ef0b5
Select commit
Loading
Failed to load commit list.
Open

[NEUTRAL] Update dependency nbconvert to v6 #746

chore(deps): update dependency nbconvert to v6
b5ef0b5
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Oct 17, 2024 in 1h 7m 53s

Security Report

You have successfully remediated 12 vulnerabilities, but introduced 5 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
CVE-2024-21907

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net45/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #1182
CVE-2024-21907

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/portable-net40+sl5+wp80+win8+wpa81/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #1182
CVE-2024-21907

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net20/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #1182
CVE-2024-21907

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/net40/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #1182
CVE-2024-21907

Path to vulnerable library: /nuget/spec/fixtures/packages_configs/packages/Newtonsoft.Json.8.0.3/lib/portable-net45+wp80+win8+wpa81+dnxcore50/Newtonsoft.Json.dll

Dependency Hierarchy:

-> ❌ Newtonsoft.Json-8.0.3.19514.dll (Vulnerable Library)

High 7.5 Newtonsoft.Json-8.0.3.19514.dll Upgrade to version: Newtonsoft.Json - 13.0.1 #1182

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2021-32740 addressable-2.7.0.gem
CVE-2024-22195 Jinja2-2.11.2-py2.py3-none-any.whl
CVE-2020-28493 Jinja2-2.11.2-py2.py3-none-any.whl
CVE-2022-39286 jupyter_core-4.6.3-py2.py3-none-any.whl
CVE-2020-14343 PyYAML-5.3.1.tar.gz
CVE-2024-34064 Jinja2-2.11.2-py2.py3-none-any.whl
CVE-2023-28370 tornado-6.0.4.tar.gz
CVE-2021-34141 numpy-1.19.0-cp38-cp38-manylinux2010_x86_64.whl
CVE-2022-21797 joblib-0.16.0-py3-none-any.whl
CVE-2022-21699 ipython-7.16.1-py3-none-any.whl
WS-2023-0296 tornado-6.0.4.tar.gz
CVE-2023-24816 ipython-7.16.1-py3-none-any.whl

Base branch total remaining vulnerabilities: 445
Base branch commit: ba8cd9078c8ce0cb202767d627706711237abf71


Total libraries scanned: 2304

Scan token: 8f6b910dd37b4a77b4bef33e99d9796c

View more details on Mend for GitHub.com