Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

mgr/dashboard: bump @types/node from 12.12.62 to 20.10.4 in /src/pybind/mgr/dashboard/frontend #637

Closed
wants to merge 1 commit into from

mgr/dashboard: bump @types/node in /src/pybind/mgr/dashboard/frontend

22c99e6
Select commit
Loading
Failed to load commit list.
Closed

mgr/dashboard: bump @types/node from 12.12.62 to 20.10.4 in /src/pybind/mgr/dashboard/frontend #637

mgr/dashboard: bump @types/node in /src/pybind/mgr/dashboard/frontend
22c99e6
Select commit
Loading
Failed to load commit list.
Mend for github.com / WhiteSource Security Check failed Dec 7, 2023 in 8m 45s

Security Report

The Security Check found 29 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2019-6446

Path to dependency file: /src/pybind/mgr/diskprediction_local/requirements.txt

Path to vulnerable library: /src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/tools/cephfs/shell,/src/pybind/rgw

Dependency Hierarchy:

-> ❌ numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Critical 9.8 numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: 1.16.2 #32
CVE-2023-45133

Path to dependency file: /src/pybind/mgr/dashboard/frontend/package.json

Path to vulnerable library: /src/pybind/mgr/dashboard/frontend/package.json

Dependency Hierarchy:

-> localize-12.2.13.tgz (Root Library)

   -> core-7.8.3.tgz

     -> ❌ traverse-7.18.11.tgz (Vulnerable Library)

High 8.8 traverse-7.18.11.tgz Upgrade to version: @babel/traverse - 7.23.2 None
CVE-2022-46175

Path to dependency file: /src/pybind/mgr/dashboard/frontend/package.json

Path to vulnerable library: /src/pybind/mgr/dashboard/frontend/package.json

Dependency Hierarchy:

-> localize-12.2.13.tgz (Root Library)

   -> core-7.8.3.tgz

     -> ❌ json5-2.2.1.tgz (Vulnerable Library)

High 8.8 json5-2.2.1.tgz Upgrade to version: json5 - 2.2.2 #481
CVE-2023-46136

Path to dependency file: /src/pybind/mgr/requirements.txt

Path to vulnerable library: /src/pybind/mgr/requirements.txt

Dependency Hierarchy:

-> ❌ Werkzeug-2.2.3-py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-2.2.3-py3-none-any.whl Upgrade to version: werkzeug - 2.3.8,3.0.1 None
CVE-2023-44271

Path to dependency file: /src/pybind/rados

Path to vulnerable library: /src/pybind/rados,/src/ceph-volume,/src/tools/cephfs/top,/src/pybind/cephfs,/admin/doc-requirements.txt

Dependency Hierarchy:

-> ❌ Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl (Vulnerable Library)

High 7.5 Pillow-9.5.0-cp37-cp37m-manylinux_2_28_x86_64.whl Upgrade to version: Pillow - 10.0.0 None
CVE-2022-42969

Path to dependency file: /monitoring/ceph-mixin/tests_dashboards/requirements.txt

Path to vulnerable library: /monitoring/ceph-mixin/tests_dashboards/requirements.txt,/src/pybind/cephfs

Dependency Hierarchy:

-> ❌ py-1.10.0-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 py-1.10.0-py2.py3-none-any.whl #452
CVE-2022-34749

Path to dependency file: /src/tools/cephfs/top

Path to vulnerable library: /src/tools/cephfs/top,/src/ceph-volume,/src/pybind/cephfs,/src/pybind/rados

Dependency Hierarchy:

-> ❌ mistune-0.8.4-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 mistune-0.8.4-py2.py3-none-any.whl Upgrade to version: mistune - 2.0.3 #376
CVE-2022-31129

Path to dependency file: /src/pybind/mgr/dashboard/frontend/package.json

Path to vulnerable library: /src/pybind/mgr/dashboard/frontend/package.json

Dependency Hierarchy:

-> ❌ moment-2.29.3.tgz (Vulnerable Library)

High 7.5 moment-2.29.3.tgz Upgrade to version: moment - 2.29.4 #359
CVE-2022-25883

Path to dependency file: /src/pybind/mgr/dashboard/frontend/package.json

Path to vulnerable library: /src/pybind/mgr/dashboard/frontend/package.json

Dependency Hierarchy:

-> localize-12.2.13.tgz (Root Library)

   -> core-7.8.3.tgz

     -> ❌ semver-5.7.1.tgz (Vulnerable Library)

High 7.5 semver-5.7.1.tgz Upgrade to version: semver - 5.7.2,6.3.1,7.5.2;org.webjars.npm:semver:7.5.2 None
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2018-1128

Vulnerable Source Files:

❌ /src/auth/none/AuthNoneAuthorizeHandler.cc

❌ /src/auth/cephx/CephxAuthorizeHandler.cc

❌ /src/auth/none/AuthNoneAuthorizeHandler.h

 High 7.5 cephv17.2.5 Upgrade to version: v14.0.1 #44
CVE-2023-46446

Path to dependency file: /src/pybind/mgr/requirements.txt

Path to vulnerable library: /src/pybind/mgr/requirements.txt

Dependency Hierarchy:

-> ❌ asyncssh-2.9.0-py3-none-any.whl (Vulnerable Library)

Medium 6.8 asyncssh-2.9.0-py3-none-any.whl Upgrade to version: asyncssh - 2.14.1 None
CVE-2022-3854

Vulnerable Source Files:

❌ /src/rgw/rgw_common.cc

 Medium 6.5 cephv17.2.5 Upgrade to version: v18.0.0 #487
CVE-2022-48345

Path to dependency file: /src/pybind/mgr/dashboard/frontend/package.json

Path to vulnerable library: /src/pybind/mgr/dashboard/frontend/package.json

Dependency Hierarchy:

-> swagger-ui-4.12.0.tgz (Root Library)

   -> ❌ sanitize-url-6.0.0.tgz (Vulnerable Library)

Medium 6.1 sanitize-url-6.0.0.tgz Upgrade to version: @braintree/sanitize-url - 6.0.1 #507
CVE-2020-7656

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 1.9.0 #40
CVE-2020-11023

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 3.5.0;jquery-rails - 4.4.0 #35
CVE-2020-11022

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jQuery - 3.5.0 #36
CVE-2019-11358

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jquery - 3.4.0 #249
CVE-2015-9251

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jQuery - 3.0.0 #38
CVE-2012-6708

Path to dependency file: /qa/workunits/erasure-code/bench.html

Path to vulnerable library: /qa/workunits/erasure-code/jquery.js,/qa/workunits/erasure-code/jquery.js

Dependency Hierarchy:

-> ❌ jquery-1.8.3.js (Vulnerable Library)

Medium 6.1 jquery-1.8.3.js Upgrade to version: jQuery - v1.9.0 #33
CVE-2023-46445

Path to dependency file: /src/pybind/mgr/requirements.txt

Path to vulnerable library: /src/pybind/mgr/requirements.txt

Dependency Hierarchy:

-> ❌ asyncssh-2.9.0-py3-none-any.whl (Vulnerable Library)

Medium 5.9 asyncssh-2.9.0-py3-none-any.whl Upgrade to version: asyncssh - 2.14.1 None
CVE-2021-34141

Path to dependency file: /src/pybind/mgr/diskprediction_local/requirements.txt

Path to vulnerable library: /src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/tools/cephfs/shell,/src/pybind/rgw

Dependency Hierarchy:

-> ❌ numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: numpy - 1.22.0 #49
CVE-2021-34141

Path to dependency file: /src/pybind/mgr/requirements.txt

Path to vulnerable library: /src/pybind/mgr/requirements.txt

Dependency Hierarchy:

-> scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Root Library)

   -> ❌ numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl Upgrade to version: numpy - 1.22.0 #49
CVE-2021-33430

Path to dependency file: /src/pybind/mgr/diskprediction_local/requirements.txt

Path to vulnerable library: /src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/tools/cephfs/shell,/src/pybind/rgw

Dependency Hierarchy:

-> ❌ numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)

Medium 5.3 numpy-1.15.1-cp37-cp37m-manylinux1_x86_64.whl Upgrade to version: numpy - 1.21.0 #48

Total libraries scanned: 371
Scan token: ed67caca9c174daa9f6b9793d6fa439b
View more details on Mend for github.com