Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency discord-api-types to v0.37.105 #153

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

fix(deps): update dependency discord-api-types to v0.37.105

d4bca99
Select commit
Loading
Failed to load commit list.
Open

fix(deps): update dependency discord-api-types to v0.37.105 #153

fix(deps): update dependency discord-api-types to v0.37.105
d4bca99
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Nov 14, 2024 in 4m 15s

Security Report

You have successfully remediated 5 vulnerabilities, but introduced 6 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-45590

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/body-parser/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ body-parser-1.20.1.tgz (Vulnerable Library)

High 7.5 body-parser-1.20.1.tgz Upgrade to version: body-parser - 1.20.3 None
CVE-2024-29041

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.18.2.tgz (Vulnerable Library)

Medium 6.1 express-4.18.2.tgz Upgrade to version: express - 4.19.0 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/node_modules/cookie/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ cookie-0.5.0.tgz (Vulnerable Library)

Medium 5.3 cookie-0.5.0.tgz Upgrade to version: cookie - 0.7.0 None
CVE-2024-43800

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/serve-static/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ serve-static-1.15.0.tgz (Vulnerable Library)

Medium 5.0 serve-static-1.15.0.tgz Upgrade to version: serve-static - 1.16.0,2.1.0 None
CVE-2024-43799

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/send/package.json

Dependency Hierarchy:

-> express-4.18.2.tgz (Root Library)

   -> ❌ send-0.18.0.tgz (Vulnerable Library)

Medium 5.0 send-0.18.0.tgz Upgrade to version: send - 0.19.0 None
CVE-2024-43796

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/express/package.json

Dependency Hierarchy:

-> ❌ express-4.18.2.tgz (Vulnerable Library)

Medium 5.0 express-4.18.2.tgz Upgrade to version: express - 4.20.0,5.0.0 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-43799 send-0.17.2.tgz
CVE-2024-45590 body-parser-1.19.2.tgz
CVE-2024-43796 express-4.17.3.tgz
CVE-2024-29041 express-4.17.3.tgz
CVE-2024-43800 serve-static-1.14.2.tgz

Base branch total remaining vulnerabilities: 39
Base branch commit: null


Total libraries scanned: 271

Scan token: 4459fb40f1e74bed91a17670933159ec

View more details on Mend Bolt for GitHub