[Snyk] Fix for 2 vulnerabilities #105
Open
Mend Bolt for GitHub / WhiteSource Security Check
succeeded
Nov 15, 2023 in 12m 52s
Security Report
❌ New vulnerabilities:
| CVE | Severity |  CVSS Score |
Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
WS-2019-0425Path to dependency file: /public/bower_components/mousetrap/tests/mousetrap.html Path to vulnerable library: /public/bower_components/mousetrap/tests/libs/mocha-1.9.0.js Dependency Hierarchy: -> ❌ mocha-1.9.0.js (Vulnerable Library) |
 Medium |
5.3 | mocha-1.9.0.js | Upgrade to version: v6.0.0 | None |
✔️ Remediated vulnerabilities:
| CVE | Vulnerable Library |
|---|---|
| CVE-2022-0235 | node-fetch-1.7.3.tgz |
| CVE-2022-2421 | socket.io-parser-3.2.0.tgz |
| CVE-2019-10744 | lodash.template-3.6.2.tgz |
| WS-2021-0638 | mocha-2.5.3.tgz |
| CVE-2017-20165 | debug-2.2.0.tgz |
| WS-2020-0091 | http-proxy-1.15.2.tgz |
| CVE-2019-10744 | lodash-4.17.11.tgz |
| WS-2019-0425 | mocha-2.5.3.tgz |
| CVE-2022-25896 | passport-0.2.2.tgz |
| CVE-2018-16487 | lodash-4.16.6.tgz |
| CVE-2021-21368 | msgpack5-3.6.0.tgz |
| CVE-2016-10540 | minimatch-2.0.10.tgz |
| CVE-2022-24785 | moment-2.22.2.tgz |
| CVE-2020-7610 | bson-0.4.23.tgz |
| CVE-2018-3721 | lodash-3.10.1.tgz |
| CVE-2020-7733 | ua-parser-js-0.7.19.tgz |
| WS-2021-0153 | ejs-2.6.1.tgz |
| CVE-2018-14042 | bootstrap-3.3.7.tgz |
| CVE-2021-3805 | object-path-0.9.2.tgz |
| CVE-2017-20162 | ms-0.7.1.tgz |
| WS-2019-0032 | js-yaml-3.12.0.tgz |
| CVE-2019-1010266 | lodash-1.0.2.tgz |
| CVE-2019-10744 | lodash-1.0.2.tgz |
| CVE-2022-21222 | css-what-2.1.2.tgz |
| WS-2019-0209 | marked-0.5.2.tgz |
| CVE-2022-21681 | marked-0.5.2.tgz |
| CVE-2021-23358 | underscore-1.9.1.tgz |
| WS-2018-0347 | eslint-2.13.1.tgz |
| WS-2019-0247 | loopback-2.41.1.tgz |
| CVE-2020-7789 | node-notifier-4.6.1.tgz |
| CVE-2022-25901 | cookiejar-2.1.2.tgz |
| WS-2020-0344 | is-my-json-valid-2.19.0.tgz |
| CVE-2022-29078 | ejs-2.6.1.tgz |
| CVE-2021-41580 | passport-oauth2-1.4.0.tgz |
| CVE-2021-33502 | normalize-url-1.9.1.tgz |
| CVE-2016-10540 | minimatch-0.2.14.tgz |
| CVE-2020-7608 | yargs-parser-4.2.1.tgz |
| WS-2019-0024 | marked-0.5.2.tgz |
| CVE-2019-10744 | lodash-es-4.17.11.tgz |
| CVE-2020-28168 | axios-0.17.1.tgz |
| CVE-2016-10735 | bootstrap-3.3.7.tgz |
| CVE-2022-3517 | minimatch-2.0.10.tgz |
| CVE-2018-14040 | bootstrap-3.3.7.tgz |
| WS-2019-0311 | mongodb-2.2.36.tgz |
| CVE-2019-10746 | mixin-deep-1.3.1.tgz |
| CVE-2020-28481 | socket.io-2.1.1.tgz |
| CVE-2021-43138 | async-2.6.1.tgz |
| CVE-2022-37601 | loader-utils-0.2.17.tgz |
| CVE-2019-10744 | lodash-4.16.6.tgz |
| WS-2020-0342 | is-my-json-valid-2.19.0.tgz |
| CVE-2019-10747 | set-value-2.0.0.tgz |
| CVE-2017-16129 | superagent-2.3.0.tgz |
| CVE-2020-28500 | lodash-3.10.1.tgz |
| CVE-2022-24999 | qs-6.2.3.tgz |
| CVE-2020-7610 | bson-1.0.9.tgz |
| WS-2020-0163 | marked-0.5.2.tgz |
| CVE-2022-3517 | minimatch-0.3.0.tgz |
| CVE-2018-1000620 | cryptiles-2.0.5.tgz |
| CVE-2022-33987 | got-6.7.1.tgz |
| CVE-2022-25887 | sanitize-html-1.19.3.tgz |
| CVE-2021-23337 | lodash-4.17.11.tgz |
| CVE-2022-2421 | socket.io-parser-3.3.0.tgz |
| CVE-2021-26539 | sanitize-html-1.19.3.tgz |
| CVE-2020-36049 | socket.io-parser-3.2.0.tgz |
| CVE-2021-23337 | lodash-1.0.2.tgz |
| CVE-2020-7660 | serialize-javascript-1.5.0.tgz |
| CVE-2020-28500 | lodash-4.16.6.tgz |
| CVE-2022-3517 | minimatch-0.2.14.tgz |
| CVE-2020-36049 | socket.io-parser-3.3.0.tgz |
| CVE-2018-16487 | lodash-1.0.2.tgz |
| CVE-2019-10744 | lodash.merge-4.6.1.tgz |
| CVE-2021-23807 | jsonpointer-4.0.1.tgz |
| CVE-2020-28469 | glob-parent-2.0.0.tgz |
| WS-2019-0160 | loopback-connector-mongodb-1.15.2.tgz |
| CVE-2020-15168 | node-fetch-1.7.3.tgz |
| CVE-2019-10742 | axios-0.17.1.tgz |
| CVE-2020-8203 | lodash-4.17.11.tgz |
| WS-2019-0017 | clean-css-3.4.28.tgz |
| CVE-2021-23434 | object-path-0.9.2.tgz |
| CVE-2022-21680 | marked-0.5.2.tgz |
| CVE-2019-10744 | lodash-3.10.1.tgz |
| WS-2022-0280 | moment-timezone-0.5.23.tgz |
| CVE-2020-28472 | aws-sdk-2.371.0.tgz |
| CVE-2023-0842 | xml2js-0.4.19.tgz |
| CVE-2022-1365 | cross-fetch-0.0.8.tgz |
| CVE-2021-23337 | lodash-es-4.17.11.tgz |
| WS-2018-0167 | loopback-connector-mongodb-1.15.2.tgz |
| CVE-2019-1010266 | lodash-3.10.1.tgz |
| WS-2018-0590 | diff-1.4.0.tgz |
| CVE-2021-23400 | nodemailer-2.7.2.tgz |
| CVE-2020-28500 | lodash-4.17.11.tgz |
| CVE-2020-7598 | minimist-1.2.0.tgz |
| CVE-2019-16769 | serialize-javascript-1.5.0.tgz |
| CVE-2020-7793 | ua-parser-js-0.7.19.tgz |
| CVE-2020-7608 | yargs-parser-5.0.0.tgz |
| CVE-2017-16137 | debug-2.2.0.tgz |
| CVE-2020-24939 | supermixer-1.0.3.tgz |
| CVE-2022-46175 | json5-0.5.1.tgz |
| CVE-2020-8203 | lodash-1.0.2.tgz |
| CVE-2020-8244 | bl-1.2.2.tgz |
| CVE-2021-27292 | ua-parser-js-0.7.19.tgz |
| CVE-2021-23337 | lodash-3.10.1.tgz |
| CVE-2019-10747 | set-value-0.4.3.tgz |
| WS-2019-0063 | js-yaml-3.12.0.tgz |
| CVE-2019-10795 | undefsafe-2.0.2.tgz |
| CVE-2015-8857 | uglify-js-2.2.5.tgz |
| CVE-2021-32640 | ws-6.1.2.tgz |
| CVE-2016-10540 | minimatch-0.3.0.tgz |
| CVE-2022-38900 | decode-uri-component-0.2.0.tgz |
| CVE-2020-7769 | nodemailer-2.7.2.tgz |
| CVE-2020-15256 | object-path-0.9.2.tgz |
| CVE-2023-28155 | request-2.81.0.tgz |
| CVE-2020-28502 | xmlhttprequest-ssl-1.5.5.tgz |
| CVE-2019-2391 | bson-0.4.23.tgz |
| CVE-2020-8116 | dot-prop-4.2.0.tgz |
| CVE-2021-23440 | set-value-0.4.3.tgz |
| CVE-2020-15366 | ajv-6.6.1.tgz |
| CVE-2021-26540 | sanitize-html-1.19.3.tgz |
| WS-2020-0443 | socket.io-2.1.1.tgz |
| CVE-2020-7661 | url-regex-3.2.0.tgz |
| CVE-2021-23337 | lodash-4.16.6.tgz |
| CVE-2020-7598 | minimist-0.0.8.tgz |
| CVE-2017-16042 | growl-1.9.2.tgz |
| CVE-2021-31597 | xmlhttprequest-ssl-1.5.5.tgz |
| CVE-2021-23440 | set-value-2.0.0.tgz |
| CVE-2020-28469 | glob-parent-3.1.0.tgz |
| CVE-2018-3721 | lodash-1.0.2.tgz |
| CVE-2021-3749 | axios-0.17.1.tgz |
| WS-2022-0284 | moment-timezone-0.5.23.tgz |
| CVE-2019-8331 | bootstrap-3.3.7.tgz |
| CVE-2021-44906 | minimist-1.2.0.tgz |
| CVE-2018-3721 | lodash-4.16.6.tgz |
| CVE-2018-20676 | bootstrap-3.3.7.tgz |
| WS-2019-0169 | marked-0.5.2.tgz |
| CVE-2019-1010266 | lodash-4.16.6.tgz |
| WS-2019-0180 | lodash.mergewith-4.6.1.tgz |
| WS-2020-0345 | jsonpointer-4.0.1.tgz |
| CVE-2020-36048 | engine.io-3.2.1.tgz |
| CVE-2020-28500 | lodash-1.0.2.tgz |
| CVE-2018-16487 | lodash-3.10.1.tgz |
| WS-2019-0217 | constantinople-3.0.2.tgz |
| CVE-2023-28155 | request-2.88.0.tgz |
| WS-2019-0289 | helmet-csp-1.2.2.tgz |
| CVE-2015-8858 | uglify-js-2.2.5.tgz |
| CVE-2022-31129 | moment-2.22.2.tgz |
| CVE-2022-25896 | passport-0.3.2.tgz |
| CVE-2020-8203 | lodash-3.10.1.tgz |
| CVE-2018-3728 | hoek-2.16.3.tgz |
| CVE-2018-20677 | bootstrap-3.3.7.tgz |
| WS-2020-0042 | acorn-5.7.3.tgz |
| CVE-2019-20149 | kind-of-6.0.2.tgz |
| WS-2018-0068 | constantinople-3.0.2.tgz |
| CVE-2019-10744 | lodash.mergewith-4.6.1.tgz |
| CVE-2022-0144 | shelljs-0.6.1.tgz |
| CVE-2020-7605 | gulp-tape-0.0.9.tgz |
| CVE-2021-3765 | validator-5.7.0.tgz |
| CVE-2019-2391 | bson-1.0.9.tgz |
| CVE-2020-8203 | lodash-4.16.6.tgz |
| CVE-2021-44906 | minimist-0.0.8.tgz |
| CVE-2020-7608 | yargs-parser-2.4.1.tgz |
| CVE-2022-3517 | minimatch-3.0.4.tgz |
| CVE-2022-41940 | engine.io-3.2.1.tgz |
Base branch total remaining vulnerabilities: 172
Base branch commit: null
Total libraries scanned: 24
Scan token: c28f7213dce9480f8af07cf52a6df34b
Loading