Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update module github.com/labstack/echo/v4 to v4.2.0 (master) #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update module github.com/labstack/echo/v4 to v4.2.0

6e9e1d3
Select commit
Loading
Failed to load commit list.
Open

Update module github.com/labstack/echo/v4 to v4.2.0 (master) #8

Update module github.com/labstack/echo/v4 to v4.2.0
6e9e1d3
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Apr 30, 2024 in 25m 13s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

general

https://vonagecc.jfrog.io/artifactory

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://vonagecc.jfrog.io/artifactory/maven

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

You have successfully remediated 15 vulnerabilities, but introduced 13 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Exploit Maturity EPSS Vulnerable Library Suggested Fix Issue Reachability
CVE-2022-41721

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/net-v0.0.0-20200822124328-c89045814202 Upgrade to version: v0.2.0 None
CVE-2022-32149

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/go-openapi/spec-v0.19.5 (Root Library)

   -> github.com/go-openapi/jsonreference-v0.19.3

     -> github.com/PuerkitoBio/purell-v1.1.1

       -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/text-v0.3.3 Upgrade to version: v0.3.8 None
CVE-2022-27664

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library)

High 7.5 Not Defined 0.2% golang.org/x/net-v0.0.0-20200822124328-c89045814202 Upgrade to version: golang.org/x/net - 0.0.0-20220906165146-f3363e06e74c, go1.18.6, go1.19.1 None
CVE-2022-27191

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/labstack/echo/v4-v4.2.0 (Root Library)

   -> ❌ golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a (Vulnerable Library)

High 7.5 Not Defined 0.3% golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a Upgrade to version: golang-golang-x-crypto-dev - 1:0.0git20220315.3147a52-1;golang-go.crypto-dev - 1:0.0git20220315.3147a52-1 None
CVE-2021-44716

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library)

High 7.5 Not Defined 0.2% golang.org/x/net-v0.0.0-20200822124328-c89045814202 Upgrade to version: github.com/golang/net - 491a49abca63de5e07ef554052d180a1b5fe2d70 None
CVE-2021-43565

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/labstack/echo/v4-v4.2.0 (Root Library)

   -> ❌ golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a Upgrade to version: golang-golang-x-crypto-dev - 1:0.0git20211202.5770296-1;golang-go.crypto-dev - 1:0.0git20211202.5770296-1 None
CVE-2021-38561

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/go-openapi/spec-v0.19.5 (Root Library)

   -> github.com/go-openapi/jsonreference-v0.19.3

     -> github.com/PuerkitoBio/purell-v1.1.1

       -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/text-v0.3.3 Upgrade to version: v0.3.7 None
CVE-2021-33194

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/net-v0.0.0-20200822124328-c89045814202 Upgrade to version: golang.org/x/net - v0.0.0-20210520170846-37e1c6afe023 None
CVE-2020-29652

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/labstack/echo/v4-v4.2.0 (Root Library)

   -> ❌ golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a (Vulnerable Library)

High 7.5 Not Defined 0.5% golang.org/x/crypto-v0.0.0-20200820211705-5c72a883971a Upgrade to version: v0.0.0-20201216223049-8b5274cf687f None
CVE-2020-28852

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/go-openapi/spec-v0.19.5 (Root Library)

   -> github.com/go-openapi/jsonreference-v0.19.3

     -> github.com/PuerkitoBio/purell-v1.1.1

       -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/text-v0.3.3 Upgrade to version: golang-golang-x-text-dev - 0.3.5-1,0.3.5-1 None
CVE-2020-28851

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/go-openapi/spec-v0.19.5 (Root Library)

   -> github.com/go-openapi/jsonreference-v0.19.3

     -> github.com/PuerkitoBio/purell-v1.1.1

       -> ❌ golang.org/x/text-v0.3.3 (Vulnerable Library)

High 7.5 Not Defined 0.1% golang.org/x/text-v0.3.3 Upgrade to version: golang-golang-x-text-dev - 0.3.6-1,0.3.6-1 None
CVE-2021-31525

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> ❌ golang.org/x/net-v0.0.0-20200822124328-c89045814202 (Vulnerable Library)

Medium 5.9 Not Defined 0.9% golang.org/x/net-v0.0.0-20200822124328-c89045814202 Upgrade to version: golang - v1.15.12,v1.16.4,v1.17.0 None
CVE-2022-29526

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy:

-> github.com/sirupsen/loGrUs-v1.4.2 (Root Library)

   -> ❌ golang.org/x/sys-v0.0.0-20200826173525-f9321e4c35a6 (Vulnerable Library)

Medium 5.3 Not Defined 0.2% golang.org/x/sys-v0.0.0-20200826173525-f9321e4c35a6 Upgrade to version: go1.17.10,go1.18.2,go1.19 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2020-29652 github.com/golang/crypto-v0.0.0-20200302210149-32487eceac71
CVE-2021-43565 github.com/golang/crypto-v0.0.0-20200302210149-32487eceac71
CVE-2021-31525 github.com/golang/net-v0.0.0-20200301022130-244492dfa37a
CVE-2021-44716 github.com/golang/net-v0.0.0-20200301022130-244492dfa37a
CVE-2020-28851 golang.org/x/text-v0.3.2
CVE-2020-28852 golang.org/x/text-v0.3.2
CVE-2022-27191 github.com/golang/crypto-v0.0.0-20200302210149-32487eceac71
CVE-2020-14040 golang.org/x/text-v0.3.2
CVE-2022-32149 golang.org/x/text-v0.3.2
CVE-2020-36565 github.com/labstack/echo/v4-v4.1.16
CVE-2022-29526 github.com/golang/sys-v0.0.0-20200301025734-6b2465a0221e
CVE-2022-41721 github.com/golang/net-v0.0.0-20200301022130-244492dfa37a
CVE-2021-33194 github.com/golang/net-v0.0.0-20200301022130-244492dfa37a
CVE-2022-27664 github.com/golang/net-v0.0.0-20200301022130-244492dfa37a
CVE-2021-38561 golang.org/x/text-v0.3.2

Base branch total remaining vulnerabilities: 24
Base branch commit: null


Total libraries scanned: 76

Scan token: 974a5442896845bd9286943dcac04936

View more details on Mend for GitHub.com